spamfiltering

Spam filtering of my inbound mail is mainly focused around. spamassassin, which combines a large number of tests to provide a single numerical score.

On one of my MXes, I use the spamassassin milter to check messages during the delivering SMTP session. Mail that scores very highly is rejected at the SMTP level. Surprisingly (to me), a lot of mail is rejected in. this fashion. This is better than sending a bounce email because it is. sending back the reject down the same channel as was used to deliver the message, rather than sending a new email to what the headers claim is the original sender.

Unfortunately, this does not catch mail delivered to my lower priority MXes (a common spammer trick), though I've previously used the BOGUS_MX spamassassin plugin (I don't have it running at the moment though) to give extra points for such mail.

Mail which gets this far is never bounced due to spaminess. Instead, it falls into one of three buckets: probably-not-spam; maybe; probably-spam, based on the spamassassin score. probably-not-spam is for messages which spamassassin gives a 'not spam' rating; maybe if for messages which. spamassassin gives a 'spam' rating but with a borderline score. 'probably-spam' is for messages which spamassassin gives a very high score.

For outbound mail protection, I have SPF set up. SPF stores an. outbound mail policy in DNS. Anyone receiving mail claiming to be from a hawaga.org.uk email address can check this policy to determine if the mail is authorised or not. I've tried a few different policies. At the moment, the policy lists a few IP address blocks that are permitted to send, and SOFTFAILs on everything else (there are still a few places. that seem to send mail as me, such as blogger...). Previously, I've had per-user filtering, to list usernames that it was permissible to send mail from (hawaga does not have many outbound email addresses), but this isn't deployed at the moment.