More spam stopping statistics
Update
Check out my RRdtool graphs for qpsmtpd!
/Update
As my first spam statistics graph generated quite some interest, here’s a new one.
You will see that more than half of the connections were booted based on the country they came from. These are mostly connections from China and Romania (very active spamming from Romania over the past few weeks).
Also, a large number of attempts to bogus addresses such as accounting@ followed by a domain name I host. DNSBL are various IP-based blacklists.
My badmailfrom list contains envelope senders of lists that claimed they would respect my unsubscribe wishes, but didn’t. Integrated Mar and friends are another one.
spamhelo is mostly hosts pretending to have the same name as my server as their host name. I also boot connections from hosts named friend and localhost as well as gmail.com.
I’ve stopped using greylisting because the mail volume on my host is too small, I was loosing legitimate mail from Gmail because they have several outgoing servers with a common queue.
Unfortunatelty, GD::Graph doesn’t allow for slices to be pulled from the centre. That would have given you a nicer graph…
Update
I’ve finally pulled together some RRdtool graphs for qpsmtpd.
2006-08-04 at 2.31 pm
I like the new graph. Where did you get the GEOIP plugin?
2006-08-08 at 8.01 pm
I got it here and modified it quite heavily.
use Geo::IP;
my $geoip = Geo::IP->new(GEOIP_STANDARD);
sub hook_connect {
my ($self) = @_;
my $country = $geoip->country_code_by_addr
($self->qp->connection->remote_ip);
$self->qp->connection->notes('geoip_country', $country);
$self->log(LOGNOTICE, "GeoIP Country: $country");
if ( $self->qp->config("badcountries") ) {
my @badcountries = $self->qp->config("badcountries");
for (@badcountries) {
my ($pattern, $response) = split /\s+/, $_, 2;
return (DENY, $response) if ($country eq $pattern);
}
}
return (DECLINED);
}