Re: Optimising new system and postscreen questions

Mon, 01 May 2017 07:29:44 -0700 

Viktor Dukhovni:


> On May 1, 2017, at 8:17 AM, Simon Wilson <si...@simonandkate.net> wrote:
>
> ostscreen is using (threshold 3):
>
>        zen.spamhaus.org*3
>        bl.mailspike.net*2
>        b.barracudacentral.org*2
>        bl.spameatingmonkey.net
>        bl.spamcop.net
>        dnsbl.sorbs.net
>        hostkarma.junkemailfilter.com=127.0.0.2
>        hostkarma.junkemailfilter.com=127.0.0.4
>        hostkarma.junkemailfilter.com=127.0.1.2
>        psbl.surriel.com
>        swl.spamhaus.org*-4
>        list.dnswl.org=127.0.[2..15].0*-2
>        list.dnswl.org=127.0.[2..15].1*-3
>        list.dnswl.org=127.0.[2..15].[2..3]*-4
>        wl.mailspike.net=127.0.0.[17;18]*-1
>        wl.mailspike.net=127.0.0.[19;20]*-2
>        hostkarma.junkemailfilter.com=127.0.0.1*-1


You'll likely find that after zen.spamhaus.org and  
bl.barracudacentral + bl.spamcop.net
you don't need any other RBLs, as they contribute almost nothing to  
the effectiveness
of the filter.  Throw in a single whitelist, and you're done.  I  
think that the current
list of RBLs is too large.  Start with a short list, grow with care  
one at a time if
needed, and only if effectiveness increases non-trivially without  
too many FPs.


As for a system that's too slow overall, have you checked whether
your syslog service might be a bottleneck?  Make sure that log
writes are not synchronous.  With syslog-ng use "unix-dgram" NOT
"unix-stream".  I've no experience with systemd's logging, check
for troubles there if applicable.


Disable synchronous writes, and with system-xxx-d, turn off rate
limiting, at least for mail-related events (so that it won't impose
ratelimits before passing events to rsyslogd).

        Wietse


Thanks gents.


Synchronous writes are already disabled for maillog on the CentOS 7  
server, I hadn't changed it so it must be default.



Rate limits - I'm not getting rate limit messages about dropped log  
entries for either journal or rsyslog.



The server seems quick for most things, and is lightly loaded 99% of  
the time. Heaps of RAM and CPU capacity. I'll tweak the BLs in  
postscreen per Viktor's comments and see how it goes.



I've got a separate email in to the Spamassassin list about slow  
lookups there, and I think it's just the combination of a few things  
that can be tweaked or better understood (including my  
misunderstanding about the postscreen 6 seconds) that makes the server  
seem slow.



Can anyone comment on the value / no value of having zen.spamhaus as  
an RBL in smtpd in addition to it being used by postscreen?


Simon.

--
Simon Wilson
M: 0400 12 11 16























					Reply via email to