Hi all, SA and this list is great, here is some reading material...
I must be lucky, and don't have the problem of 2 mailboxes, we
re-route the spam to a single spam box on the exchange server, only
accessible by 2 users, the IT director and myself. If someone
"complains" about not getting mail, we look at our spam viewer which is
a .net (don't ask) web page that hits an sqlserver DB where all the
syslog data resides (done by using kiwi syslog daemon) and from there we
can query the db for the message so we can forward it out of the
exchange-based spam box. This was an easy sell to the 410 users we have
(sa catching about 125k/month). We have been doing this for many months
now..
My question is this, according to ROI calculations, we are saving the
company about $8500/month in lost productivity reading/sifting/browsing
spam messages. So why is it such a hard sell to not let the end-users
EVER see the spam message? If I gave them access to the spam, why not
just deliver it to them in the first place? They are spending the same
time sifting to see if legitimate e-mails are in there.. Yes we have
some FPs, but VERY little due to Bayes/AWL/cutomizations. People ask me
what if the FP is important? Well, it has happened, the end users
except this, especially when they see the ROI calcs.
At one point I thought of giving them access to that .net "spam
viewer" they would only see the time the spam came in and the "From",
but this still yields lost productivity, mission NOT accomplished. If I
did it that way, they may "see" a spam that they thought might be
interesting (but personal) and want to receive it. We don't give them
the chance.
I.T. maintains white/black lists, we don't allow the end-users
to do this (again, more lost productivity on the end-users' part) The
ONLY thing we DO allow the end-users to do is to forward ham/spam to
respective mailboxes so that the nightly cron job can sa-learn them.
Total I.T. SA maintenance is about 2 hours/week, this includes
updates/customizations/spam mailbox/logs, etc.
What are your thoughts? I must say the end-user reception is
very positive with the spam filter. They will actually call/e-mail us
if they DO get spam, we get more calls of that nature than FPs.
Thanks for taking the time to read this...
-Jim
Stats for 11/12/03 - single day - 410 users - SA2.6 set @5pts
Bond, Schoeneck and King Spam Statistics
Total Incoming Internet E-mail (For REAL bsk users): 8639
Total Spam found by SpamAssassin: 5194
Total Ham (Legitimate E-mail): 3445
Total number of incoming mails sent to bogus addresses: 3067
60.12% of our Incoming Internet E-mail is Spam!
Breakdown of Spam by user
<snip>
Jim Upwood
System Administrator
Bond, Schoeneck, and King
Syracuse, NY
-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
