Not so long ago almost half of all the email I received was spam. The real effect was actually worse as I am also subscribed to a few high-traffic mailing lists which skew the statistics. I now receive virtually *zero* spam, so how has this been achieved?

Previously I was relying on a combination of SpamAssassin and Clam AntiVirus, deployed through amavisd-new. This was moderately successful, but still the spam kept leaking through.

The additional of a Greylisting solution and two Sorbs lists has eradicated spam, with no false positives.

Greylisting works by passing through recognised email instantly and artificially delaying inbound deliveries when it encounters unrecognised email. A recognised email is one that the mail server has seen attempted previously, from the same mail relay and with the same sender and recipient. The trick here is that as nearly all spammers use a bulk send-and-hope approach, they don’t attempt any retries. They have to do this as their lists are so long and databases often inaccurate, so a significant percentage of their list will not be delivered. They simply don’t have the time or inclination to post-process and retry long lists of failed deliveries.

A standard email server will queue a deferred email for a subsequent retry and it is at this point that a legitimate email will pass through the Greylisting and be successfully delivered to the intended recipient. The thresholds for delay and recognition can be fine tuned to ensure that email is not delayed unacceptably (who ever said that email was supposed to be instant?)

To augment the defence I also use Sendmail’s DNSBL feature with two of Spam and Open Relay Blocking System’s public lists:

• dul.dnsbl.sorbs.net – Dynamic IP Address ranges
• web.dnsbl.sorbs.net – Web servers which have spammer abusable vulnerabilities (e.g. FormMail scripts)

These checks take place before Greylisting so help to reduce unnecessary database activity.

Take these steps and you too can be spam free 🙂