First, I am very happy with the results. Almost no spam gets through to me. By "almost" I mean 1 in 200 or better. Those that do get through are often borderline spam. For example, because I occasionally write for Information Security, my e-mail address there receives a bunch of unsolicited press releases. I also sometimes get really short e-mail addresses that looks to me like someone wasn't really sure how to use his bulk e-mail software. But mostly, I get no spam.
Since that column, I've made the following changes:
- I've taught SpamAssassin with a bunch of "spam" and "ham." I've cut back dramatically on the number of regular expresses I use for spam-blocking in PostFix tables. In other words, I am depending on SpamAssassin more. (The long regular expressions caused my e-mail server to sink into an abyss of stalled processes once or twice.)
- I've set PostFix to remove anything with a very large spam value, and to hold anything marked as spam, but with a lower value.
- Occasionally, I use IMAP to pull down the headers on all the "held" e-mail. Usually, it is a less-than-a-minute process to pull down and visually scan the headers.
In the example, there is one e-mail message that was from someone I knew. Was it spam? It had all the characteristics. And it was forwarded a bunch of times. So, I did notice it and I read it. But, it was one of those "pass this on to everyone you know" sort of e-mails. So, well-done, SpamAssassin.
I don't use any (to speak of) anti-spam processing on my desktop. And my set-up will scale. I am not doing anything that you could not do in a very large organization.