Mailing List SIMS@mail.stalker.com Message #15455
From: Lewis Butler <lbutler@covisp.net>
Subject: Re: Spam percentage
Date: Wed, 21 Feb 2007 20:08:26 -0700
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Apple Mail (2.752.3)
On 21-Feb-2007, at 13:41, Todd Reed wrote:
I've been seeing people on the list stating they are getting x% spam on
their SIMS server. I'm wondering how I can parse the log to figure out the
percentage for my server?

If it were that easy you could eliminate all the spam.

It's matter of how much spam is delivered versus how many connection attempts are made.  For example, on my server 80%+ of all connection attempts are refused right off the bat, so if every email I got was spam, the percentage would still be only 20%.

I get about 85,000 connection attempts per month.  70-75,000 of those connections never result in an email. About 3-6,000 that do are spam that hit SpamAssasin.  4-10,000 (it varies a lot) are 'ham' and of that, maybe 300 are actually spam that did not get tagged.

So, 300/85,000 = 0.3% spam getting through my anti-spam measures.

There are flaws in this system, of course (many legitimate emails may generate more than one connection, so the connection number is higher than it would be with no greylisting, for example), but overall I am pretty comfortable with the numbers.

Anything that I tag as spam that gets delivered anyway (like the user wants ALL email) I don't count, obviously.

Of those 300, nearly half are stock/image spam, and I think I've but a serious limit on those recently with some tweaking to SA.

What I parse to count connections is the "connection from " string in the maillog.  I forget what this is in SIMS, but it's there somewhere.

# echo "`grep smtpd /var/log/maillog | grep ": connect from"  | wc -l` + `bzgrep smtpd /var/log/maillog.* | grep ": connect from"  | wc -l`" | bc
85694

(that's the last 30 days, up to about 3 minutes ago)

--
Lewis Butler, Owner Covisp.net
240 S Broadway #203, 80209
mobile: 303.564.2512  fx: 303.282.1515
AIM/ichat: covisp xdi: http://public.xdi.org/=lewisbutler


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster