Townsville Linux Users Group

To reduce the amount of SPAM being seen by my wife and myself, I have been using GreyListing / SpamAssassin on our personal domain for several months. So far this combination has been very effective for us.  This combination is stopping over 99% of spam (up to 99.8%).

Below are our stats for the past 4 weeks:

Spam statistics as of: 16/09/2007
Total spam: 5459
Total greylisted: 4457(90.8%)
Total emails accepted by greylisting (both spam and legitimate): 451 (9.2)%
Total identified spam through to end users: 1002 (20.4%)
Identified SPAM:
Emails greylist_delayed: 58 (1.2%),  marked as spam 57 (96.6%),  NOT marked as spam 2 (3.4%)
emails via backup mx: 991 (20.2%),  marked as spam 944 (95.2%),  NOT marked as spam 48 (4.8%)
Effectiveness of Greylisting / SpamAssassin: 99.1%.  50 out of 5459 not marked as spam

Spam statistics as of: 23/09/2007
Total spam: 5167
Total greylisted: 4928(90.8%)
Total emails accepted by greylisting (both spam and legitimate): 499 (9.2)%
Total identified spam through to end users: 239 (4.4%)
Identified SPAM:
Emails greylist_delayed: 99 (1.8%),  marked as spam 98 (97.0%),  NOT marked as spam 3 (3.0%)
emails via backup mx: 151 (2.8%),  marked as spam 138 (90.2%),  NOT marked as spam 15 (9.8%)
Effectiveness of Greylisting / SpamAssassin: 99.7%.  18 out of 5167 not marked as spam

Spam statistics as of: 30/09/2007
Total spam: 6216
Total greylisted: 5950(91.2%)
Total emails accepted by greylisting (both spam and legitimate): 573 (8.8)%
Total identified spam through to end users: 266 (4.1%)
Identified SPAM:
Emails greylist_delayed: 141 (2.2%),  marked as spam 135 (95.1%),  NOT marked as spam 7 (4.9%)
emails via backup mx: 151 (2.3%),  marked as spam 128 (84.2%),  NOT marked as spam 24 (15.8%)
Effectiveness of Greylisting / SpamAssassin: 99.5%.  31 out of 6216 not marked as spam

Spam statistics as of: 07/10/2007
Total spam: 7901
Total greylisted: 7712(93.0%)
Total emails accepted by greylisting (both spam and legitimate): 581 (7.0)%
Total identified spam through to end users: 189 (2.3%)
Identified SPAM:
Emails greylist_delayed: 135 (1.6%),  marked as spam 134 (97.8%),  NOT marked as spam 3 (2.2%)
emails via backup mx: 63 (0.8%),  marked as spam 55 (85.9%),  NOT marked as spam 9 (14.1%)
Effectiveness of Greylisting / SpamAssassin: 99.8%.  12 out of 7901 not marked as spam

<!---

The table below shows the stats for the past week.  As you can see only about 0.6% of Spam is actually getting through to an end user without being tagged as Spam (and possibly being automatically handled).  These numbers don't include any extra Spam handling done within our mail clients. 

--->

One of the potential issues with our setup is that we have a backup MX which doesn't run GreyListing etc.  It does run SpamAssassin though.  When I first set the system up I found that a lot of spam was coming through via the backup MX.  In an attempt to foil this I "hid" my backup mx record like so:

1. primary mail server mx record
2. primary mx record under a different name
3. backup mail server mx record
4. primary mx record under a different name

This was working on the theory that spammers were preferentially targeting servers other than the primary MX as they tend to be less well defended.

Unfortunately this did not work (at first), and around 25% of spam came in via the backup MX (eg 781 via backup mx / (2705 stopped by breylisting + 781)  = 22% of total via backup mx

Of this 728 (93%) was successfully tagged by SpamAssassin.  So the amount of spam to the end user was still reasonably low (53). 

This was the norm until about 3 or so weeks ago, when the spammers virtually stopped using the backup MX for some reason.  I don't know of any change on the backup MX to cause this.

The systems I am currently using are:

• Postfix mta (postfix-2.3.3-2)
• postgrey greylisting server (v 1.30)
• SpamAssasin (spamassassin-3.2.2-1.el5.rf)

For more information about greylisting, see http://www.greylisting.org