> On May 1, 2017, at 8:17 AM, Simon Wilson <si...@simonandkate.net> wrote:
>
> ostscreen is using (threshold 3):
>
> zen.spamhaus.org*3
> bl.mailspike.net*2
> b.barracudacentral.org*2
> bl.spameatingmonkey.net
> bl.spamcop.net
> dnsbl.sorbs.net
> hostkarma.junkemailfilter.com=127.0.0.2
> hostkarma.junkemailfilter.com=127.0.0.4
> hostkarma.junkemailfilter.com=127.0.1.2
> psbl.surriel.com
> swl.spamhaus.org*-4
> list.dnswl.org=127.0.[2..15].0*-2
> list.dnswl.org=127.0.[2..15].1*-3
> list.dnswl.org=127.0.[2..15].[2..3]*-4
> wl.mailspike.net=127.0.0.[17;18]*-1
> wl.mailspike.net=127.0.0.[19;20]*-2
> hostkarma.junkemailfilter.com=127.0.0.1*-1
You'll likely find that after zen.spamhaus.org and bl.barracudacentral +
bl.spamcop.net
you don't need any other RBLs, as they contribute almost nothing to the
effectiveness
of the filter. Throw in a single whitelist, and you're done. I think that the
current
list of RBLs is too large. Start with a short list, grow with care one at a
time if
needed, and only if effectiveness increases non-trivially without too many FPs.
As for a system that's too slow overall, have you checked whether your syslog
service
might be a bottleneck? Make sure that log writes are not synchronous. With
syslog-ng
use "unix-dgram" NOT "unix-stream". I've no experience with systemd's logging,
check
for troubles there if applicable.
--
Viktor.
