Sam,
I forgot that even though I have "365" in my logrotate.conf file, I am
still only getting 100 days of logs . . but since the last report I have
kept about 11 months of spam messages that were not blocked by SD in a
mail folder - I have adjusted the spreadsheet accordingly and now since
the last report the successfully delivered spam has only increased by
about 2x (from 0.4% to 0.8% of all the SpamDyke lines in the logs) - see
below:
On 2017-04-20 12:05, Sam Clippinger via spamdyke-users wrote:
Nice spreadsheet! I don't have all the data you do, but just looking
at my mail logs going back 1 month (excluding mailing list traffic), I
gathered these reject/accept stats. I apologize if the formatting is
messed up:
Count Percent
DENIED_RDNS_RESOLVE 72413 58.29
DENIED_RDNS_MISSING 26924 21.67
ALLOWED 6766 5.45
DENIED_SENDER_NO_MX 4730 3.81
DENIED_BLACKLIST_NAME 4630 3.73
DENIED_GRAYLISTED 3311 2.67
DENIED_RBL_MATCH 2059 1.66
DENIED_IP_IN_CC_RDNS 1936 1.56
TIMEOUT 776 0.62
DENIED_INVALID_RECIPIENT 457 0.37
DENIED_OTHER 127 0.10
DENIED_IP_IN_RDNS 71 0.06
DENIED_HEADER_BLACKLISTED 32 0.03
DENIED_SENDER_BLACKLISTED 6 0.00
DENIED_RECIPIENT_BLACKLISTED 1 0.00
Total 124239
For the recent report I get:
102417 FILTER_RDNS_MISSING
41317 ALLOWED
35222 DENIED_RDNS_MISSING
21230 DENIED_RBL_MATCH
19200 FILTER_RBL_MATCH
6164 FILTER_EARLYTALKER
1878 FILTER_INVALID_RECIPIENT
1878 DENIED_INVALID_RECIPIENT
1347 FILTER_RELAYING
1347 DENIED_RELAYING
1068 DENIED_SENDER_NO_MX
1053 FILTER_SENDER_NO_MX
764 FILTER_RDNS_RESOLVE
576 DENIED_RDNS_RESOLVE
472 TIMEOUT
290 FILTER_WHITELIST_IP
132 ERROR(output_writeln()@log.c:104):
28 FILTER_HEADER_BLACKLIST
28 DENIED_HEADER_BLACKLISTED
24 FILTER_SENDER_BLACKLIST
24 DENIED_SENDER_BLACKLISTED
6 FILTER_OTHER
6 DENIED_OTHER
2 ERROR(smtp_filter()@spamdyke.c:1721):
2 ERROR(nihdns_mx()@dns.c:1935):
1 ERROR(smtp_filter()@spamdyke.c:922):
Clearly I don't run a high traffic server, but:
- Numerically, the missing/unresolvable rDNS tests appear to be the
most effective, though I haven't checked to see how many of those
rejections were for valid email addresses.
- For my own peace of mind, blocking subject lines with the header
blacklist has been the only way to stop persistent spammers from
reaching me via outlook.com [1] and gmail.com [2], which I'm not
willing to block outright.
Right.
- The rDNS blacklist percentage appears to be very low but it's
continually populated by my auto-blacklisting scripts and it's been
very effective against organized groups (i.e. not botnets). Even
though I rarely add to those scripts, I'm still amazed at how many new
domains it catches every day.
Are these auto scripts available?
- I also use another set of scripts to automatically unsubscribe my
users from "legitimate" mailing lists when they junk the messages
(Gmail does this too). Since my users usually can't tell the
difference between "real" spam and "legitimate" spam (and they don't
care), those scripts cut down their junk mail without blocking
constantcontact.com [3] and exacttarget.com [4] (and others like
them).
Right.
To answer your questions, you can block "To: undisclosed-recipients"
with the header blacklist filter, if that's really how it appears in
the message headers.
I'll give that a shot.
Blocking emails with no "To" line in the header
isn't something spamdyke can do right now, sorry!
OK.
Thanks!
Phil.
-- Sam Clippinger
On Apr 18, 2017, at 9:36 PM, Philip Rhoades via spamdyke-users
<spamdyke-users@spamdyke.org> wrote:
People,
It has been almost a year since the last report - here is the
updated GD Spreadsheet:
https://docs.google.com/spreadsheets/d/1GqinPR2mA0Jz-uTZ2zVJgutpiDl62HNbn2gWGNpd7Tk/pubhtml
Unfortunately the amount of spam getting through the SD filtering,
then seen by me and being moved to the spam folder has gone up
almost five times since last year . . from the information I have
now put more stuff in the black From and To lists . .
I think the main problem is that my main email address is finding
its way on to more and more spam lists . .
How can I:
- reject mails with no "To:" address
- reject mails with a "To:" address of: "undisclosed-recipients"
Thanks,
Phil.
--
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Links:
------
[1] http://outlook.com
[2] http://gmail.com
[3] http://constantcontact.com
[4] http://exacttarget.com
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
--
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
