I think the only answer is a good multilayered approach. Use a couple of good RBLs. Then make sure you are doing all the checks on headers etc. Then into spamassassin. The next step is to use fail2ban, so that any particular IP can only be used by them a couple of times before being blocked at the firewall. This has limited usefulness tbh, because they are not using their own machines. What I have done is to research addresses and found that there are certain ISPs that keep appearing in spam but not ham. I then log and block them.

It is a bit time intensive the last steps, As always, it's a trade-off

On 16 February 2014 20:52, ed <ed-bitfolk@s5h.net> wrote:

On Sun, Feb 16, 2014 at 03:13:44PM +0000, Gavin Westwood wrote:
> [...]

> Can any one provide some hints for IPTables rules or Exim config to rate
> limit my SMTP ports without interfering too much with normal mail
> operations? Alternatively, any suggestions to help Spamassassin process
> quicker/better?

> [...]

Not for SpamAssassin, but have you thought about using one of the RBLs?
Then you'd block potential junk before you start spending CPU time on
bayes filtering.

Alternatively, you could try greylising, 4xx the sending mail server IP
for thirty minutes on the first mail seen from it, then allow it. Often
this helps as most exploited spam sources don't queue.

--
Best regards,
Ed http://www.s5h.net/

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users

Keith Williams

Keith's Place www.keiths-place.co.uk

Tailor Made English www.tmenglish.org

West Norfolk RSPCA www.westnorfolkrspca.org.uk