I am in the process of reviewing the anti-spam measures on two of my Xserves (one running 10.4.3, the other 10.3.9 for now). I have Spamassassin running on both but I am evaluating their effectiveness as (especially the 10.3 server) they are both letting a fair bit of spam through.
I think that part of the problem with the default setup out of the 10.4 box is that many of the SA tests rely on net access, which doesn't seem to be enabled. I had to jump through a number of hoops to finally get baysean scanning working on 10.4 and I assume it will continue to get better as it gets trained. I have looked at extra SA .cf files, but I have so far not implemented any. Currently, what would seem to be very obvious spam mails are coming through with scores around 3. I have the server set to tag at 5, but there are so far just a few messages that are actually getting tagged.
I would like to get URI blacklisting working and I am looking at greylisting as well.
I would like to know what others are doing and what sort of success you are having fighting the spammers.
Thanks,
Miles