Dennis,
On 7/31/2009 8:36 AM, Dennis B. Hopp wrote:
I couldn't get sa-stats to give me any useful information. I did get
amavis-logwatch and I am not sure if I like what it's showing me. I ran it
against the last few maillogs I have so it encompasses basically the
last month. Here is the relevant parts of the output:
http://pastebin.com/m59ddaf1d
If I'm reading that correctly less then 50% of mail is actually
being filtered (seems like it should be higher then that). Those stats
don't count the messages we completely reject. We don't reject solely on
Correct. Amavis-logwatch will only show you what it saw. It does not
poke into your MTAs reject stats. Its a *good* thing that the major
junk isn't hitting amavis. Think in terms of reject *layers*.
one RBL but use policy-weightd to reject messages. I guess I could just
let all messages through to SA for a few days to see how things change,
but I don't see the point of wasting CPU/Memory for messages that are
pretty much guaranteed spam.
No, don't do that. What's the point of letting in clearly forged,
bogus, or other junk? It will just slow/hinder delivery to your customers.
Here is the stats on my postfix:
http://pastebin.com/m15d2533e
You have a 90% MTA reject rate. That's a pretty good first cut.
Maybe I'm worried about nothing but given some of the spam that I get
forwarded that gets through (some very obvious spam) and then to see
what rules it hits just makes me think that something isn't quite right.
Just start fine tuning your rules, and monitor what types of things are
getting passed your MTA. I don't see any unverified client host rejects
- you might want to consider that safe method of culling out more at the
front door. Mine cuts out about 15.5%
Reject unverified client host 15.47%
but some of this may ultimately be overlap into another reject area such
as an RBL.
man 5 postconf | less +/check_reverse_client_hostname_access
Mike
