Sam,

I forgot that even though I have "365" in my logrotate.conf file, I am still only getting 100 days of logs . . but since the last report I have kept about 11 months of spam messages that were not blocked by SD in a mail folder - I have adjusted the spreadsheet accordingly and now since the last report the successfully delivered spam has only increased by about 2x (from 0.4% to 0.8% of all the SpamDyke lines in the logs) - see below:



On 2017-04-20 12:05, Sam Clippinger via spamdyke-users wrote:
Nice spreadsheet!  I don't have all the data you do, but just looking
at my mail logs going back 1 month (excluding mailing list traffic), I
gathered these reject/accept stats.  I apologize if the formatting is
messed up:

 Count Percent
DENIED_RDNS_RESOLVE 72413 58.29
DENIED_RDNS_MISSING 26924 21.67
ALLOWED 6766 5.45
DENIED_SENDER_NO_MX 4730 3.81
DENIED_BLACKLIST_NAME 4630 3.73
DENIED_GRAYLISTED 3311 2.67
DENIED_RBL_MATCH 2059 1.66
DENIED_IP_IN_CC_RDNS 1936 1.56
TIMEOUT 776 0.62
DENIED_INVALID_RECIPIENT 457 0.37
DENIED_OTHER 127 0.10
DENIED_IP_IN_RDNS 71 0.06
DENIED_HEADER_BLACKLISTED 32 0.03
DENIED_SENDER_BLACKLISTED 6 0.00
DENIED_RECIPIENT_BLACKLISTED 1 0.00
Total 124239


For the recent report I get:

102417  FILTER_RDNS_MISSING
 41317  ALLOWED
 35222  DENIED_RDNS_MISSING
 21230  DENIED_RBL_MATCH
 19200  FILTER_RBL_MATCH
  6164  FILTER_EARLYTALKER
  1878  FILTER_INVALID_RECIPIENT
  1878  DENIED_INVALID_RECIPIENT
  1347  FILTER_RELAYING
  1347  DENIED_RELAYING
  1068  DENIED_SENDER_NO_MX
  1053  FILTER_SENDER_NO_MX
   764  FILTER_RDNS_RESOLVE
   576  DENIED_RDNS_RESOLVE
   472  TIMEOUT
   290  FILTER_WHITELIST_IP
   132  ERROR(output_writeln()@log.c:104):
    28  FILTER_HEADER_BLACKLIST
    28  DENIED_HEADER_BLACKLISTED
    24  FILTER_SENDER_BLACKLIST
    24  DENIED_SENDER_BLACKLISTED
     6  FILTER_OTHER
     6  DENIED_OTHER
     2  ERROR(smtp_filter()@spamdyke.c:1721):
     2  ERROR(nihdns_mx()@dns.c:1935):
     1  ERROR(smtp_filter()@spamdyke.c:922):


Clearly I don't run a high traffic server, but:
 - Numerically, the missing/unresolvable rDNS tests appear to be the
most effective, though I haven't checked to see how many of those
rejections were for valid email addresses.
 - For my own peace of mind, blocking subject lines with the header
blacklist has been the only way to stop persistent spammers from
reaching me via outlook.com [1] and gmail.com [2], which I'm not
willing to block outright.


Right.


 - The rDNS blacklist percentage appears to be very low but it's
continually populated by my auto-blacklisting scripts and it's been
very effective against organized groups (i.e. not botnets).  Even
though I rarely add to those scripts, I'm still amazed at how many new
domains it catches every day.


Are these auto scripts available?


 - I also use another set of scripts to automatically unsubscribe my
users from "legitimate" mailing lists when they junk the messages
(Gmail does this too).  Since my users usually can't tell the
difference between "real" spam and "legitimate" spam (and they don't
care), those scripts cut down their junk mail without blocking
constantcontact.com [3] and exacttarget.com [4] (and others like
them).


Right.


To answer your questions, you can block "To: undisclosed-recipients"
with the header blacklist filter, if that's really how it appears in
the message headers.


I'll give that a shot.


Blocking emails with no "To" line in the header
isn't something spamdyke can do right now, sorry!


OK.

Thanks!

Phil.


-- Sam Clippinger

On Apr 18, 2017, at 9:36 PM, Philip Rhoades via spamdyke-users
<spamdyke-users@spamdyke.org> wrote:

People,

It has been almost a year since the last report - here is the
updated GD Spreadsheet:


https://docs.google.com/spreadsheets/d/1GqinPR2mA0Jz-uTZ2zVJgutpiDl62HNbn2gWGNpd7Tk/pubhtml

Unfortunately the amount of spam getting through the SD filtering,
then seen by me and being moved to the spam folder has gone up
almost five times since last year . . from the information I have
now put more stuff in the black From and To lists . .

I think the main problem is that my main email address is finding
its way on to more and more spam lists . .

How can I:

- reject mails with no "To:" address

- reject mails with a "To:" address of: "undisclosed-recipients"

Thanks,

Phil.
--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  p...@pricom.com.au
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users



Links:
------
[1] http://outlook.com
[2] http://gmail.com
[3] http://constantcontact.com
[4] http://exacttarget.com
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  p...@pricom.com.au
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to