One of the most promising sounding Anti-SPAM and Anti-virus measures I've
heard of recently (can't remember where from though) is Greylisting -
http://greylisting.org/
http://projects.puremagic.com/greylisting/whitepaper.html
basically, when somebody new connects to your mail server, send them a
451 4.7.1 Please try again later
but note the details. Real mailservers will indeed come back a short time
later, at which point the mail is allowed through, and that mailserver's IP
and email addresses are marked good. Most spam sending software and viri
give up, or wait too long before coming back. The results look impressive:
http://www.phys.ualberta.ca/~jmack/grey/
I haven't implemented it myself yet.. I'm currently using several
blacklisting services on the mail server, which currently cuts out most
things trying to get in directly, but the majority of my spam though comes
in through several external ISP POP3 accounts that I maintain for
historical reasons. I manage those at client-side (spamnix in Eudora,
basically SpamAssassin wrapped in a plugin).
Given the complete lack of originating IP or envelope information when
fetching from a remote POP3 mailbox, I think I'm probably limited to
continuing to content-filter these, which is a pain as it takes forever to
download the mail, unless anybody knows any different?
Rob