Post by rfwilliams777 » Wed May 01, 2013 12:54 pm

About 87-93% of the inbound e-mail hitting my server is spam. We have been doing a pretty good job blocking it. But I got tired of the spam period. Not necessarily the spam isn't being blocked and going to junk, but I have noticed a consistent issue. The majority of these e-mails have a domain suffix of So I initially thought, set Country score in MXScan for Paulau (sp.) to some high number. As it turned out upon looking at the IP address (and the country from sender is an indicator), the majority of the spam is coming from the US or Amsterdam. Obvisouly I don't want to set these countries (or not the US) real high as all my clients are based in the US. So I have been doing some manual processing of messages that do not get spam blocked and ones that do to find consistent IP addresses. I look those IP addresses up on Arin's when there is more than one from the same Class C. If the host is contactable, I let them know about a spammer. If not, their whole class C is blocked (I put their Class C in MXScan on blacklist IP). If the host basically responds I don't care or doesn't respond at all, I block them.

In short, I think the whole spam processing might need to be rethought. It isn't the domains that are really the same but either the IP address or the class C. And what is bad is these spammers might lease 2-15 of these servers, send spam and then the next day or week go with someone else. Who knows with the IP addresses I have currently blocked if I am now "blocking" senders that are no longer sending from those Class Cs. What are your thoughts?
Re: SPAM Issue

Post by MailEnable » Thu May 02, 2013 12:39 pm

I think you should try the SpamAssassin module thats integrated with Version 7, since it has an array of tests that can be performed that are content specific (MailEnable also does alot of the tests, but SA has better content parsing rules). If you use SA within MailEnable, then you can itegrate the weighted result into the message low med high classifications, etc.
