Re: Spam percentage

Wed, 21 Feb 2007 19:09:04 -0800 

On 21-Feb-2007, at 13:41, Todd Reed wrote:
I've been seeing people on the list stating they are getting x% spam on their SIMS server. I'm wondering how I can parse the log to figure out the 
percentage for my server?


If it were that easy you could eliminate all the spam.


It's matter of how much spam is delivered versus how many connection  
attempts are made.  For example, on my server 80%+ of all connection  
attempts are refused right off the bat, so if every email I got was  
spam, the percentage would still be only 20%.



I get about 85,000 connection attempts per month.  70-75,000 of those  
connections never result in an email. About 3-6,000 that do are spam  
that hit SpamAssasin.  4-10,000 (it varies a lot) are 'ham' and of  
that, maybe 300 are actually spam that did not get tagged.


So, 300/85,000 = 0.3% spam getting through my anti-spam measures.


There are flaws in this system, of course (many legitimate emails may  
generate more than one connection, so the connection number is higher  
than it would be with no greylisting, for example), but overall I am  
pretty comfortable with the numbers.



Anything that I tag as spam that gets delivered anyway (like the user  
wants ALL email) I don't count, obviously.



Of those 300, nearly half are stock/image spam, and I think I've but  
a serious limit on those recently with some tweaking to SA.



What I parse to count connections is the "connection from " string in  
the maillog.  I forget what this is in SIMS, but it's there somewhere.



# echo "`grep smtpd /var/log/maillog | grep ": connect from"  | wc - 
l` + `bzgrep smtpd /var/log/maillog.* | grep ": connect from"  | wc - 
l`" | bc

85694

(that's the last 30 days, up to about 3 minutes ago)

--
Lewis Butler, Owner Covisp.net
240 S Broadway #203, 80209
mobile: 303.564.2512  fx: 303.282.1515
AIM/ichat: covisp xdi: http://public.xdi.org/=lewisbutler



#############################################################
This message is sent to you because you are subscribed to
 the mailing list <SIMS@mail.stalker.com>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>























					Reply via email to