From owner-freebsd-questions@FreeBSD.ORG Mon Dec 17 15:56:28 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5290A16A41A for ; Mon, 17 Dec 2007 15:56:28 +0000 (UTC) (envelope-from mnslinky@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by mx1.freebsd.org (Postfix) with ESMTP id C688E13C4D9 for ; Mon, 17 Dec 2007 15:56:27 +0000 (UTC) (envelope-from mnslinky@gmail.com) Received: by py-out-1112.google.com with SMTP id u77so3871849pyb.3 for ; Mon, 17 Dec 2007 07:56:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:cc:message-id:from:to:in-reply-to:content-type:content-transfer-encoding:mime-version:subject:date:references:x-mailer; bh=IK5twBX2FCnGaVh4I5vTQwGZ7VeTdk3GnrsZUKrkSwA=; b=kKiMnSi2mVL7EzDICxnbdMPtqjIyT2wELdCTKvxOe6/p3sAet5na9uZ9pOGXWXI1D6ElGcQTb4HSsfN/GjXI+mitGj5f4I2hhPgBlMPHnqtwKJeUbIp4fGtjdEK0JaIhdpOI/4ULR+Ueb+HwEC6X84BjZC6MEHvfOv28qq9qzA4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=cc:message-id:from:to:in-reply-to:content-type:content-transfer-encoding:mime-version:subject:date:references:x-mailer; b=cgnrNOvZeUGb28g3PYuAWxKYKQtm/wfpYtEcfVmqWvTvX3sHQFDr+q1/sAerZ2g4FpcVIbsx89h+jxOTpAW3Dh24J/GPzYG+NW8jU8eO2fLUBMyl6/0K5MVmm4GdAfXz/3FifcF0wBBN7GiIVJ4PJSgL58MXU4LA145jx5kzKpM= Received: by 10.35.90.1 with SMTP id s1mr3461358pyl.53.1197906980708; Mon, 17 Dec 2007 07:56:20 -0800 (PST) Received: from swordfish.local.claimlynx.com ( [74.95.66.25]) by mx.google.com with ESMTPS id f78sm35010343pyh.2007.12.17.07.56.18 (version=SSLv3 cipher=OTHER); Mon, 17 Dec 2007 07:56:18 -0800 (PST) Message-Id: From: Eric Crist To: Jorn Argelo In-Reply-To: <9cc0a3fa1d403f16f4fc9b2abb49fb75@mail.wcborstel.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Date: Mon, 17 Dec 2007 09:56:16 -0600 References: <20071216185050.GB26535@brahma.susmita.org> <9cc0a3fa1d403f16f4fc9b2abb49fb75@mail.wcborstel.com> X-Mailer: Apple Mail (2.915) Cc: girishvenkatachalam@gmail.com, freebsd-questions@freebsd.org Subject: Re: (postfix) SPAM filter? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Dec 2007 15:56:28 -0000 On Dec 17, 2007, at 2:36 AM, Jorn Argelo wrote: > > > On Mon, 17 Dec 2007 00:20:50 +0530, Girish Venkatachalam > wrote: >> On 14:48:35 Dec 15, Jorn Argelo wrote: >>> Greylisting only works so-so nowadays. There was a couple of >>> months it >> was >>> very effective, but that is long gone. Spammers aren't stupid, and >>> they >>> follow the development of anti-spam techniques as much as e-mail >>> admins >> do. >>> Greylisting is a start, but from my experience it is not nearly >>> enough. >>> >> >> I have heard this said elsewhere too. > > Yes don't rely solely on greylisting unless you're a lucky guy and > don't get a lot of spam. I hear a lot of people saying that greylisting doesn't work, when I have actual numbers for my network proving it does. These numbers are from the first week of May 2007 to today: Greylisted/Rejected Messages: 187560 Spam Tagged Messages: 3806 Virus Tagged Messages: 0 Bounced Messages: 7 Total Messages Sent: 761 Total Messages Delivered: 25345 So, out of 25,345 messages that have been delivered to mailboxes, 3,806 of them were tagged as Spam by Spamassassin. Guessing at false positives based on what I see in my inbox (I'm the heaviest mail user on my network), about 10% are probably false positives. 25345/187560 = .1351 = 13.51% of email gets past greylisting. ((3806*.90)/25345) = .1351 = 13.51% of that email is considered Spam, which is probably correct. Based on those numbers, 162,215 messages were probably Spam. I'm guess it's Spam, as none of our users have complained that there is legitimate email failing to get through to their inbox. That would be ~88.8% of email hitting my systems is Spam. I would consider greylisting in my case VERY successful. What this doesn't take into consideration, however, is that I truly hate the delay of receiving a message from someone that isn't in the database, and as such, we're working on improving our SA rulesets and getting rid of greylisting. If my math is wrong here, please feel free to correct me, I'm by no means any good at it. ;) ----- Eric F Crist Secure Computing Networks