I've wondered for some time about the effectiveness of graylisting, especially given the effectiveness of other spamdyke filters.
I recall the saying: "you can't manage what you can't measure". While we do have a script or two that report stats for various filters, a meaningful count of graylist effectiveness is difficult. The problem with measuring graylisting accurately lies with tying the DENIED_GRAYLISTED messages to subsequent ALLOWED messages. For each DENIED_GRAYLISTED message for which there is no subsequent ALLOWED message, the email blocked as spam and the graylisting filter was effective. Chalk one up for graylisting. For each DENIED_GRAYLISTED message, if there is a subsequent ALLOWED message, then the message was simply delayed and not blocked (and is not considered spam). It would be interesting to tally the min/max and mean/median average delays for this category as well, in order to have an idea of how severe the delays are. Looking at the log messages, I see "from: (unknown)" in some cases. I presume that this is the envelope sender, while the message/internal sender is used for the graylist entries. Thus it's not possible to reconstruct the graylist 'key' from the contents of the log message, so matching up subsequent ALLOWED messages is impossible. Or am I missing something? I think that the simplest way of matching up messages would be if the log messages contained the Message-ID field from the email headers. I checked the TODO.txt file, and Frank beat me to the request: Log the Message-ID field so a message can be tracked from delivery to disk. spamdyke will need to add the Message-ID field if needed. Credit goes to Frank SDI. So I'd like to add +1 for this enhancement. Without it, the effectiveness of graylisting cannot be accurately determined. As always, thanks to Sam for his great work on spamdyke. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
