Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions
On Thu, 20 Nov 2014 14:35:50 -0600, Sam Clippinger wrote: An interesting statistic to look at, I think, would be the number of connections blocked by graylisting that don't eventually return with a successful delivery. Les did a better job of calculating this (40% deliveries were never reattempted), but I think my total inbound message numbers, before and after greylisting, reflect roughly the same metric (i.e., half as many messages were accepted when using greylisting). On this topic, I found this relevant serverfault.com question: http://serverfault.com/a/436374 Quinn ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions
On Tue, 04 Nov 2014 08:05:22 -0700, BC wrote: At the suggestion of others here, I turned OFF greylisting last year, after having used it for years before that. My spam level didn't increase one bit. I think the RBL sites are pretty good at identifying spam originations, so I use that method now. So to check the usefulness of greylisting, I've done a rough study on our server. I've run three ten-day periods with different configurations, and processed the logs for each period using David Ramsden's SpamAssassin logfile analyser script [1]. The difference between greylisting enabled or disabled, all other configuration the same, is 2x the amount of messages received. During the period of greylisting, no false positives were reported by our users although they said their spam load was significantly reduced. It's hard to know from these number what the actual change in spam is, but I would venture to interpret the results and say greylisting is still helpful. You can see my spamdyke configuration here [2]. = Config 1: SA + rblsmtpd Total messages:Ham: Spam: % Spam: 90824 56264 34560 38.05% Average spam score: 11.34/4.78 Average ham score : -0.01/4.85 = Config 2: SA + spamdyke (no greylisting) Total messages:Ham: Spam: % Spam: 78271 63730 14541 18.58% Average spam score: 10.00/4.80 Average ham score : -0.05/4.85 = Config 3: sa + spamdyke + greylisting Total messages:Ham: Spam: % Spam: 39676 31763 7913 19.94% Average spam score: 13.31/4.84 Average ham score : -0.84/4.85 [1] http://www.sourcefiles.org/Log_Analyzers/sa-stats.pl [2] http://pastie.org/private/bzncofm9e0vhbez8kacnka Quinn ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions
Very interesting, thanks for running these trials! I've currently got graylisting enabled on my own server, but I've been considering turning it off. An interesting statistic to look at, I think, would be the number of connections blocked by graylisting that don't eventually return with a successful delivery. In other words, the number of spambots that are actually deterred by the graylist filter. -- Sam Clippinger On Nov 20, 2014, at 3:27 AM, Quinn Comendant qu...@strangecode.com wrote: On Tue, 04 Nov 2014 08:05:22 -0700, BC wrote: At the suggestion of others here, I turned OFF greylisting last year, after having used it for years before that. My spam level didn't increase one bit. I think the RBL sites are pretty good at identifying spam originations, so I use that method now. So to check the usefulness of greylisting, I've done a rough study on our server. I've run three ten-day periods with different configurations, and processed the logs for each period using David Ramsden's SpamAssassin logfile analyser script [1]. The difference between greylisting enabled or disabled, all other configuration the same, is 2x the amount of messages received. During the period of greylisting, no false positives were reported by our users although they said their spam load was significantly reduced. It's hard to know from these number what the actual change in spam is, but I would venture to interpret the results and say greylisting is still helpful. You can see my spamdyke configuration here [2]. = Config 1: SA + rblsmtpd Total messages:Ham: Spam: % Spam: 90824 56264 34560 38.05% Average spam score: 11.34/4.78 Average ham score : -0.01/4.85 = Config 2: SA + spamdyke (no greylisting) Total messages:Ham: Spam: % Spam: 78271 63730 14541 18.58% Average spam score: 10.00/4.80 Average ham score : -0.05/4.85 = Config 3: sa + spamdyke + greylisting Total messages:Ham: Spam: % Spam: 39676 31763 7913 19.94% Average spam score: 13.31/4.84 Average ham score : -0.84/4.85 [1] http://www.sourcefiles.org/Log_Analyzers/sa-stats.pl [2] http://pastie.org/private/bzncofm9e0vhbez8kacnka Quinn ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions
I also have some interesting graylisting stats and I have the number of graylisted attempts that never got accepted later on a retry. I am wondering what the order is for spamdyke rule checking. Is rdns missing and resolved tested before or after graylisting? A 16 hour sampling of the log shows 2335 graylisted attempts out of 5602 were never accepted later. I was able to get these stats by scanning the log into a mysql database and running some queries. Here are other results from that same 16 hour period. 10449 DENIED_RDNS_MISSING 6468DENIED_RDNS_RESOLVE 5602DENIED_GRAYLISTED 3549ALLOWED 1855DENIED_RBL_MATCH 938 DENIED_SENDER_NO_MX 700 DENIED_IP_IN_CC_RDNS 166 DENIED_BLACKLIST_IP 156 DENIED_IP_IN_RDNS 86 DENIED_OTHER 81 DENIED_RELAYING 3 DENIED_SENDER_BLACKLISTED 1 TLS_ENCRYPTED Allowed: 3549 Denied : 26504 Sum: 30053 % Spam : 88.19% -- Original Message -- From: Sam Clippinger s...@silence.org To: spamdyke users spamdyke-users@spamdyke.org Sent: 11/20/2014 12:35:50 PM Subject: Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions Very interesting, thanks for running these trials! I've currently got graylisting enabled on my own server, but I've been considering turning it off. An interesting statistic to look at, I think, would be the number of connections blocked by graylisting that don't eventually return with a successful delivery. In other words, the number of spambots that are actually deterred by the graylist filter. -- Sam Clippinger On Nov 20, 2014, at 3:27 AM, Quinn Comendant qu...@strangecode.com wrote: On Tue, 04 Nov 2014 08:05:22 -0700, BC wrote: At the suggestion of others here, I turned OFF greylisting last year, after having used it for years before that. My spam level didn't increase one bit. I think the RBL sites are pretty good at identifying spam originations, so I use that method now. So to check the usefulness of greylisting, I've done a rough study on our server. I've run three ten-day periods with different configurations, and processed the logs for each period using David Ramsden's SpamAssassin logfile analyser script [1]. The difference between greylisting enabled or disabled, all other configuration the same, is 2x the amount of messages received. During the period of greylisting, no false positives were reported by our users although they said their spam load was significantly reduced. It's hard to know from these number what the actual change in spam is, but I would venture to interpret the results and say greylisting is still helpful. You can see my spamdyke configuration here [2]. = Config 1: SA + rblsmtpd Total messages:Ham: Spam: % Spam: 90824 56264 34560 38.05% Average spam score: 11.34/4.78 Average ham score : -0.01/4.85 = Config 2: SA + spamdyke (no greylisting) Total messages:Ham: Spam: % Spam: 78271 63730 14541 18.58% Average spam score: 10.00/4.80 Average ham score : -0.05/4.85 = Config 3: sa + spamdyke + greylisting Total messages:Ham: Spam: % Spam: 39676 31763 7913 19.94% Average spam score: 13.31/4.84 Average ham score : -0.84/4.85 [1] http://www.sourcefiles.org/Log_Analyzers/sa-stats.pl [2] http://pastie.org/private/bzncofm9e0vhbez8kacnka Quinn ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Avoiding greylisting delays by making many exceptions
I'm new to greylisting, and have just set up spamdyke on a mail server with a few hundred users. Immediately my colleagues and I got annoyed with delayed deliveries to our personal addresses ;P. I'm wondering if it would be a reasonable solution to create a `graylist-exception-rdns-file` containing the top 500 or so most common reputable rdns hosts? Surely no spam would be expected to originate from rdns origins matching, e.g.: .twitter.com .apple.com .amazonses.com .gmail.com …etc Using a list such as http://moz.com/top500 might be a good start. I hope this method would allow the prevention of delivery delays from the hosts people rely on most, while still inhibiting spam from the other 99.9% of rdns hosts. Does anybody have experience using this method? I'm trying it now, and will report back if I have any issues. But I don't have a history of using greylisting, so not sure if it is a best practice. Thanks, Quinn ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions
At the suggestion of others here, I turned OFF greylisting last year, after having used it for years before that. My spam level didn't increase one bit. I think the RBL sites are pretty good at identifying spam originations, so I use thatmethod now. On 11/4/2014 12:55 AM, Quinn Comendant wrote: I'm new to greylisting, and have just set up spamdyke on a mail server with a few hundred users. Immediately my colleagues and I got annoyed with delayed deliveries to our personal addresses ;P. I'm wondering if it would be a reasonable solution to create a `graylist-exception-rdns-file` containing the top 500 or so most common reputable rdns hosts? Surely no spam would be expected to originate from rdns origins matching, e.g.: .twitter.com .apple.com .amazonses.com .gmail.com ...etc Using a list such as http://moz.com/top500 might be a good start. I hope this method would allow the prevention of delivery delays from the hosts people rely on most, while still inhibiting spam from the other 99.9% of rdns hosts. Does anybody have experience using this method? I'm trying it now, and will report back if I have any issues. But I don't have a history of using greylisting, so not sure if it is a best practice. Thanks, Quinn ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions
On Tue, 04 Nov 2014 08:05:22 -0700, BC wrote: At the suggestion of others here, I turned OFF greylisting last year, after having used it for years before that. My spam level didn't increase one bit. I think the RBL sites are pretty good at identifying spam originations, so I use thatmethod now. Hi BC, thanks for the reply. Do you have a link to that discussion you had? I'd like to know how y'all value greylisting in today's internet climate. I installed spamdyke at the same time as enabling several other spamassasin network rules. The result is, our users are seeing far less spam. But with all the changes, it's hard to say what is providing the most benefit (and what isn't). We were using rblsmtpd before, so the blocklists aren't a new aspect. Perhaps I'lll leave greylisting enabled for another week, then turn it off and go another week and compare the metrics. Quinn ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions
I also remember this discussion but it was quite a while ago. I had subsequently removed greylisting as well with no noticeable increase in spam. I did add Sam's hunter_seeker script and it did make a difference. However, I haven't seen any new websites added to that blocklist so I wonder whether that is as effective as it used to be. On 11/04/2014 02:03 PM, BC wrote: I don't have a link to the conversation, but I literally turned off greylisting and turned on using RBLs at the same time. On 11/4/2014 11:56 AM, Quinn Comendant wrote: On Tue, 04 Nov 2014 08:05:22 -0700, BC wrote: At the suggestion of others here, I turned OFF greylisting last year, after having used it for years before that. My spam level didn't increase one bit. I think the RBL sites are pretty good at identifying spam originations, so I use thatmethod now. Hi BC, thanks for the reply. Do you have a link to that discussion you had? I'd like to know how y'all value greylisting in today's internet climate. I installed spamdyke at the same time as enabling several other spamassasin network rules. The result is, our users are seeing far less spam. But with all the changes, it's hard to say what is providing the most benefit (and what isn't). We were using rblsmtpd before, so the blocklists aren't a new aspect. Perhaps I'lll leave greylisting enabled for another week, then turn it off and go another week and compare the metrics. Quinn ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users smime.p7s Description: S/MIME Cryptographic Signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions
... and I'm not using the hunter_seeker script here. On 11/4/2014 12:15 PM, Gary Gendel wrote: I also remember this discussion but it was quite a while ago. I had subsequently removed greylisting as well with no noticeable increase in spam. I did add Sam's hunter_seeker script and it did make a difference. However, I haven't seen any new websites added to that blocklist so I wonder whether that is as effective as it used to be. On 11/04/2014 02:03 PM, BC wrote: I don't have a link to the conversation, but I literally turned off greylisting and turned on using RBLs at the same time. On 11/4/2014 11:56 AM, Quinn Comendant wrote: On Tue, 04 Nov 2014 08:05:22 -0700, BC wrote: At the suggestion of others here, I turned OFF greylisting last year, after having used it for years before that. My spam level didn't increase one bit. I think the RBL sites are pretty good at identifying spam originations, so I use thatmethod now. Hi BC, thanks for the reply. Do you have a link to that discussion you had? I'd like to know how y'all value greylisting in today's internet climate. I installed spamdyke at the same time as enabling several other spamassasin network rules. The result is, our users are seeing far less spam. But with all the changes, it's hard to say what is providing the most benefit (and what isn't). We were using rblsmtpd before, so the blocklists aren't a new aspect. Perhaps I'lll leave greylisting enabled for another week, then turn it off and go another week and compare the metrics. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
