From: Aaron Wolfe (no email)
Date: Fri May 02 2008 - 14:00:08 EDT
Here are stats on the last 90 million messages I've processed:
Relative effectiveness of spam filtering techniques:
Unknown user 31.71% (31.71%) 28536221
Greylisted 32.03% (21.87%) 19684139
Throttled 20.08% (9.32%) 8389567
Relay access denied 0.02% (0.01%) 5783
Bogus DNS (Broadcast) 0.02% (0.01%) 5575
Bogus DNS (RFC 1918 space) 0.14% (0.05%) 48385
Spoofed Address 0.58% (0.21%) 192243
Unclassified Event 1.88% (0.69%) 622037
Temporary Local Problem 0.00% (0.00%) 1384
Require FQDN sender address 0.01% (0.00%)
4136 reject_non_fqdn_sender
Require FQDN for HELO hostname 14.14% (5.11%)
4598287 reject_non_fqdn_helo_hostname
Require DNS for sender's domain 1.26% (0.39%)
352926 reject_unknown_sender_domain
Require Reverse DNS 2.71% (0.83%)
747785 reject_unknown_reverse_client_hostname
Require DNS for HELO hostname 0.12% (0.04%)
33230 reject_unknown_helo_hostname
The Spamhaus Block List 33.77% (10.05%)
9044310 reject_rbl_client zen.dnsbl
The SpamCop Block List 2.85% (0.56%)
505419 reject_rbl_client bl.spamcop.net
PSBL Block List 0.08% (0.01%)
13323 reject_rbl_client psbl.surriel.com
The Invaluement SIP Block List 32.74% (6.26%)
5635764 reject_rbl_client sip.invaluement.com
SORBS Dynamic IP Address Block List 1.54% (0.20%)
178267 reject_rbl_client dul.dnsbl.sorbs.net
SpamRats No PTR Block List 0.87% (0.11%)
98869 reject_rbl_client noptr.spamrats.com
SpamRats Dynamic IP Block List 1.03% (0.13%)
116433 reject_rbl_client dyna.spamrats.com
SpamRats SPAM Block List 0.00% (0.00%)
38 reject_rbl_client spam.spamrats.com
Lashback Block List 0.09% (0.01%)
9892 reject_rbl_client ubl.unsubscore.com
UCEPROTECT Level 1 Block List 0.03% (0.00%)
2795 reject_rbl_client dnsbl-1.uceprotect.net
The HostKarma Block List 0.08% (0.01%)
8913 reject_rbl_client blacklist.junkemailfilter.com
Total messages: 90000978
Total blocked: 78835721 87.59%
These are the checks I do with Postfix before SA, in the order I do them.
The first percentage is the amount of mail block out of what is "left" by
the time the message gets to that check, the second is the percentage of
total mail blocked. Sorry if the formatting is strange. Not all of my
clients use all of the RBL checks, so some RBLs appear less effective than
they really would be if everyone here used them. All clients do use zen,
spamcop, sorbs and Rob McEwen's Invaluement SIP RBL (which is clearly an
awesome list to add behind zen, blocking over 32% of mail that zen misses).
Especially note that the psbl, HostKarma and UCE lists are used only in a
few testing domains so their apparently poor performance is not accurate.
Please do not think I am saying any particular RBL works poorly, this is
just a real world dump of whats happening here.
Hope thats useful to someone :) I could get more specific results from
domains that use specific sets of RBLs if anyone would like.
-Aaron
On Fri, May 2, 2008 at 10:27 AM, Arturo 'Buanzo' Busleiman <
> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Victor Duchovni wrote:
> | Beyond Zen, your efforts are probably best directed at message content
> | filtering say SpamAssassin with SURBL lookups to filter spam URLs, ...
>
> Thanks everyone for your comments, both on and off-list. I think I'll not
> be adding an extra RBL
> after all. Maybe the German-spam one. I'd really like to find a
> Russian-spam RBL. I get lots of it.
>
> OTOH, I'm using clamsmtp, zen, greylisting and spf. I don't want to use
> amavisd-new or any other
> "everything included" tools. What do you recommend? Of course, I'm
> interested in SpamAssassin. My
> servers are used 99% for relaying to internal mail servers in other
> companies (I'm the smarthost and
> public MX for them), so something like spamc via xfilter in a maildrop
> rules file is not good.
>
> I've read many guides and checked-out the addons page at postfix.org, but
> for my situation, what
> would the group recommend?
>
>
> - --
> Arturo "Buanzo" Busleiman
> Reliable inter-continental Mail Relay Service - Ask me!
> Independent Security Consultant - SANS - OISSG
> http://www.buanzo.com.ar/pro/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIGyTQAlpOsGhXcE0RCtgBAJwNHRSUGkDMiRDv6OJuuGHSMwXXQgCeLbxm
> 7CIZN8bvpS1C+8oAh88OE8E=
> =FPCD
> -----END PGP SIGNATURE-----
>
|
|
|