Greylisting is very useful to block a lot of spammers. If you don't have it enabled it is highly recommended that you do (we consistently see a 90% decrease in Spam from Greylisting alone). Although it is true that there are some Mail Providers that do not recognize a "451 - Greylisted. Please try again in XXX seconds" message, they aren't as common as you might think. I've had to add relatively few to the Greylisting Filter over the years, some out of convenience rather than necessity (such as EBay, Paypal, and Netflix). The only big names that don't pass Greylisting are generally Bulk Email Providers (like SendGrid, ExactTarget, Constant Contact, Responsys, Silverpop, Appriver) and Amazonses (which commonly has other problems other than not passing Greylisting, like not passing FCrDNS), and generally only occur because we have 3 different Incoming Gateways listed in our MX Records and when they get a 451 soft-fail they just try the next MX Record and the one after that. If you have only one Mail Server with a 2 minute Block Period they will pass Greylisting without intervention. The rest that don't pass Greylisting which are legitimate Mail Servers are very rare occurrences that I have only had to add to the Greylisting Filter on a case-by-case basis and number maybe a dozen over the years.

 

You could also add a Custom Rule as follows:

 

Rule Source: Header

Header: Return-Path

Rule Type: Regular-Expression

Weight: (variable based upon your Low/Med/High weights)

Rule Text: .*\.us$

.*\.link$

.*\.rocks$

.*\.science$

.*\.work$

.*\.pw$

.*\.info$

.*\.biz$

.*\.ninja$

.*\.cricket$

(et cetera for each top-level domain you want to catch)

 

To be honest, I rarely find anything legitimate ever coming from a .*\.us$ or .*\.info$ domains as they are primarily used by spammers, and the rest are entirely rubbish used exclusively by spammers (in my experience).

 

One of the most useful things I've used to combat spam is EHLO blocking under SMTP Blocking. Many Spam bot-nets use either the same EHLO (such as ylmf-pc) or a similar EHLO (such as ryf123.twistcommonedcare.us and ryf456.methodsworkathome.us, allowing you to block ryf*.*.us to stop the entire bot-net).

 

Also, be sure to check out Bruce's Anti-Spam document. It is very useful for configuring the base install of SmarterMail to be far more efficient at blocking Spam.

You do not say which version of SmarterMail you are running. I am on V14 and have enabled the 30 day trial of Message Sniffer. I also use the settings in Bruce's document. Before Message Sniffer most accounts on our domain were getting 10-20 spam messages through. Message Sniffer has killed virtually all of that. Now it is maybe one per day per account.

 

Also implement the ClamSup settings provided by Joe Wolf. That tool alone is catching 60-100 emails per day that are infected with harmful attachments. The combination of these 3 tools has made my mailbox so quiet that I occasionally have to send myself an email from my personal gmail account just to make sure that my SM is still working!

 

Joe