Since I wrote about my new anti-spam measures, the spam has been furiously banging up against my virtual front door.
Talking to a colleague on IRC tonight, I was inspired to write a quick Ruby script to report the progress since last Sunday:
#!/usr/bin/ruby -w reject = Hash.new( 0 ) while line = ARGF.gets case line when /un(verified|deliverable) address/ next when /554 Service unavailable.* (blocked using .+?);/ reject[$1] +=1 when /NOQUEUE: reject:(?:.+?:.+?: )(.+?)[;:] from/ reject[$1] +=1 when /reject: header .+helo=.+?: (.+)$/ reject[$1] +=1 end end total = 0 reject = reject.to_a.sort { |a,b| a[1] <=> b[1] } reject.each do |x| printf( "%-74s%5d\n", x[0], x[1] ) total += x[1] end printf( "\n%-74s%5d\n", "Total blocked:", total ) |
Here are the results:
| Bad attachment with file name extension: bat | 1 |
| Bad attachment with file name extension: cpl | 1 |
| Sender address rejected: need fully-qualified address | 2 |
| Sender address rejected: Improper use of SMTP command pipelining | 3 |
| Bad attachment with file name extension: exe | 5 |
| Bad attachment with file name extension: com | 8 |
| Relay access denied | 9 |
| Bad attachment with file name extension: scr | 12 |
| Bad attachment with file name extension: pif | 25 |
| Helo command rejected: Improper use of SMTP command pipelining | 27 |
| blocked using sbl-xbl.spamhaus.org | 30 |
| Helo command rejected: Host not found | 58 |
| Helo command rejected: need fully-qualified hostname | 124 |
| blocked using dnsbl.sorbs.net | 155 |
| blocked using bl.spamcop.net | 290 |
| Sender address rejected: Domain not found | 1619 |
| Recipient address rejected: User unknown in local recipient table | 6659 |
| Total blocked | 9028 |
All in all, I’m very pleased. Very little spam is making it through now. For the spam that does make it into the system, I also upgraded to a recent CVS snapshot of SpamAssassin this afternoon, so most of it still gets zapped before making it to the in-box of any of my users.