I've been working again on making sure my mail server does the best job it possibly can at rejecting spam and other unwanted email. I recently wrote a Postfix log file scanner that summarizes the reasons why email is being rejected. You can see the current summary here (this shows the statistics for the current day since 00:00 UTC).
A few things about this summary are interesting:
- I suspect a lot of the entries in the "HELO (unknown)" list are actual SMTP servers, relaying spam, that are misconfigured to send the wrong HELO name. Sorry, I'm not going to accept your mail.
- The "Recipient (local reject)" list of common worm destinations (adam, alex, alice, etc) is still very effective.
- Relay attempts seem rare. I had expected to see more of these, but on the other hand it still gives me a warm fuzzy feeling when relay attempts are rejected.
- I had expected the "DATA pipelining" filter to catch more. This happens when an SMTP sender ignores responses from the my server and just fires the commands through as fast as it can without waiting for acknowledgement. Perhaps all those clients happen to be caught earlier by my rejecting a "HELO hewgill.com" command, who knows.
- There are a lot of different email worms out there! I suspect that many of the previously rejected connections to my mail server would eventually have tried to deliver an email worm. But clamav still does a great job of filtering out that junk.
Even after all this, when my SMTP server rejects over 90% of the connections to it, spamassassin still catches a lot after delivery. I'm going to work on some statistics processing there so I can find out how effective that is.
Finally, I still get an annoying amount of spam landing in my inbox. The war continues.