On Wed, Jan 4, 2012 at 12:36 PM, Gary Smith <gary.sm...@holdstead.com> wrote: >> Am 03.01.2012 18:30, schrieb Stan Hoeppner: >> >> > To add to this sentiment, haven't most/all the viri/malware pushers >> > switched from an email delivery vector to drive-by downloads? I can't >> > recall the last time I saw a viral email attachment. >> >> our barracuda saw 2929 in the last year >> >> compared with 14 Mio blocked spam-mails not much but one that hits you may >> be enough for a hughe damage > > > Reindl, > > Yeah, looking at what you had wrote made me think that maybe I should go back > and check my logs. It's been a while. I have some scripts in place that > scan the logs daily looking for trends but I haven't looked at them in a > while (since the volume never hit my threshold of 50/day in over a year). > Anyway, got 2 this year with a couple hundred or so remaining email accounts. > > Jan 3 21:30:00 hsfremti01 clamsmtpd: 112A51: from=accou...@intl1.payple.com, > to=bill@*.com, status=VIRUS:Email.Phishing.Pay-44 > Jan 4 06:41:19 hsfremti01 clamsmtpd: 112C08: from=anonym...@delta.tap.net, > to=sue@*.com, status=VIRUS:Email.Trojan-290 > > I use spamassassin (2002), clamav (2004), and sqlgrey (2006). The spam > filtering seems to drop the % of email to a ridiculously low level so what's > left was always real simple to scan. > > Anyway, thought I'd give you my feedback on what you're seeing for > spam/viruses as well. >
We have about 5000 users. In use: postfix 2.8 with postscreen, sqlgrey, nolisting, amavisd-new, and clamav. RBLs: mail-abuse.com (costs money), zen.spamhaus.org (the last check, to keep their volume down) Here are some stats so far from today, which is about 1/3 of the 24 hour totals: Jan 4 Connect: 11661 Delivered: 8094 Reject total: 18525 Reject spamhaus: 172 Reject MAPS RBL+: 12453 Reject Reverse DNS: 1060 Reject address or overquota: 2293 Early Hangup: 6296 Pregreeted: 4239 Greylisted: 1361 Tagged: 1086 Quarantined: 870 Infected: 12 On some days there are hundreds of malware delivery attempts, but this can include phishing attachments.