I logged in today at about 2PM to find my INBOX full of spam in spite of just having replaced the mail servers with the newest version of everything to address this.
Examining the spam I found it was all coming through mx2, and upon further examination, I found the reason for this was that I had forgot to allow smtp and smtps through the firewall on mx1. That is fixed so both servers are functioning now.
I examined the spam and found that it was all being properly scored by spam assassin but they have found ways to craft their message to not look like spam and be scored low.
And it’s not that the new filters are not working at all, there were about 20 spams in my INBOX, but 180 had been properly sent to spam. They just are sending such a huge volume that even 1-out-of-9 getting through is too much.
Frustrating this is, but being on the newest operating system with all the newest software provided some more options. I have now implemented gray listing. What this does is when a message for a person arrives from an unknown location, it sends a temporary failure result back to the sending site and refuses delivery.
RFC compliant mail systems will wait a brief period and then retry, but much spam software is not RFC compliant and just blasts it out once and moves on.
I started with a short interval because I do not want to delay legitimate e-mail unnecessarily but a longer one than initially set may be necessary.