[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Measuring "should I greylist?" false positive rate [was: greylisting on debian.org?]

Le mar 18 juillet 2006 10:27, Lionel Elie Mamane a écrit :
> On Tue, Jul 18, 2006 at 10:03:59AM +0200, Pierre Habouzit wrote:
> > it's the number of mails that are beeing resubmited per week with
> > my system. so in fact, in them, there is 49 spams.
> Fascinating. Which RBL's do you use for that? Or do you have atypical
> mail patterns? Exactly two of my 50-or-so mail users use greylisting,
> based on RBLs *only*. They are kinda high-traffic mail users, but
> still, they, on their own, push the greylisting "this triplet is
> allowed" database entries to the thousands. The "this triplet tried
> once, but not more, in the alloted time" database entries are more
> numerous only by about an order of magnitude.

I already told before what I use for my personnal setup. on those 
servers it's:

rbl:  cbl.abuseat.org
rbl:  dynablock.njabl.org

we used to use dul.dnsbl.sorbs.net, but it recently got mad and took 
ages to answer, making us greylist the whole planet.

The 50 resubmitted mails are what we have now that the 'postgrey' 
database is trained. it was a bit higher during the earlier days. and 
the efficiency is remarkable: http://madism.org/~madcoder/pub/glist.png 
(it's only one of the MX's)

the green area is the amount of accepted mails.
the red/blue/orange curves are what our bayesian filter thinks of those 

the grey curve is unrelated to the others, and is the amount of mails we 
temporarily refused. Like said, very few are resubmited after. sadly we 
don't draw them, we should...

since we have that setup, our servers rarely have a load over 0.8 (only 
when a big mail list delivers), whereas it was over 3 to 4 frequently 
due to spam before. mails are always delivered in less than 3 seconds 
(against sth up to the minute before).

·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgpDOC3qG44iL.pgp
Description: PGP signature

Reply to: