I've wondered for some time about the effectiveness of graylisting,
especially given the effectiveness of other spamdyke filters.
I recall the saying: you can't manage what you can't measure.
While we do have a script or two that report stats for various filters,
a meaningful count of graylist effectiveness is difficult. The problem
with measuring graylisting accurately lies with tying the
DENIED_GRAYLISTED messages to subsequent ALLOWED messages.
For each DENIED_GRAYLISTED message for which there is no subsequent
ALLOWED message, the email blocked as spam and the graylisting filter
was effective. Chalk one up for graylisting.
For each DENIED_GRAYLISTED message, if there is a subsequent ALLOWED
message, then the message was simply delayed and not blocked (and is not
considered spam). It would be interesting to tally the min/max and
mean/median average delays for this category as well, in order to have
an idea of how severe the delays are.
Looking at the log messages, I see from: (unknown) in some cases. I
presume that this is the envelope sender, while the message/internal
sender is used for the graylist entries. Thus it's not possible to
reconstruct the graylist 'key' from the contents of the log message, so
matching up subsequent ALLOWED messages is impossible. Or am I missing
something?
I think that the simplest way of matching up messages would be if the
log messages contained the Message-ID field from the email headers. I
checked the TODO.txt file, and Frank beat me to the request:
Log the Message-ID field so a message can be tracked from delivery to
disk. spamdyke will need to add the Message-ID field if needed. Credit
goes to Frank SDI.
So I'd like to add +1 for this enhancement. Without it, the
effectiveness of graylisting cannot be accurately determined.
As always, thanks to Sam for his great work on spamdyke.
--
-Eric 'shubes'
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users