James Harper <james.harper@bendigoit.com.au> writes:
. Use greylisting. I wrote my own here that has some smarts about trusting domains (eg bigpond) once a certain number of senders have been seen. I used to greylist for an hour but only 15 minutes now, and only for email with a spamassassin score above some threshold. The idea being that by waiting a bit the sender may get blacklisted in that time if I am the recipient of a new spam run.
IIRC we greylist for one second. The fact that they're retrying *at all* shows they're not spammers. We also have to whitelist bigpond :-/ Other things you didn't mention are: Laying your MXs out like this stops spammers that don't try >1 MX and that try MXs in reverse order. 10 null-mx.cyber.com.au. <--- always closed 25 20 mail.cyber.com.au. <--- one of the middle pair 30 exetel.cyber.com.au. <--- ought to always work 40 tarbaby.junkemailfilter.com. <--- teergrube We also use reject_unauth_pipelining to throw away peers if they don't wait for the server's response when they should. We also use spamhaus.org DNS RBL.