W B Hacker wrote:
> ACK. The initial test box was so lightly loaded some of the traffic was messages
> I sent it just so I didn't have to wait 20 minutes to capture something...
>
> And *those* were the ones most often missed-out. Given they had traversed under
> 20' of CAT5E @ 100 BT one hop of decent switch fabric, I'm not too fussed.
>
> OTOH, I'm watching P0f from an ssh session, no file-writes or other manipulation
> involved.
I turned my OS logging back on a short while ago. I have an old script
to get some related stats:
========================================================================
root@haven:/etc/exim4/scripts# perl os_stats.pl
Connections: 147
Linux: accept:17, reject:1
Solaris: accept:2, reject:4
Unknown: accept:10, reject:1
Windows: reject:112
========================================================================
"Connections" isn't quite accurate; I don't log the OS until the DATA
phase is reached. The above stats represent how many emails were
accepted/rejected per operating system at the DATA phase.
If you were doing straight greylisting for everything, you would have
delayed:
29 hams
118 spams
If you changed it so that machines IDd as non-Windows weren't greylisted
you'd have delayed:
10 hams
112 spams
Ie, you delayed only a third the number of legitimate emails.
As I said before, you can safely reduce the number of greylisted
messages further if you assume that hosts using encryption or the SIZE
extension aren't zombies.
Also, (prompted by a message on exim-dev earlier today), I bet (although
have nothing to back it up), that no zombie software supports the
8BITMIME extension. Ie, if you turn "accept_8bitmime" on in Exim, I bet
no zombie software sends a "mail from" formatted like this:
MAIL FROM:<> BODY=8BITMIME
So in acl_smtp_mail:
${if match{$smtp_command}{\N BODY=8BITMIME\N}}
--
Mike Cardwell
(
https://secure.grepular.com/) (
http://perlcv.com/)
