[Mimedefang] how much spam does the average large company get ?

Cormack, Ken kcormack at acs.roadway.com
Wed Nov 19 16:25:23 EST 2003 

Matt,

Your best source of data, as it applies specifically to your servers, is
your maillog.  It will give you "hard numbers" for your management.

A while back, I posted a script, along with a sample of the output, that I
run nightly to parse "hard numbers" from my maillog.  If you look back
through the archives, you should find it.  It was about a month ago.

Below are some of the types of numbers you can pull.  These examples are
just SOME of the numbers from this morning's report.  But these should give
you all the numbers you need.  (And these dont include similar statistics
pulled from the Exchange servers, which run Trend Micro's content filter to
catch even more junk.

The numbers in these reports are used for exactly the same reasons you note.
They get plugged into graphs to plot trends and show spikes.  They let us
easily spot anomolies.  They justify hardware upgrade budget requests.

First, the output of "mailstats".  The "totals" will give you traffic volume
baselines.  In this case, we have sendmail set up to give the breakdowns in
a per-domain format, for each of our internal domains (munged here to simply
be an unrevealing DOMAIN1, DOMAIN2, etc.)

 M   msgsfr  bytes_from   msgsto    bytes_to  msgsrej msgsdis  Mailer
 4    26896     871843K    21119     850573K     1870    3933  esmtp
 9    12580     528863K    20289     709468K        9       2  DOMAIN1
11      163      12376K      162      11773K        1       0  DOMAIN2
12       30        357K       58        230K        0       0  DOMAIN3
13       13       8393K     1070      14104K        0       0  DOMAIN4
14      472      25758K      760      44953K        0       0  DOMAIN5
17     5590     119368K      639      13369K        3       0  DOMAIN6
18       10        933K        1         97K        0       0  DOMAIN7
19     6485     118742K     1236       6694K       54       3  local
=============================================================
 T    52239    1686633K    45334    1651261K     1937    3938
 C    53612                46760                 8179

DISTINCT HOSTS WITH WHOM CONNECTIONS WERE ATTEMPTED IN PRECEDING 24HRS:
    5762 Total distinct individual hosts

OUT OF ALL THOSE HOSTS WITH WHOM WE'VE ATTEMPTED A CONNECTION,
THE LATEST CONNECTION ATTEMPT FOR EACH BREAKS DOWN AS FOLLOWS:
    5310 Successfully completed transactions with us
      31 Reset the connection on us, during a transaction
     284 Timed-out on us, during a transaction
     131 Refused connections from us
       6 Failed for other reasons

SENDMAIL RULESET REJECTION TALLIES
      22 CheckFrom
      27 CheckMessageId
    1318 CheckSubject
     187 CheckTo
     473 check_mail
      50 check_rcpt
    2311 check_relay
    4388 total

MIMEDEFANG "MILTER" REJECTION TALLIES
     111 bad_filename
       2 charset_korean
       1 non_multipart
    2606 sa_discard_score
    4204 sa_quarantine_score
      11 suspicious_chars
      43 virus
    6978 total

SPAMASSASSIN SCORES
Msgs Scoring 5 or Higher: 11485
  Highest Recorded Score: 54.753
      Average Spam Score: 15.14

MIMEDEFANG STOPPED THE FOLLOWING VIRUSES
       2 Hits: W32/Yaha.E
       2 Hits: Worm/Bugbear.B
       1 Hits: Worm/Dumaru.A
       4 Hits: Worm/Gibe.C.1
      22 Hits: Worm/Klez.E
       3 Hits: Worm/MiMail.A1
       6 Hits: Worm/Yaha.M
       3 Hits: Worm/Yaha.P

MIMEDEFANG "MILTER" PROCESSING TIME TALLIES
Shortest time to process: 1ms
 Longest time to process: 54209ms
 Average time to process: 1903ms

AVERAGE MESSAGE SIZE: 34 KB

SMALLEST MESSAGE(S)
	Size: 1 Bytes
	Msg=hAIFOAs6019350

LARGEST MESSAGE(S)
	Size: 29764740 Bytes
	Msg=hAIM1ot7006121

AVERAGE RATE - MESSAGES PER MINUTE
  MIDNIGHT-8AM: 36
       8AM-5PM: 112
  5PM-MIDNIGHT: 54
       24 HOUR: 70

TOP 10 BUSIEST MINUTES:
  296 Msgs/Min @ 17:50
  281 Msgs/Min @ 13:54
  264 Msgs/Min @ 14:00
  264 Msgs/Min @ 13:59
  264 Msgs/Min @ 13:53
  263 Msgs/Min @ 08:48
  262 Msgs/Min @ 08:15
  255 Msgs/Min @ 08:43
  243 Msgs/Min @ 13:45


-----Original Message-----
From: Matt Cramer [mailto:mscramer at armstrong.com]
Sent: Wednesday, November 19, 2003 4:04 PM
To: mimedefang at lists.roaringpenguin.com
Subject: [Mimedefang] how much spam does the average large company get?


My management has asked me to make some graphs (blech) showing how good of
a job we do fighting spam.  I know what we do here - basically by
eliminating spams with large SpamAss scores, and doing much of the
sophisticated smtp filtering mimedefang allows, I've gotten our delivered
but flagged spam level down to about 20%.  Before I started, we were at
40%.  That is a good trend that I can show, but I am trying to get an idea
of what other companies see in terms of spam.  We are Fortune 500ish, with
about 7000 mail users.

I know the commercial spam fighting tools' marketing usually claims that
40-60% of a large company's mail is spam.  Is that accurate in others
experience?  Not that I don't trust marketing people, but they might have
a tendency to inflate that.  Our CEO doesn't tolerate bullshit numbers
when you present to him, so I'd feel better at defending my claim of
40-60% for others with maybe an impartial survey or even some anecdotes
from listmembers.  My research online found plenty of claims, but all of
it coming from research from anti-spam vendors.

Comments or suggestions welcome.


Matt

-- 
Matthew S. Cramer <mscramer at armstrong.com>          Office: 717-396-5032
Infrastructure Security Analyst                     Fax:    717-396-5590
Armstrong World Industries, Inc.                    Cell:   717-917-7099

_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list