Viktor Dukhovni:
>
> > On May 1, 2017, at 8:17 AM, Simon Wilson <si...@simonandkate.net> wrote:
> >
> > ostscreen is using (threshold 3):
> >
> > zen.spamhaus.org*3
> > bl.mailspike.net*2
> > b.barracudacentral.org*2
> > bl.spameatingmonkey.net
> > bl.spamcop.net
> > dnsbl.sorbs.net
> > hostkarma.junkemailfilter.com=127.0.0.2
> > hostkarma.junkemailfilter.com=127.0.0.4
> > hostkarma.junkemailfilter.com=127.0.1.2
> > psbl.surriel.com
> > swl.spamhaus.org*-4
> > list.dnswl.org=127.0.[2..15].0*-2
> > list.dnswl.org=127.0.[2..15].1*-3
> > list.dnswl.org=127.0.[2..15].[2..3]*-4
> > wl.mailspike.net=127.0.0.[17;18]*-1
> > wl.mailspike.net=127.0.0.[19;20]*-2
> > hostkarma.junkemailfilter.com=127.0.0.1*-1
>
> You'll likely find that after zen.spamhaus.org and bl.barracudacentral +
> bl.spamcop.net
> you don't need any other RBLs, as they contribute almost nothing to the
> effectiveness
> of the filter. Throw in a single whitelist, and you're done. I think that
> the current
> list of RBLs is too large. Start with a short list, grow with care one at a
> time if
> needed, and only if effectiveness increases non-trivially without too many
> FPs.
>
> As for a system that's too slow overall, have you checked whether
> your syslog service might be a bottleneck? Make sure that log
> writes are not synchronous. With syslog-ng use "unix-dgram" NOT
> "unix-stream". I've no experience with systemd's logging, check
> for troubles there if applicable.
Disable synchronous writes, and with system-xxx-d, turn off rate
limiting, at least for mail-related events (so that it won't impose
ratelimits before passing events to rsyslogd).
Wietse
