[Mimedefang] Script for categorizing spam by hits?

James Ebright jebright at esisnet.com
Wed Jul 20 16:16:19 EDT 2005 

On Tue, 19 Jul 2005 12:49:26 -0700, Johann wrote

> Thank You! I hadn't really thought about a more detailed analysis 
> than what GraphDefang does, but this is really cool. A little css, a 
> little php, and viola! http://mail.srar.com/stats/stats.php . 
> Justification for tweaking the dang thing daily!

Holy cow!, you have stuff scoring in the 80s!!!

My range is more often -3.00 to +10.00 with a very good chance messages
scoring positive are spam. I will occasionally have a few that score near 50
but with my setup even one that scores in the 20s would be a rare spam message
that triggered all kinds of tests hehe.

I did use this nice gawk snippet to do more work within my stats script with
less greps and looping and it allowed me to combine some stats. Below is some
example output from a box with about 2k users (note, most of our spam is
caught via our own dnsbl and several others we use, these stats are not
included in this output and tend to catch alot of virus messages as well):

 Stats ran from Jul 17 04:08 to Jul 20 15:58
 ____________________________________________________
 score 3 to 4,   hits: 101 tagged: Possible spam
 score 4 to 5,   hits: 55 tagged: Spam
 score 5 to 6,   hits: 47 tagged: Spam
 score 6 to 7,   hits: 27 tagged: Spam
 score 7 to 14,  hits: 204 rejected: reject=554 5.7.1
 score 14 to 21, hits: 72 rejected: reject=554 5.7.1
 score 21 to 28, hits: 8 rejected: reject=554 5.7.1
 score 42 to 49, hits: 1 rejected: reject=554 5.7.1
 Virus messages discarded: 44
 ____________________________________________________


This same box rejected 25,800 messages (including the 280 ish above) during
the same time period and delivered 18,163, now these stats do not include user
unknowns, temp fails of any kind and probably a few other things. Company
wide, we historically have a very low false positive rating (less than .01%
overall) and have some users that never have received a single spam (and
conversely some that will get 2 or 3 a month, someday they will move their MX
for their domain here and stop forwarding the trash from their web hosting
company....)

grep -c eject=5 /var/log/maillog
25800
grep -c 'stat=Sent' /var/log/maillog
18163


Jim
--
EsisNet.com Webmail Client

More information about the MIMEDefang mailing list