"Friends Only"

Matt Kettler mkettler at EVI-INC.COM
Tue Oct 3 19:08:53 IST 2006 

Dan Hollis wrote:
> On Tue, 3 Oct 2006, James Gray wrote:
>> On 03/10/2006, at 10:11 AM, Dan Hollis wrote:
>>> Why shouldn't I be able to blacklist individual known spam SOAs?
>> Why not use the URIBL lists like "OutBlaze" and friends.  Not exactly
>> what you're after but I've found them extremely effective in combating
>> URLs etc that link to known spammers' domains.
> 
> The problem is that spammers are now using hundreds of totally
> randomized domains, making URIBL pretty useless.
> 
> -Dan

Really? mine hit beautifully. Why do you think uribl is useless?

JP has hit over 38% of the total mail volume on my server this week!

Over 87 percent of my spam-tagged mail has been hit by at least one URIBL rule
(uribl.com, surbl.org or sbl)

Some stats:

total spam:
   4587
total not spam:
   3383
total email examined by SA :
   7970
any uribl, spam tagged
   4020
any uribl, not spam tagged
    110
total any uribl
   4130


In the face of stats like that, how can you even begin to say the URIBLs are
"pretty useless".

Try the attached shell script. It assumes you log spam and nonspam results in
MailScanner format to /var/log/maillog, but it should get you some basic stats
on how your URIBL rules are doing.









-------------- next part --------------
#!/bin/sh

echo URIBL_BLACK
grep URIBL_BLACK  /var/log/maillog |wc -l

echo URIBL_GREY
grep URIBL_GREY  /var/log/maillog |wc -l

echo URIBL_BLACK_OVERLAP
grep URIBL_BLACK_OVERLAP /var/log/maillog |wc -l

echo URIBL_AB_SURBL
grep URIBL_AB_SURBL /var/log/maillog |wc -l

echo URIBL_JP_SURBL
grep URIBL_JP_SURBL /var/log/maillog |wc -l

echo URIBL_OB_SURBL
grep URIBL_OB_SURBL /var/log/maillog |wc -l

echo URIBL_SC_SURBL
grep URIBL_SC_SURBL /var/log/maillog |wc -l

echo URIBL_WS_SURBL
grep URIBL_WS_SURBL /var/log/maillog |wc -l

echo SURBL_MULTI1 
grep SURBL_MULTI1 /var/log/maillog |wc -l

echo SURBL_MULTI2 
grep SURBL_MULTI2 /var/log/maillog |wc -l

echo SURBL_MULTI3 
grep SURBL_MULTI3 /var/log/maillog |wc -l

echo SURBL_MULTI4 
grep SURBL_MULTI4 /var/log/maillog |wc -l

echo total spam:
grep " is spam, SpamAssassin" /var/log/maillog |wc -l

echo total not spam:
grep " is not spam, SpamAssassin" /var/log/maillog |wc -l

echo total email examined by SA :
grep " spam, SpamAssassin" /var/log/maillog |wc -l

echo any uribl, spam tagged
grep " is spam, SpamAssassin" /var/log/maillog | grep "URIBL_" |wc -l

echo any uribl, not spam tagged
grep " is not spam, SpamAssassin" /var/log/maillog | grep "URIBL_" |wc -l

echo total any uribl
grep "URIBL_" /var/log/maillog |wc -l

More information about the MailScanner mailing list