On Thu, 2015-10-29 at 20:37 +0000, Ned Slider wrote: > Combining multiple simple rules in a meta > rule is also a great way to detect many spams. If you can find 3 or 4 > factors specific to these spam (the more unique the better), combining > them usually gives excellent results. Yep. In Exim I score 1 for sending IP address having no reverse DNS (IP > Name > the same IP address) I score 1 for HELO/EHLO not resolving to the sending IP address I score 1 for a non-existent email address 3 = IP blocked for several months ***before*** downloading the email's body. 2 = Gets connection rejected ***before*** downloading the email's body. +++ Never accept email from home user's domain names like (here is just a few) *airtelbroadband.in *adsl.alicedsl.de *dynamic.se.alltele.net *alshamil.net.ae *adsl.anteldata.net.uy *aphie.info *pools.arcor-ip.net *static.arcor-ip.net *as9105.com *as13285.net *as43234.net Don't be an idle victim of mail abuse. Fight back hard. -- Regards, Paul. England, EU. England's place is in the European Union.