Martin Tithonium (tithonium) wrote,
Martin Tithonium
tithonium

I keep my procmail logs. I've kept them since I started running procmail. It lets me do analysis like the following. While trying to clean some noise out of the logs, I accidentally overwrote the middle file with a backup of the newest file (I kept a "really old stuff", a "old stuff" and a "current/latest stuff" file). These files, being "unimportant" and /huge/, were excluded from my backups. So, since there's a 13-month chunk missing in the middle of the data, I deleted /all/ the old data. But, for my own reference in the future, here is the analysis run on them right before this happened:




martian@rigel:~$ mailcount 
      8  0% (  0.0/d, 1/7.26w )  Crypto-gram
      8  0% (  0.0/d, 1/7.26w )  Postfix
     15  0% (  0.0/d, 1/3.87w )  VanDyke
     20  0% (  0.0/d, 1/2.90w )  Midgard
     23  0% (  0.1/d, 1/2.52w )  Gentoo
     35  0% (  0.1/d, 1/1.66w )  CERT
   5357 15% ( 13.2/d, 1/1.82h )  Inbox (self)
  12490 37% ( 30.7/d, 1/46.9m )  Spam
  15534 46% ( 38.2/d, 1/37.7m )  Inbox
  33490     ( 82.4/d, 1/17.5m )  Total in 58.06w

martian@rigel:~$ mailcount  -more
      4  0% (  0.0/d, 1/48.19w)  **Bounced**
      6  0% (  0.0/d, 1/32.13w)  Slashdot
      7  0% (  0.0/d, 1/27.54w)  OSDN/NewsForge
     32  0% (  0.0/d, 1/6.02w )  Postfix
     40  0% (  0.0/d, 1/4.82w )  Crypto-gram
    141  0% (  0.1/d, 1/1.37w )  CERT
    155  0% (  0.1/d, 1/1.24w )  VanDyke
    319  0% (  0.2/d, 1/4.23d )  Midgard
    657  0% (  0.5/d, 1/2.05d )  SPUG
    810  0% (  0.6/d, 1/1.67d )  Gentoo
  14912  3% ( 11.1/d, 1/2.17h )  Inbox (self)
  56103 13% ( 41.6/d, 1/34.6m )  Inbox
 331076 81% (245.3/d, 1/5.9m  )  Spam
 404262     (299.6/d, 1/4.8m  )  Total in 192.77w

martian@rigel:~$ mailcount  -moremore
      2  0% (  0.0/d, 1/206.40)  Slackware/Announce
      4  0% (  0.0/d, 1/103.20)  **Bounced**
      5  0% (  0.0/d, 1/82.56w)  **Requeued**
      6  0% (  0.0/d, 1/68.80w)  SecurityFocus/focus-linux
      6  0% (  0.0/d, 1/68.80w)  KDE
      6  0% (  0.0/d, 1/68.80w)  SecurityFocus/sf-news
     42  0% (  0.0/d, 1/9.83w )  OSDN/Linux.com
     94  0% (  0.0/d, 1/4.39w )  Crypto-gram
    125  0% (  0.0/d, 1/3.30w )  Postfix
    155  0% (  0.1/d, 1/2.66w )  SecurityFocus/linux-secnews
    219  0% (  0.1/d, 1/1.88w )  Slackware/Security
    316  0% (  0.1/d, 1/1.31w )  VanDyke
    336  0% (  0.1/d, 1/1.23w )  CERT
    367  0% (  0.1/d, 1/1.12w )  Trash
    401  0% (  0.1/d, 1/1.03w )  Zaurus
    919  0% (  0.3/d, 1/3.14d )  OSDN/Slashdot
   1181  0% (  0.4/d, 1/2.45d )  Gentoo
   1425  0% (  0.5/d, 1/2.03d )  OSDN/NewsForge
   1473  0% (  0.5/d, 1/1.96d )  Midgard
   1513  0% (  0.5/d, 1/1.91d )  Slashdot
   5182  0% (  1.8/d, 1/13.38h)  SPUG
   5793  0% (  2.0/d, 1/11.97h)  SecurityFocus/incidents
  13341  1% (  4.6/d, 1/5.20h )  SecurityFocus/Bugtraq
  17010  2% (  5.9/d, 1/4.08h )  NewtonTalk
  21627  3% (  7.5/d, 1/3.21h )  Inbox (self)
  99163 14% ( 34.3/d, 1/42.0m )  Inbox
 501163 74% (173.4/d, 1/8.3m  )  Spam
 671874     (232.5/d, 1/6.2m  )  Total in 412.79w


My own baysian filter, and more recently SpamAssassin, are what filter things into the Spam folder. If either one thinks it's spam, it's spam.
You can kinda see in which section I implemented greylisting at the postfix level, tho. It's surprising it's still so effective.
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments