Kendo wrote: ↑
SorenR wrote: ↑
I've been running my own mailserver for close to 20 years and my current domain is 16 years old. I first started working with The Internet around 1986 so I have first hand experience with a SPAM free Internet.
Same here. My domain is more than 20 years old . Always had my own mail server and for 15 years provided an Internet service in a rural area for about 600 diallup modem users who attracted spam like magnets. I have seen spam in many forms. I use about 100 email addresses and recycle most which kills all of my spam... except in this instance.
You seem to be trying to block known domains of spammers. In my case that is of no use. Simply detecting "?" would solve my problem, if only that function worked.
I look for patterns and if found I have a way in. If there are no patterns then we are dealing with BOT's and I don't have the tech stuff to stop BOT's.
I get my fair share of "rouge" SPAM too. There is always some trigger that will give it away in some form or figure...
The latest I have is emails in English, German, Persian and Portugese. The common trigger is RegEx: (https:\/\/)(.*)(\.drive\.google\.com\/open\?id\=) in the body.
I filter on "HELO", "From", "X-Envelope-From", "Subject", "Body", BodyHTML", "List-Unsubscribe" and "IPRange".
I also check specific RBL's for "SnowShoe SPAM" and "LashBack SPAM" besides the usual RBL's, SURBL's AND my extremely well trained SpamAssassin.
I have 3 levels of SPAM. Level 1 is rejected (not received), Level 2 is scored up to 6 and goes into your SPAM folder AND is forwarded to SPAMTrap user, Level 3 scored above 6 is ONLY(!) forwarded to SPAMTrap user. If False Positives are found, the SPAMTrap user can distribute.
All users INBOX and SPAM folder are used in SpamAssassin training EVERY NIGHT ... PLUS ... Level 3 SPAM and a "FalsePositive" folder in the SPAMTrap user.
Users know that is they find SPAM in the INBOX they must move it to SPAM folder (not delete it!) and visa versa. SPAM folder is cleared from time to time by a script.
My domain cover my family and friends, 5 addresses currently. This week only 3 mails later identified as SPAM evaded my defences and 1 false positive (an acknowledgement that noone reads anyway
The downside of my installation is the lack of statistical data. I sometimes have to wait a week or two to see if a particular filter work as intended.
I have all my filters in an XML file that I can change on-the-fly so I don't have to edit the script all the time.
I have custom logs that give me the "executive summary" every day, so general "maintenance" is only a 10-20 minute job.
I was wondering ... The "?" ... How does your OS display UTF-8 characters not implemented in your current codepage?