That's sad. The recent significant increases in spam have forced the rulebase to grow much faster than expected. We are now rejecting 80% of all messages for our user base (on average). See:
http://www.sortmonster.com/MessageSniffer/Performance/FlowRates.jsp Also, the rate at which we add new rules has more than doubled in recent weeks from a typical 60-100 rules per day to a current 100-250 rules per day. See: http://www.sortmonster.com/MessageSniffer/Performance/ChangeRates.jsp As a result rulebase file sizes have grown significantly. The vast majority of the time spent by sniffer (typ 70-90%) is loading the rulebase file rather than scanning the messages. In the immediate term it is possible to adjust each rulebase so that fewer rules are included - keeping only the best. This is done by adjusting the rule strength threshold. Each system can have their rule strength threshold adjusted to match their available computing power... Systems with more power can use a more aggressive, more detailed rulebase. Systems (like yours) with less available power can use a less precise, less aggressive rulebase. (Less precise because specific rules tend to get lower strength numbers than generalized rules) The current default rule strength threshold is 1.0. This means that rules which have been credited with 16 or fewer message captures in the past 60 days are automatically deactivated. For rule strength numbers please reference: http://www.sortmonster.com/MessageSniffer/Performance/RuleStrengths.jsp We have pushed forward the development of our peer-server technology from a planned release in V3 to an interim release in V2-2. This development is well under way. Simulations have already proved the peer-server technology - the R&D and beta team are all happy with it's performance and stability. What remains is integrating this technology into the sniffer utility. Peer-server will allow one running instance of sniffer to process the work of many other instances - so that the rulebase is loaded only once for dozens of messages rather than once per message. V2-2 will also implement new logging features including a "near-binary" logging format that takes less space, and some rudimentary log rotation options. We hope to have the beta of V2-2 available in a couple of weeks. This version may become the new standard release within a few weeks after that if we see the same stability as our previous releases. Best, _M PS: Thanks for the space Scott, folks. I know sniffer's not directly on topic here but I wanted to make sure this info was out there since the issue was raised. |-----Original Message----- |From: Craig Gittens [mailto:[EMAIL PROTECTED] |Sent: Friday, October 24, 2003 8:20 AM |To: [EMAIL PROTECTED] |Cc: [EMAIL PROTECTED] |Subject: RE: [Declude.JunkMail] Sniffer & Declude logs | | |I have had to nix Sniffer. After disabling it, my processor |dropped by about 25% and mail stopped being backed up in the |Overflow directory. Instead of having a constant over 100 smtp |connections we now have less than 20 most of the time. Mail is |now being delivered again instantly. | |I think I might test it with Postfix. | |Craig. | |-----Original Message----- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] Behalf Of Pete McNeil |Sent: Thursday, October 23, 2003 5:22 PM |To: [EMAIL PROTECTED] |Subject: RE: [Declude.JunkMail] Sniffer & Declude logs | | |The current version of Message Sniffer has no feature to turn |off logging. I recommend that you schedule a task to |delete/archive the log periodically. | |An interim release is in the works that will implement new |logging features. It will be a few weeks before this is |available though. | |Hope this helps, |_M | ||-----Original Message----- ||From: [EMAIL PROTECTED] ||[mailto:[EMAIL PROTECTED] ||Sent: Thursday, October 23, 2003 3:49 PM ||To: [EMAIL PROTECTED] ||Subject: [Declude.JunkMail] Sniffer & Declude logs || || ||Guys, || ||Is there a way I can Sniffer to not log? I am testing the |Sniffer2 but ||the log is very large.....over a GB a day. I have been under |attack for ||the past couple weeks and Declude spam log file is nearly 800MB a day ||with LOG_OK NONE set. || || ||Craig. || | |--- |[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
