I’ve read a number of articles over the past few days about the possible Android botnet and Yahoo! mail. No consensus yet but that’s not necessary to stop the spam at the server level, at least in my case. Of the spam I received so far, these characteristics stand out: Only one of my mail accounts is receiving the spam. It’s not an account that usually receives spam. My long-time mail addresses that seem to have made it to most of the spam lists don’t get this spam.
Geez. I’m feeling somewhat frustrated in dealing with an ISP that has a clearly compromised IP. I’ve been getting dictionary attacks on my mailserver for the past four days from the same IP. It’s assigned to a domain name. So I did what I normally do at first - let CSF (ConfigServer Security & Firewall - a fantastic free piece of software) handle it. The IP gets blocked for an hour.
I’ve just gone through a boatload of “pseudo”-spam. Pseudo-spam is what I call legitimate e-mail that, when using a vanilla installation of Spamassassin, is marked as spam solely through the e-mail creator’s carelessness, thoughtlessness, whatever adjective you want to use (I refrained from using stupidity although I desperately wanted to). This morning, 25% of the number of e-mails that were classified as spam were actually legitimate. After analyzing the Spamassassin rules that were triggered, many rules were needlessly fired.