From owner-freebsd-questions@freebsd.org Thu Jan 12 00:24:51 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47F5CCABC2C for ; Thu, 12 Jan 2017 00:24:51 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 132691FF5 for ; Thu, 12 Jan 2017 00:24:51 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: by mail-it0-x233.google.com with SMTP id c7so1392495itd.1 for ; Wed, 11 Jan 2017 16:24:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=GiIbTHQWe3aB1Dq/hSSvKPs0Z0x1eYGatLUbN7MDD5k=; b=bz0pMnhU/wVHeZOYmbOVwOY87W6dM4RmMkpmHqxMlg9jA/eccHYUDm1k84f+KyvgZY 2K/iXtMJQvIeQUyfPWFQ1YDc+fdVT5r/i05WqUpunKOlZfOplrSpMKaRnD+SzFLv2ofO WlreRMaD/UaNdTbraPEEFEUe4iF8ZJNnkgbotNRX07bvMuXaizUDQ+VDkT7X8dTUObDp znhfNaDSHoa+5MNcQ3RHrSwsv60usF27y3JCSaSnmHBxj1MOcrtiNAK0aAFI9AO3YNSE y34lBNFdOGXVN2sktki6avZ/mJbVeYVaUmk871feX9hraObGSf2hNdp2Go1B5QEhuNk6 xGdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=GiIbTHQWe3aB1Dq/hSSvKPs0Z0x1eYGatLUbN7MDD5k=; b=VPGFy2JSyCCgCZGS7uZwESfrBQycmrxTuwSegZmNidoSkoRjRgSTHkpozjRd0Bx9jM HLVp1wH9xAEw2I8hDsLhcIv1Zwt7SbaJyH4n5as9HbvkLRE9R/Q4YID8NEFwhUShTx6I BSRSaZGw5FnJZ9IZhwQIYUYh6tapBcqwQ+2uM/U3+bQeKGQlhGIXb0Uf2Yixw02Y8uSc COankUudxe9PmiKenMK3bIaXG0pmicHoArLSHbSaXHtZ3+albER3GrHnkSEH+Wu9Nlgc GlVy6xCZs8fADFdb0kjrg6/TjY/vc2x3ZX0/uguLFIrgVadqWG4ncU4T2j2zjzTyDc7H VpZQ== X-Gm-Message-State: AIkVDXKnwwDpqW2wn8uImjSnEI+lntAFPH/4GenTPdl+h4EZeEyzCZICWikbSjjoo2SKSzVz0raSKHHJtTQxEg== X-Received: by 10.36.88.65 with SMTP id f62mr8021994itb.89.1484180690167; Wed, 11 Jan 2017 16:24:50 -0800 (PST) MIME-Version: 1.0 Received: by 10.79.125.132 with HTTP; Wed, 11 Jan 2017 16:24:49 -0800 (PST) In-Reply-To: <8016faa3-5af4-6c2d-acdf-9b02f7f1afc8@pinyon.org> References: <2463a238-e10f-e81d-cab1-5a7eaf774590@pinyon.org> <20170111210507.2dc39818c6e9d439abb21ee6@sohara.org> <8016faa3-5af4-6c2d-acdf-9b02f7f1afc8@pinyon.org> From: Kurt Buff Date: Wed, 11 Jan 2017 16:24:49 -0800 Message-ID: Subject: Re: spamassassin not lethal anymore To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2017 00:24:51 -0000 Snippety snip... On Wed, Jan 11, 2017 at 4:13 PM, Russell L. Carter wrote: > On 01/11/17 14:05, Steve O'Hara-Smith wrote: >> >> On Wed, 11 Jan 2017 13:45:47 -0700 >> "Russell L. Carter" wrote: >> most of it botnet sourced. I've pretty much eliminated it now by a >> combination of installing dcc and razor plugins to spamassassin (reduced >> the spam getting through by 70% or so) and adding a backup MX with a free >> service that only accepts messages to relay when the primary is down (it's >> amazing how much spam stopped coming in when I did that). >> > > I'm not sure what you mean here, can you elaborate a bit more? I can > do anything I like with my MX hosts so I'm game. I *think* I'm > already doing that. I have multiple domains, and so I have a primary > MX and a couple of backup MX hosts (one of which is effectively a > passive dovecot replicator, lordy that works fantastic). The backup > MX hosts are lower priority than the primary. Are you doing something > different? A secondary MX that refuses mail when the primary is up and running foils one of the favorite tactics of spammers - they will often target the secondary MX because those are often not as up to date with anti-spam measures. Most spambots try one MX, one time only. Many spambots will try that secondary MX, get refused with a 4xx error, and not bother to try the primary MX at all. It can be a big win, in the right situation. Kurt