We are running SA 3.01 and the latest MailScanner. Besides the delivered SA rule sets, we have the following:
r--r--r-- 1 31854 May 31 19:24 70_sare_adult.cf
-r--r--r-- 1 3927 Apr 24 2004 70_sare_bayes_poison_nxm.cf
-r--r--r-- 1 211390 Oct 3 20:18 70_sare_header.cf
-r--r--r-- 1 103436 Sep 12 20:22 70_sare_html.cf
-r--r--r-- 1 11559 Sep 16 12:45 70_sare_oem.cf
-r--r--r-- 1 17548 Aug 16 09:38 70_sare_random.cf
-r--r--r-- 1 19899 Oct 3 20:20 70_sare_specific.cf
-r--r--r-- 1 7023 Oct 8 00:45 70_sare_spoof.cf
-r--r--r-- 1 7937 Nov 11 00:45 70_sc_top200.cf
-r--r--r-- 1 13211 May 11 2004 72_sare_bml_post25x.cf
-r--r--r-- 1 57580 May 6 2004 99_FVGT_Tripwire.cf
-r--r--r-- 1 10147 May 1 2004 99_sare_fraud_post25x.cf
-r--r--r-- 1 8043 Nov 12 23:12 bakerbotts.cf
-r--r--r-- 1 100721 Nov 7 14:13 bogus-virus-warnings.cf
-r--r--r-- 1 23470 May 25 11:56 chickenpox.cf
-r--r--r-- 1 18052 Nov 2 00:45 evilnumbers.cf
-r--r--r-- 1 4883 May 25 11:03 random.current.cf
-r--r--r-- 1 3880 Apr 27 2004 weeds.cf
The bakerbotts.cf is our own custom rule set.
We process between 100k and 165k emails a day on two primary servers, with 3 overflow servers. Since we have implemented 3.01, we have experienced a higher number of timeout messages from SA. Yesterday 487 and the day before 544.
Nov 15 15:57:00 dalgate-inside MailScanner[8379]: SpamAssassin timed out and was killed, failure 1 of 20
Nov 15 15:58:25 houmx01-inside MailScanner[1377]: SpamAssassin timed out and was killed, failure 1 of 20
Does the software need more CPU resources; or do we have too many add-on rule sets; or is there another explanation?
We are using pyzor, but not dcc or razor2. Using all three was slowing down the spam check process.
Any ideas would be greatly appreciated.
Thanks,
Donald
