Mike Cardwell wrote:
Jari Fredriksson wrote:
Jari,
How did you produce the great looking statistics?
Thanks,
Rick
It's a perl script called sa-stats.pl
I tried not google it for you, but could not find the original. Many
scripts with the same name though..
I put that to my server as http://www.iki.fi/jarif/sa/sa-stats.pl
I have modified the default file so that is scans /var/log/messages
which works for me (Debian), the script not runs without arguments.
That's a very nice script. I made one small change to it to make it
work with gzip compressed logs. I replaced:
open(F,"$log");
With:
open(F,$log=~/\.gz$/i?"zcat $log|":"$log");
Anyway, back to the JMF whitelist. I actually think it has improved in
quality recently. A while back it was triggering on a lot of spam that
it shouldn't have been, but it seems to happen a lot less now. I've
just run my last weeks worth of logs through that sa-stats.pl script
and it agrees with me:
TOP HAM RULES FIRED
----------------------------------------------------------------------
RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
----------------------------------------------------------------------
1 RCVD_IN_JMF_W 1115 6.88 0.06 74.98
2 SPF_PASS 1084 7.48 0.94 72.90
3 BAYES_00 1070 6.55 0.00 71.96
4 HTML_MESSAGE 555 69.49 72.71 37.32
5 RCVD_IN_DNSWL_MED 452 2.77 0.00 30.40
6 DKIM_SIGNED 409 3.06 0.61 27.51
7 RCVD_IN_DNSWL_HI 383 2.34 0.00 25.76
8 HABEAS_ACCREDITED_SOI 308 1.88 0.00 20.71
9 RCVD_IN_BSP_TRUSTED 294 1.80 0.00 19.77
10 DKIM_VERIFIED 244 1.91 0.46 16.41
11 RCVD_IN_DNSWL_LOW 176 1.11 0.04 11.84
This is a much more favorable review. That's what it's supposed to do.
