I used the log analysis to search for:
- "message(s) received" - this gives a count of all SMTP sessions in a period. The number of messages received is generally 1 or 0 - the latter when a message was rejected for any reason including a block list
- "found in DNS blacklist at" - this gives a count of all SMTP sessions black listed
- I also did similar searches for strings identifying messages blocked by my local block list, domain blocks I have in place, messages addressed to users who had left my company (or who did not exist at all) and so on
This is pretty intensive stuff and I do not intend to make a habit of it and no, there does not seem to be any built in way to automate this type of analysis. My raw results were like this:
| Category or dnsrbl | count | % of blocked mail | % of all mail |
| Recipient has left Co. | 125 | 26.26% | 10.09% |
| bl.spamcop.net | 94 | 19.75% | 7.59% |
| sbl.spamhaus.org | 68 | 14.29% | 5.49% |
| dun.dnsrbl.net | 41 | 8.61% | 3.31% |
| real user but misspelled | 34 | 7.14% | 2.74% |
| Local block list | 23 | 4.83% | 1.86% |
| dictionary attacks | 23 | 4.83% | 1.86% |
| list.dsbl.org | 20 | 4.20% | 1.61% |
| relays.ordb.org | 18 | 3.78% | 1.45% |
| relays.visi.com | 11 | 2.31% | 0.89% |
| mail from invalid domain | 7 | 1.47% | 0.56% |
| opm.blitzed.org | 7 | 1.47% | 0.56% |
| domain blocked | 2 | 0.42% | 0.16% |
| Attempted relay or relay test | 2 | 0.42% | 0.16% |
| taiwan.blackholes.us | 1 | 0.21% | 0.08% |
 | | | |
| total messages blocked | 476 | 100.00% | 38.42% |
| total SMTP | 1239 | | |
| | | |
| total blocked not including leavers and misspelled | 317 | | 25.59% |
Return to top
. . . . . . It wan't easy (~Kelly Zekwebur... 11.Nov.02) 
Print this page
