User for SpamAssassin Mail List wrote: > Actually it is Debian 3.0.3-2 , so I am assuming that they have taken > care of the DoS attack problem?
Probably, but I don't know what the Debian guys do. I personally am pretty strongly opposed to using distro-variant packages because unless I'm heavily entrenched in that distro I never know what's going to be in it compared to a "standard" version. >>Definitely do not use any "large" rule-sets if you don't want to waste at >>ton of >>resources. Most especially "BLACKLIST" in RDJ's trusted ruleset. >> >>Also, since you're using 3.0.x, don't use antidrug. These rules are built-in >>on >>3.0.0 and higher. > > > Well I was looking for the "names" of the rules from the people that > know... in the RDJ's trusted ruleset. All I can do is an educated guess on > what might be the best to run it would be far better to tap into the > experience of the group. > True, I was just giving you some negative-advice. The blacklist ruleset is well known on this group to cause problems with excessive resource consumption. I'm not well versed in picking the "minimalist" set for a low-resource site, but I can at least tell you what I know you should avoid. In general, the bigger the .cf file, the more resource intensive it will likely be. Admittedly this is a wildly inaccurate measure because of non-rule content, but it's better than nothing. I tend to be wary of .cf files over 128k, and I'd keep the total under 256k. FWIW, I personally like these SARE rulesets: 70_sare_adult.cf (SARE_ADULT) 70_sare_evilnum0.cf (SARE_EVILNUMBERS0) 70_sare_evilnum1.cf (SARE_EVILNUMBERS1) 70_sare_genlsubj0.cf (SARE_GENLSUBJ0) 70_sare_obfu0.cf (SARE_OBFU0) 70_sare_random.cf (SARE_RANDOM) 70_sare_specific.cf (SARE_SPECIFIC) 70_sare_uri0.cf (SARE_URI0) 99_sare_fraud_post25x.cf (SARE_FRAUD) Of those, the largest is the specific ruleset.
