[BALUG-Admin] anti-spam (current set of stats from /var/log/exim4/rejectlog* files) - still looking pretty good! :-)

Michael Paoli Michael.Paoli@cal.berkeley.edu
Tue Aug 15 07:32:14 PDT 2017 

current set of stats from /var/log/exim4/rejectlog* files
Mostly looking quite good, covering period:
2017-08-04T06:41:39-0700--2017-08-15T06:15:48-0700

2017-08-15T06:15:48-0700
2017-08-04T06:41:39-0700
         10 23:34:09
$ echo '1870/(10*24+23+34/60+09/3600)' | bc -l
7.09491183528675268667
So ... rejecting(+delaying) about 7 spams per hour.
And most all legitimate rejections, and thus far not seeing any
general mass spam to have made it through ... at least yet.

total:
1883 rejected (or greylisted 20/1883)
sub-totals:
1870 legitimately rejected (or delayed with greylisting)
   13 false positive - but only 1 original, 12 more to diagnose issue

summary analysis:
902 auth_server_login authenticator failed
733 HELO *.* (invalid)
  99 SMTP protocol synchronization error
  66 too many nonmail commands
  20 greylisted
  14 Too many connections within a 5 minute period (Maximum of 40 allowed.)
  12 URL ending in .pm (false positives and work to isolate and correct)
  12 Sender ... @temp.balug.org attempting to use forged local or relay
  12 Bounced undeliverable notification rejected
   9 Relaying from
   2 Scam text in body
   1 no valid sender in any header line (bad MTA or configuration thereof)
   1 Too many consecutive failed deliveries from sender (I DoSed myself)

> From: "Michael Paoli" <Michael.Paoli@cal.berkeley.edu>
> To: balug-admin@lists.balug.org
> Subject: Re: [BALUG-Admin] BALUG lists ... work-around text: blank  
> body with command in Subject: header, & anti-spam
> Date: Wed, 19 Jul 2017 23:44:21 -0700

> And, anti-spam looking quite good.  Quite few false-positives (at least
> after some earlier configuration adjustments).  Whole lot 'o crud
> spam being rejected ...
> Looking at logs, 5,384 rejections (but note that some of those are
> soft-fails, e.g. greylisting) in 10d 10h 34m 3s,
> that gives us:
> about 21.5 rejections/hr., or about a rejection every 2.8 minutes.
> Don't think I've seen a single actual spam email make it through ... yet.
>
> So, thus far, pretty dang good results on the anti-spam.
>
> 5384
> 2017-07-19 23:13:57
> 2017-07-09 12:39:54
>         10 10:34:03
> 5384/(24*3600*10+3600*10+34*60+3)*3600
> 21.48722400151655740800
> 1/(5384/(24*3600*10+3600*10+34*60+3)*60)
> 2.79235698365527488942

More information about the BALUG-Admin mailing list