After checking my webmaster and root emails (and my dad’s email account, that he shares with EVERYONE :> ) and finding 65 THOUSAND spam messages in the Junk folders, I decided it was time to throw down the gauntlet. I’m proud to say that now I’m absolutely crushing spam.

I am using rules from razor2, dcc, pyzor, SARE and the sa-blacklist, updated daily, along with Bayesian filtering.

SpamAssassin rates incoming email using the rules, and adds the spamscore to the header. If the spamscore is high enough (4 or more in my case), it puts SPAM in the title and safely wraps the content. I then use a sieve rule to dump SPAM-titled mails into each user’s Junk folder at the end of the processing.

I took it a step further because I was PISSED at the volume I’m getting. I have NEVER gotten a false positive in all my checking, so I updated postfix to DISCARD emails with a spamscore of 10 or higher. With the high quality rules I’m using, I now have the good fortune to never even see the obvious spam anymore.

To configure postfix to drop high-scoring spam, add a line to to do header checking:

header_checks = regexp:/etc/postfix/throw_away_high_score_spam

Then create throw_away_high_score_spam and add this:

/^X-Spam-Level: \*{10}/ DISCARD


UPDATE: A few spams were slipping through at scores around 3.5, I’m dropping my SPAM score trigger to 2.0. I still have yet to get a false positive.

UPDATE UPDATE: My first and only false positive, on Bruce Schneier’s August 2008 Cryptogram newsletter. He’s always causing trouble. :> Steady on.