How did you setup your spamtrap address with postfix.. Do you have them
delivered after they are scanned by spamassassin or do you scan them and
send them on from there? If you bypass SA, how are you doing that?

If you don't mind, what tarpit settings are you using?

I am using the following:
smtp_error_sleep_time = 3s
smtp_soft_error_limit = 1
smtp_hard_error_limit = 15
smtp_junk_command_limit = 50
smtp_recipient_overshoot_limit = 500
smtp_recipient_limit = 300

Thanks!

-Brent

-----Original Message-----
From: Jerry Durand [mailto:jdurand@interstellar.com]
Sent: Friday, June 15, 2007 12:32 PM
To: users@spamassassin.apache.org
Subject: Re: Innovative Host Blacklisting Idea

On Jun 15, 2007, at 9:06 AM, hamann.w@t-online.de wrote:
> A simpler approach might be to blacklist senders that try multiple
> non-existent recipients, regardless of mx priority
>


In Postfix I tarpit after the first bad recipient and eventually disconnect.
That's cut things down quite a bit.

> BTW: at one time I was quite happy with some pre-filtering on my
> private mail (which is fetchmail ultimately feeding to SA) until I
> found that SA would no longer recognize some spam in the bayes
> section. So, if capacity permits, it might be a good idea to feed (a
> random sampling of) pre-filtered spam to sa-learn


I have a few spamtrap addresses that feed directly to sa-learn.
Seems to work pretty well.

Now to deal with the companies that send out billing, etc. through a third
party that uses the original company's return address but third- party
servers. I even had to explain SPF to an anti-virus company, not sure it
they got it.