Last couple of weeks I've been bombarded with huge amounts of spam. I think I've finally got it under control.
There were two types of spam.
First - legit spam. This is advertising material from companies I have dealt with in the last 15 years. I haven't heard from them since I bought something, and suddenly I am on a daily list showing their special of the day. These are relatively easy to deal with. Almost all of the emails have a link or a reply address or some way to turn this off. Some of the web pages make it difficult to unsubscribe. They call it unsubscribe, but I never subscribed. They often ask me to explain why I am leaving the list and I always oblige. "I never asked to be put on this list, I don't want to be on this list, and fuck you." And when you unsubscribe it takes a day or two but the emails stop. I think they are getting ready for the Christmas season.
Then there's the bastard spam. This is the hard stuff, emails coming from faked addresses selling all sorts of shit or trying to dump something bad on my system. I rarely know what they are trying to do. Spamassassin is supposed to handle this stuff, but it's efficacy is not as good as it was. I've had to take a range of steps to combat this stuff.
I found that a lot of them are coming from pseudo domains, like randomcharacters@xyz and randomcharacters@download. You can't see this in the normal view of the emails, you have to dig into the raw headers. I use mutt as my mail reader, so this is just a keystroke to show the full headers. You have to look at the first From header, the one without the colon, and see what they are saying during the SMTP envelope. That's the address you block. So I had a look at all the spam in the really big wave and it came down to a bunch of pseudo domains, so I added them to my /etc/mail/access file - xyz, bin, download, review, date, win. That stopped most of it. Anne came to me with a bunch of emails she was getting, and they were from a number of mailing companies, so I worked out their origins and blocked them too. By this time, my incoming email was pretty clean, but there were one or two still slipping through. Luckily, they were coming from three IP address ranges, like 220.127.116.11/24 and 192.168.188.0/24. So I added them to my firewall, and since then I have had several days spam-free.
I should be more vigilant and do this more regularly, but spam creeps up on me. I tolerate one or two every now and then, and then one or two a week, and then one or two a day, but suddenly it's one or two an hour and that triggers me to action.