Hi Cedric. Welcome to the group. I can make some suggestions, although I
can't answer all your questions.
1. You should almost certainly have the SURBL rules enabled. Maybe this
is what you mean by spamcop rules, or maybe that is something else. The
SURBL rules should be enabled by default in 3.0.4, but if init.pre didn't
get installed correctly from the package you used, they won't be. These
catch a huge amount of spam.
2. Net tests don't take a huge processor overhead in SA, although they
can slow the time to process an individual message. Since with spamd
several messages can be processing at once, this usually isn't a problem.
Where net tests might take more overhead is if you are running a caching dns
on the same box. Still, I understand most of those are pretty efficient.
There are a few people around here will recommend.
3. There is Tim Jackson's bogus_virus_bounces.cf that deals in general
with bounces from worm attacks. A number of people are running it and
pleased with the results. It is actively maintained.
4. As for rules, you need to know that there is a fair group of available
rulesets that are targeted to various things, including phishing and
nigerian spam. You should go look at www.exit0.us and
www.rulesemporium.com, just to start. The SA wiki also have information on
where to find rulesets.
A word of note on the rulesemporium rules: many of the rulesets come in
various flavors to match various versions of SA, and having various levels
of aggressiveness. You REALLY need to READ THE DESCRIPTIONS and THINK ABOUT
whether a given ruleset is appropriate for your circumstances, rather than
just blindly grabbing every ruleset in sight and stuffing them into your
configuration. It is absolutely guaranteed that some of them are NOT for
your SA configuration, no matter which version of SA you are on.
As for getting rules, there is the RDJ script that will automatically
download rule updates in the rulesets you select, and install them into your
system after testing them. That is also available on the rulesemporium
site, even though not specific to the rulesemporium rules.
Loren
