[semi-OT] SURBL praise and stats

[Matt Kettler]

Over the weekend, and the weeks prior I was having about a 2.5% false 
negative rate with my SA 2.63 setup.

On Monday I added SURBL to my config, and it's working great. My FN rate 
has dropped to a bit under 1% as a result, and I've seen several spams 
which would have been FNs without SURBLs help. (Yesterday I verified I 
would have had a 2.3% FN rate without surbl, and had a 0.8% FN rate with 
it.) I've had no FPs so far on any of the three SURBL lists..

Very impressive.
Kudos and thanks to all involved in making SURBL go.
I also did a bit of log grepping and thought some people here might find 
the results interesting. WS and spamcop surbl lists are hitting nearly 50% 
of my spam, and there's a considerable quantity of non-overlapping hits 
between these two. All totaled the 3 lists are hitting 67.9% of my tagged 
spam. The SURBL hosted version of big/midevil isn't performing very well 
for me, but I'll keep an eye on it to see if it improves.

Of course, this is a rather small sample, but the stats may be useful to 
some folks. Take them with a little skepticism due to the small sample 
size, but they are still interesting and potential useful.

For reference, I'm using SA 2.63 with the SpamCopURI 0.15, and doing 
regular queries (I'm a low volume site). Queries are being resolved via a 
local bind server which naturally has some DNS caching, on top of any 
caching done inside SpamCopURI.

total number of spams caught by SA (~13 hour window)
        grep "May 12 " /var/log/maillog |grep "is spam, SpamAssassin" | wc -l
        1177
total number of spam hits which hit any surbl list (nonspam isn't logged)
        grep "May 12 " /var/log/maillog |grep _URI_RBL |wc -l
        800
total number of spams caught by SA that have Spamcop URI
        grep "May 12 " /var/log/maillog |grep SPAMCOP_URI_RBL | wc -l
        449
total number of spams caught by SA that have WS blackist URI
        grep "May 12 " /var/log/maillog |grep WS_URI_RBL | wc -l
        580
total number of spams caught by SA that have surbl-hosted big/midevil URI
        grep "May 12 " /var/log/maillog |grep BE_URI_RBL | wc -l
        151
Unique hits for spamcop.
        grep "May 12 " /var/log/maillog |grep SPAMCOP_URI_RBL |grep -v 
BE_URI_RBL |grep -v WS_URI_RBL |wc -l
        205

Unique hits for WS blacklist
        grep "May 12 " /var/log/maillog |grep WS_URI_RBL |grep -v 
BE_URI_RBL |grep -v SPAMCOP_URI_RBL |wc -l
        217

Unique hits for big/midevil
        grep "May 12 " /var/log/maillog |grep BE_URI_RBL |grep -v 
WS_URI_RBL |grep -v SPAMCOP_URI_RBL |wc -l
        17