Excessive mail filtering (by alaric)

I've been taking advantage of some Christmas downtime to bring the Warhead mail system up to scratch.

We now have many layers of defence.

1. When a remote mail server tries to connect to us to send email, if they are a known blacklisted spammer or have a wrongly configured mail server, we reject them up front.
2. If they get through that, then unless they are a known good mail server, they are told to go away and come back later. Many spammers don't bother retrying mails if asked to, so this cuts out a lot of spam.
3. If they are a known good mail server or they do come back later to redeliver the email, then the message is accepted.
4. It's then sent through a content filter, which checks it for known bad signatures (viruses, scams, some spam, and phishing attempts). If it matches any, it's bounced back to the sender.
5. The content filter then runs it through SpamAssassin's battery of message scoring tests, which rate the chances of the message being spam. If it looks spammy, it's marked as looking spammy with ***SPAM*** in the subject line, but still delivered (since SpamAssassin's tests are statistical in nature, they can snag false positives)
6. Finally, the message is forwarded on, or delivered to a local mailbox, depending on the recipient.

From my existing statistics, I know that of about 15,000 messages a day, 13,000 are stopped by the first step alone (which is good, since blocking at this stage saves a whole lot of resources on our mail servers).

I'm looking forward to seeing how many of the surviving 2,000 make it past the rest of the filters 😉

No Comments

No comments yet.

RSS feed for comments on this post.

Leave a comment