What percentage of mail are you servers consistently dropping?

Discussion in 'Business & Enterprise Computing' started by oli, Jul 30, 2007.

?

What percentage of mail is dropped?

  1. 10-20%

    5 vote(s)
    10.9%
  2. 20-40%

    2 vote(s)
    4.3%
  3. 40-60%

    2 vote(s)
    4.3%
  4. 60-80%

    15 vote(s)
    32.6%
  5. 80-99%

    22 vote(s)
    47.8%
  1. oli

    oli Member

    Joined:
    Jun 29, 2002
    Messages:
    7,266
    Location:
    The Internet
    For those of you who run/maintain mail servers (and I'm not talking about a box at home for a couple of people) how much mail is consistently being dropped, and what methods are you using to check messages?

    I run a mail server with about 250 email accounts and am consistently seeing 65 to 75% of mail being dropped (this doesn't include messages that get tagged as spam by spamassassin and moved to a trash folder or have subjects prepended with spam string to make sorting easier). On weekends the figure is more like 80 to 90%, as most of the accounts legitimate traffic drops since people aren't working.

    I use pflogsumm to get statistics on the maillog. The primary reason for messages being blocked is thanks to DNS blacklists like sorbs/spamcop/dnsbl, etc...
     
  2. dravyn

    dravyn Member

    Joined:
    Nov 12, 2002
    Messages:
    341
    I run a mailserver for 5 or 6 domains and 50ish people and am seeing about 97.84% of mail dropped.

    Postgrey is a wonderful tool :) helped along by the blacklisting tools.. spamcop, dnsbl, spamhaus :)
     
  3. Kodaz

    Kodaz Member

    Joined:
    Apr 16, 2004
    Messages:
    934
    Location:
    Brisbane 4124
    I have a mail server with about 200 mailboxes on it and on the weekdays it averages around 15% mark and this skyrockets on the weekends due to the lower level of legitimate email. Use GFI for this.

    We also have antispam provided through our manage IP network that cuts most of the crap out at the edge though.
     
  4. DocSOG

    DocSOG Member

    Joined:
    Apr 25, 2005
    Messages:
    93
    Location:
    Chelsea Vic
    have 4 front end mail gateways running Postfix with Greylisting (MYSQL backend to keep all 4 in sync), SURBLS etc and we're dropping at least 75%. Haven't check in the past few weeks to be honest, but we're dropping well over 10,000 mails a day. We don't keep accurate stats anymore on how many fail greylisting

    We have baretail running over the maillog file and it scrolls faster than I can read it

    (P.S. ~3000 mailboxes, spam catch ratio is well into the 99.5%+ ratio with virtually no false positives)

    N
     
    Last edited: Jul 30, 2007
  5. gbh

    gbh Member

    Joined:
    Aug 29, 2001
    Messages:
    2,175
    Location:
    Sydney
    1 x exim machine (acts as gateway for one domain and as pure mta for 25 more)
    runs a mix of spam assassin, rbl's, and custom acl's based around sender verification and callouts.

    Code:
    This is the last 24 hours:
    TOTAL	       Volume	Messages Hosts
    Received	61MB	1255	   549	
    Delivered	 71MB	 1532	    23
    Rejects		         17755     6648
    
     
    Last edited: Jul 30, 2007
  6. Glide

    Glide Member

    Joined:
    Aug 22, 2002
    Messages:
    1,151
    Location:
    Was: Sydney Now: USA
    about 70% with watchguard spamblocker
     
  7. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    35,064
    Location:
    Brisbane
    Another postgrey lover here.

    3 domains, 1000 users. Postgrey weeds out about 80%, and then Maia and amavis/clamav/spamassassin grab the rest of the nasties.
     
  8. HrdwrBoB

    HrdwrBoB Member

    Joined:
    Aug 22, 2001
    Messages:
    619
    Location:
    Melbourne
    I don't run a mailserver as such any more, but when I did, we ran SQLgrey, which kicked butt over postgrey as we used it from all servers and we did it for .domain.com on the class C instead of being so specific (that's all you need for greylisting, you don't need to go to address level)
    This blocked 110k+ messages/day on a 5k user server.
     
  9. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,410
    Location:
    Narrabri NSW
    I'm not running a large mail server, but the tread has me interested in what I am dropping...
    gbh, how did you get the number of rejects from exim?
     
  10. OP
    OP
    oli

    oli Member

    Joined:
    Jun 29, 2002
    Messages:
    7,266
    Location:
    The Internet
    Interesting results/comments guys.. Thanks. Postgrey/greylisting certainly is good!

    I actually went back and checked and I am not using sorbs because awhile ago a lot of legitimate emails were not making it through, which makes me unpopular pretty quickly.

    Apart from some other smtpd restrictions, here are the blacklist servers I am using:

    Code:
    reject_rbl_client t1.dnsbl.net.au,
    reject_rbl_client multi.uribl.com,
    reject_rbl_client dsn.rfc-ignorant.org,
    reject_rbl_client dul.dnsbl.sorbs.net,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client cbl.abuseat.org,
    reject_rbl_client ix.dnsbl.manitu.net,
    reject_rbl_client combined.rbl.msrbl.net,
    reject_rbl_client rabl.nuclearelephant.com,
     
  11. sonyx

    sonyx Member

    Joined:
    May 10, 2003
    Messages:
    1,232
    Code:
    Received	3271KB	1093		101	3	 0.3%	24	 2.2%
    Delivered	3538KB	1139	1139	54
    Rejects		676		323

    i need to set up some better filtering

    Code:
    487	Rejected RCPT: Sender verify failed
    103	Rejected RCPT: Could not complete sender verify callout
    39	"The mail server detected your message as spam and has prevented delivery (200)."
    10	Connection refused
    
    I'm personally worried that people are able to relay or connect + send spam through my mail server... any specific ways to check?
     
    Last edited: Jul 31, 2007
  12. gbh

    gbh Member

    Joined:
    Aug 29, 2001
    Messages:
    2,175
    Location:
    Sydney
  13. gbh

    gbh Member

    Joined:
    Aug 29, 2001
    Messages:
    2,175
    Location:
    Sydney

    cpanel 11.6
    whm
    email>view mail stats
     
  14. slartibartfast

    slartibartfast Member

    Joined:
    Feb 26, 2002
    Messages:
    19
    Location:
    Brisbane
    90 accounts on exchange server running ASSP antispam
    48% dropped mail (reclusive users maybe?)
    with 0.15% missed spam 0.06% incorrectly detected spam
    greylisting is my friend
     
  15. Skitza

    Skitza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,742
    Location:
    In your street
    Alot and still spam gets through. I really don't like the spam filter but it's to be expected with a gazillion mailboxes I spose.
     
  16. maddhatter

    maddhatter Member

    Joined:
    Jun 27, 2001
    Messages:
    4,798
    Location:
    Mackay, QLD.
    Another very happy ASSP user here. I love greylisting, I don't know the specifics for our domain but easily 90% killrate, greylisting + spf filtering + some custom naughty word lists + an always growing whitelist = very very little spam (maybe 1 / day per mailbox) and hows the cost - free free all free.

    There is even a ASSP toolbar that integrates into outlook/exchange and is deployed by group policies - tis sex.
     
  17. Kataton1c

    Kataton1c Member

    Joined:
    May 1, 2002
    Messages:
    1,466
    Location:
    Adelaide
    Anyone got a consolidated list of blacklists?

    Also, how do I go about removing my mail server from them? (Because they don't accept the IP).

    I'm running a server with several mail clients, deployed in a datacentre.
     
  18. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,410
    Location:
    Narrabri NSW
    You mean DNS Blacklists? There's a website somewhere that lists heaps... Unfortunately I can't remember where.
    But last time I was looking for a list I just did a check for my domain at dnsstuff.com and picked some of the lists they check against.

    Depends on the list... Some will just do it if you ask nicely. Some will require the owner of the IP address (usually the ISP) to request it to be unblocked.
    Most require payments to be made (sometimes to them, sometimes to charities) before unlisting, but that's mostly only for repeat offenders.
     
  19. HrdwrBoB

    HrdwrBoB Member

    Joined:
    Aug 22, 2001
    Messages:
    619
    Location:
    Melbourne
    crap.
    fix your problem, let them know. Many blacklists will automagically delist you when your problem is rectified.
     
  20. Jimoin

    Jimoin Member

    Joined:
    Jul 26, 2002
    Messages:
    476
    Location:
    Melbourne
    We get about used to get around 90% I think.

    Over time however this has dropped to about 64%

    We use ORF Enterprise to do our DNS Blacklist & Reverse, Greylisting, Tarpit, HELO, & SURBL checks. It grabs about 44%.

    Then SMS grabs another 35% after that.

    Hardly any gets through, no false positives reported in about 6 months (some items go into the Junk E-mail folder however).
     

Share This Page