On Thu, 2015-10-29 at 20:37 +0000, Ned Slider wrote:
Combining multiple simple rules in a meta rule is also a great way to detect many spams. If you can find 3 or 4 factors specific to these spam (the more unique the better), combining them usually gives excellent results.
Yep.
In Exim I score 1 for sending IP address having no reverse DNS (IP > Name > the same IP address) I score 1 for HELO/EHLO not resolving to the sending IP address I score 1 for a non-existent email address
3 = IP blocked for several months ***before*** downloading the email's body.
2 = Gets connection rejected ***before*** downloading the email's body.
+++
Never accept email from home user's domain names like (here is just a few)
*airtelbroadband.in *adsl.alicedsl.de *dynamic.se.alltele.net *alshamil.net.ae *adsl.anteldata.net.uy *aphie.info *pools.arcor-ip.net *static.arcor-ip.net *as9105.com *as13285.net *as43234.net
Don't be an idle victim of mail abuse. Fight back hard.