> -----Original Message-----
> From: jdow [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 01, 2006 10:16 PM
> To: [email protected]
> Subject: Re: Post your top 10 from sa-stats
>
> From: "Dallas L. Engelken" <[EMAIL PROTECTED]>
> > -----Original Message-----
> > From: Jeff Chan [mailto:[EMAIL PROTECTED]
> >
> > Does anyone mind if I summarize and post their results on the SURBL
> > discussion list?
> >
> > http://lists.surbl.org/mailman/listinfo/discuss
> >
>
> If you are just interested in URIBL_* hitrates.. here are 3
> sets of results from 3 different networks and 3 different
> levels of mail flow.
>
> # perl ./sa-stats.pl -n 1000 -f spamd.log | grep URIBL
>
> <<jdow>> Looks more like this here:
> 2 URIBL_BLACKB 1065 3.00
> 22.22 60.44 0.17
> 5 URIBL_SC_SURBL 926 2.61
> 19.32 52.55 0.00
> 6 URIBL_JP_SURBL 910 2.56
> 18.99 51.65 0.00
> 8 URIBL_SBL 798 2.25
> 16.65 45.29 0.03
> 9 URIBL_WS_SURBL 745 2.10
> 15.55 42.28 0.00
> 10 URIBL_AB_SURBL 721 2.03
> 15.05 40.92 0.00
> 11 URIBL_OB_SURBL 643 1.81
> 13.42 36.49 0.00
> 22 URIBL_XS_SURBL 345 0.97
> 7.20 19.58 0.00
> 879 URIBL_GREYB 2 0.01
> 0.04 0.11 0.03
> 1146 URIBL_PH_SURBL 1 0.00
> 0.02 0.06 0.00
> 269 URIBL_BLACKB 5 0.04
> 0.10 60.44 0.17
> 575 URIBL_GREYB 1 0.01
> 0.02 0.11 0.03
> 600 URIBL_SBL 1 0.01
> 0.02 45.29 0.03
>
> I figure I could pull PH and lose nothing.
Agreed.
> And grey is sort
> of useless, too.
For your mail flow it appears so. And it also has its days... Cron
that report daily and watch it for a week or two.
# grep -c URIBL_GREY spamd.log.[12345]
spamd.log.1:993
spamd.log.2:864
spamd.log.3:414
spamd.log.4:405
spamd.log.5:914
> Black "ain't perfect" I note.
>
Agreed.. Assuming your 5 'ham' were truly 'ham' and not just spam that
your SA missed and uribl black hit. Being 'perfect' is our ultimate
goal... Pull the log entries that were ham that hit URIBL_BLACK and
see if they look legit.
# grep URIBL_BLACK spamd.log | grep "result: \." | awk -F "mid=" '{print
$2}' | awk -F "," '{print $1}' | sort | uniq
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Msgid may not give you much to go on... YMMV. Could show them by score
and tests hit also
# grep URIBL_BLACK spamd.log | grep "result: \." | awk -F "result: \. "
'{print $2}' | awk -F "scantime" '{print $1}'
3 - BAYES_50,NO_REAL_NAME,URIBL_BLACK
2 -
BAYES_00,HTML_MESSAGE,MISSING_SUBJECT,MSGID_FROM_MTA_HEADER,SPF_HELO_PAS
S,URIBL_BLACK
2 - AWL,BAYES_00,DCC_CHECK,HTML_MESSAGE,NO_REAL_NAME,URIBL_BLACK
2 - AWL,BAYES_00,DCC_CHECK,HTML_MESSAGE,NO_REAL_NAME,URIBL_BLACK
2 - AWL,BAYES_00,DCC_CHECK,HTML_MESSAGE,NO_REAL_NAME,URIBL_BLACK
2 - AWL,BAYES_00,DCC_CHECK,HTML_MESSAGE,NO_REAL_NAME,URIBL_BLACK
2 -
AWL,BAYES_00,DCC_CHECK,FORGED_RCVD_HELO,HTML_MESSAGE,NO_REAL_NAME,URIBL_
BLACK
2 - AWL,BAYES_00,DCC_CHECK,HTML_MESSAGE,NO_REAL_NAME,URIBL_BLACK
2 - AWL,BAYES_00,DCC_CHECK,HTML_MESSAGE,NO_REAL_NAME,URIBL_BLACK
2 - AWL,BAYES_00,DCC_CHECK,HTML_MESSAGE,NO_REAL_NAME,URIBL_BLACK
0 - AWL,BAYES_00,HTML_MESSAGE,NO_REAL_NAME,URIBL_BLACK
Cya,
Dallas
