i've been following the latest discussion of the most efficient RBLs to add and IPs to blacklist, and wonder how you guys are coming up with your numbers of spams blocked per RBL.
i assume you're doing some kind of grep on the logs that sims produces, but is there a particular methodology you're using? i guess i could just run them all through bbedit's search function and count the hits on "spam" or "blocked", or something like that... if there were, say, an applescript someone was using...
i ask because i'm curious to see how effective my settings are from month to month, and i'd like to add something to my monthly stats emails that i send to my clients - currently things like number of visits to their websites, bandwidth used, etc - to say "this month, you would have gotten an additional X emails, had i not enabled spam blocking on the email server"
because with hosting, it's all about the value-add :)
I have a rather ugly perl script that I use to sift the rejections of mail out of the logs, working in conjunction with a log roller that archives both the logs and the rejection summary and detail files. I use the rejection summary containing the 'Sending 5xx ' lines for each rejection to find blacklist rejections and to count up which list caught how many. The whole mess started on a P575 running 8.0, but while SIMS remains on that machine, the logs directory and all of the tools are now on a G4 OS X box and are very Unixy (i.e. standard Perl instead of MacPerl, shell scripts for log rolling, etc. ) In the end, what I have is not transferrable because it has grown organically in this changing environment and would take a lot of explaining and adapting to make work elsewhere.
If all you want is the number of rejections, this regular expression (Perl-compatible, but maybe egrep-compatible as well) will catch them:
/SMTP-[0-9]+.*Sending [45][0-9][0-9] [^b]/
Note however that what it is looking for is SIMS logging "Sending 5xx " where the next word doesn't start with a b (to skip the 'Sending 500 bytes' lines) and this requires SMTP logging to level 5. You also will end up with multiple lines per messages for the bozo spammers who ignore 5xx codes and keep on going.
--
Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
