On 3/30/2012 7:48 AM, Markus Falb wrote: > On 30.3.2012 05:26, Nataraj wrote: > >> The way that I finally got rid of all the residual spam that makes it >> through greylisting, SPF, spamassassin, clamav is to handout unique mail >> addresses and use black/whitelists. So for example if I assign an email >> address for incoming mail from a mailing list and then setup a whitelist >> entry that only allows that address to receive email from the >> mailservers that serve that mailing list and then blacklist all other >> incoming mail to that address it is very effective. > But how to tell which mailservers are "serving" that mailing list? > That's the thing SPF or similar is supposed to do, isn't it? Don't tell > me you are looking at the MX Records! Incoming and Outgoing Mailservers > are not the same necessarily. > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos clients...senders...helo... from the logs and the mailings. Usually in the bulk commercial 'legitimate' spammers there entire system is configured correctly, as are their headers, to avoid spamassassin and common mail screenings. From that you slowly whittle them down. From this I have found certain bulk mailers, especially political and real estate, have a certain grouping of outgoing relays...like 'ala'mail.net, 'ala'mode.com, vocus.com, vocsmail.com, etc... and once I got all the others out it was very evident based on the layout of the mail who is sending it...basically like 4 or 5 types... Kinda cool to start seeing the patterns.