I also have some interesting graylisting stats and I have the number of
graylisted attempts that never got accepted later on a retry.
I am wondering what the order is for spamdyke rule checking. Is rdns
missing and resolved tested before or after graylisting?
A 16 hour sampling of the log shows 2335 graylisted attempts out of 5602
were never accepted later. I was able to get these stats by scanning
the log into a mysql database and running some queries. Here are other
results from that same 16 hour period.
10449 DENIED_RDNS_MISSING
6468 DENIED_RDNS_RESOLVE
5602 DENIED_GRAYLISTED
3549 ALLOWED
1855 DENIED_RBL_MATCH
938 DENIED_SENDER_NO_MX
700 DENIED_IP_IN_CC_RDNS
166 DENIED_BLACKLIST_IP
156 DENIED_IP_IN_RDNS
86 DENIED_OTHER
81 DENIED_RELAYING
3 DENIED_SENDER_BLACKLISTED
1 TLS_ENCRYPTED
Allowed: 3549
Denied : 26504
Sum: 30053
% Spam : 88.19%
------ Original Message ------
From: "Sam Clippinger" <[email protected]>
To: "spamdyke users" <[email protected]>
Sent: 11/20/2014 12:35:50 PM
Subject: Re: [spamdyke-users] Avoiding greylisting delays by making many
exceptions
Very interesting, thanks for running these trials!
I've currently got graylisting enabled on my own server, but I've been
considering turning it off. An interesting statistic to look at, I
think, would be the number of connections blocked by graylisting that
don't eventually return with a successful delivery. In other words,
the number of spambots that are actually deterred by the graylist
filter.
-- Sam Clippinger
On Nov 20, 2014, at 3:27 AM, Quinn Comendant <[email protected]>
wrote:
On Tue, 04 Nov 2014 08:05:22 -0700, BC wrote:
At the suggestion of others here, I turned OFF greylisting last year,
after having used it for years before that. My spam level didn't
increase one bit. I think the RBL sites are pretty good at
identifying spam originations, so I use that method now.
So to check the usefulness of greylisting, I've done a rough study on
our server. I've run three ten-day periods with different
configurations, and processed the logs for each period using David
Ramsden's SpamAssassin logfile analyser script [1].
The difference between greylisting enabled or disabled, all other
configuration the same, is 2x the amount of messages received. During
the period of greylisting, no false positives were reported by our
users although they said their spam load was significantly reduced.
It's hard to know from these number what the actual change in spam is,
but I would venture to interpret the results and say greylisting is
still helpful. You can see my spamdyke configuration here [2].
=====================================================================
Config 1: SA + rblsmtpd
Total messages: Ham: Spam: % Spam:
90824 56264 34560 38.05%
Average spam score : 11.34/4.78
Average ham score : -0.01/4.85
=====================================================================
Config 2: SA + spamdyke (no greylisting)
Total messages: Ham: Spam: % Spam:
78271 63730 14541 18.58%
Average spam score : 10.00/4.80
Average ham score : -0.05/4.85
=====================================================================
Config 3: sa + spamdyke + greylisting
Total messages: Ham: Spam: % Spam:
39676 31763 7913 19.94%
Average spam score : 13.31/4.84
Average ham score : -0.84/4.85
[1] http://www.sourcefiles.org/Log_Analyzers/sa-stats.pl
[2] http://pastie.org/private/bzncofm9e0vhbez8kacnka
Quinn
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
