I also have some interesting graylisting stats and I have the number of graylisted attempts that never got accepted later on a retry.

I am wondering what the order is for spamdyke rule checking. Is rdns missing and resolved tested before or after graylisting?


A 16 hour sampling of the log shows 2335 graylisted attempts out of 5602 were never accepted later. I was able to get these stats by scanning the log into a mysql database and running some queries. Here are other results from that same 16 hour period.

10449   DENIED_RDNS_MISSING
6468    DENIED_RDNS_RESOLVE
5602    DENIED_GRAYLISTED
3549    ALLOWED
1855    DENIED_RBL_MATCH
938     DENIED_SENDER_NO_MX
700     DENIED_IP_IN_CC_RDNS
166     DENIED_BLACKLIST_IP
156     DENIED_IP_IN_RDNS
86      DENIED_OTHER
81      DENIED_RELAYING
3       DENIED_SENDER_BLACKLISTED
1       TLS_ENCRYPTED

Allowed: 3549
Denied : 26504
Sum: 30053
% Spam : 88.19%


------ Original Message ------
From: "Sam Clippinger" <s...@silence.org>
To: "spamdyke users" <spamdyke-users@spamdyke.org>
Sent: 11/20/2014 12:35:50 PM
Subject: Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions

Very interesting, thanks for running these trials!

I've currently got graylisting enabled on my own server, but I've been considering turning it off. An interesting statistic to look at, I think, would be the number of connections blocked by graylisting that don't eventually return with a successful delivery. In other words, the number of spambots that are actually deterred by the graylist filter.

-- Sam Clippinger




On Nov 20, 2014, at 3:27 AM, Quinn Comendant <qu...@strangecode.com> wrote:

On Tue, 04 Nov 2014 08:05:22 -0700, BC wrote:
At the suggestion of others here, I turned OFF greylisting last year,
after having used it for years before that.  My spam level didn't
increase one bit.  I think the RBL sites are pretty good at
identifying spam originations, so I use that method now.

So to check the usefulness of greylisting, I've done a rough study on our server. I've run three ten-day periods with different configurations, and processed the logs for each period using David Ramsden's SpamAssassin logfile analyser script [1].

The difference between greylisting enabled or disabled, all other configuration the same, is 2x the amount of messages received. During the period of greylisting, no false positives were reported by our users although they said their spam load was significantly reduced. It's hard to know from these number what the actual change in spam is, but I would venture to interpret the results and say greylisting is still helpful. You can see my spamdyke configuration here [2].


=====================================================================
Config 1: SA + rblsmtpd

Total messages:                Ham:       Spam:      % Spam:
90824                          56264      34560      38.05%

Average spam score            : 11.34/4.78
Average ham score             : -0.01/4.85


=====================================================================
Config 2: SA + spamdyke (no greylisting)

Total messages:                Ham:       Spam:      % Spam:
78271                          63730      14541      18.58%

Average spam score            : 10.00/4.80
Average ham score             : -0.05/4.85


=====================================================================
Config 3: sa + spamdyke + greylisting

Total messages:                Ham:       Spam:      % Spam:
39676                          31763      7913       19.94%

Average spam score            : 13.31/4.84
Average ham score             : -0.84/4.85


[1] http://www.sourcefiles.org/Log_Analyzers/sa-stats.pl
[2] http://pastie.org/private/bzncofm9e0vhbez8kacnka

Quinn

_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to