I have to say a heartfelt THANK YOU to everyone who contributed to this thread. My filter is working 500% more efficient that it ever was. I have done the following:
1. Installed djbdns and I am using dnscache as I was told. I have increased the cache size to 100 Megabytes and completely disabled logging after determining it was working properly. 2. I have implemented rbl at the MTA level, I use relays.ordb.org and sbl-xbl.spamhaus.org. 3. I have implemented Rules Du Jour. I selected a subset of the SARE rules and misc others. 4. I have turned back on pyzor, razor and dcc. Scanning times are well within tolerance with a minimal impact on delivery time. See below (email addresses removed for privacy): Feb 11 16:10:18 as spamd[4137]: spamd: identified spam (31.3/4.0) for [EMAIL PROTECTED] :99 in 4.5 seconds, 1178 bytes. Feb 11 16:10:18 as spamd[363]: spamd: clean message (1.2/4.0) for [EMAIL PROTECTED] :99 in 3.1 seconds, 8939 bytes. Feb 11 16:10:19 as spamd[4218]: spamd: clean message (0.0/4.0) for [EMAIL PROTECTED] :99 in 5.4 seconds, 2245 bytes. I have some final questions though, a. Can I get any statistics from rblsmtpd (I know this isn't a group devoted to it, but I figured I would ask)? I would like to know how many got dropped and from where. b. Does anyone have any utilities to get statistics from SA? Such as what rules triggered spam etc etc. I have seen some posts with some interesting looking reports. Currently I only use a hacked together script I wrote to give me the raw amount of spam caught per day which greps "identified spam" on maillog and then gives me a wc -l. Once again, thanks so much to everyone. This group is simply amazing. Ed -----Original Message----- From: DAve [mailto:[EMAIL PROTECTED] Sent: Friday, February 10, 2006 1:19 PM To: users@spamassassin.apache.org Subject: Re: General assistance Ed Russell wrote: > User validation is going to be tough or all but impossible. This box > forwards off the mail to an NT box running SL Mail. There is no easy way to > get a userlist out of this product. In addition the users change daily and > some even use multi-drops. You don't need to get a user list, you just need to ask the destination server if the user exists before accepting the message. This is what milter-ahead does on my MailScanner servers. I process and forward to servers running qmail(my toasters) and Exchange, GroupMail, Groupwise, Sendmail(my clients servers). All respond correctly to milter-ahead. I do not know of a way to duplicate milter-ahead in qmail without requiring something like vpopmail or LDAP. Did you look at using dnscache? That might buy you enough breathing room to shop around for a solution to user verification. DAve > > Ed > > > --------------------------------------------------- > > Talk is cheap since supply always exceeds demand. > > --------------------------------------------------- > > > -----Original Message----- > From: DAve [mailto:[EMAIL PROTECTED] > Sent: Friday, February 10, 2006 12:39 PM > To: users@spamassassin.apache.org > Subject: Re: General assistance > > Ed Russell wrote: > >>[EMAIL PROTECTED] smtpd]# spamassassin --version >>SpamAssassin version 3.1.0 >> running on Perl version 5.8.7 >> >> >>Spamd running with: >> OPTIONS="-L -x -d -u nobody -m 45" >> >>No user verification or RBL at the MTA level. > > > Absolutely do user verification. I can throw out from 20% to 80% of my > traffic depending on the current level of dictionary and Joe-Job > attacks. Since you are processing ahead of your clients Exchange boxes > I'm not sure how you can do that with qmail. I do it on my gateways > running MailScanner via milter-ahead, and on my toasters via checkuser > in vpopmail. > > There might be a way to get qmail to check with an Exchange box to > validate a user without running vpopmail, but I won't know it. > > DAve > > >> >>12:20pm up 4:05, 1 user, load average: 9.49, 9.23, 9.23 >>313 processes: 300 sleeping, 12 running, 1 zombie, 0 stopped >>CPU states: 18.9% user, 16.6% system, 0.0% nice, 64.4% idle >>Mem: 2009856K av, 711560K used, 1298296K free, 353776K shrd, 129268K >>buff >>Swap: 2097136K av, 0K used, 2097136K free 225380K >>cached >> >>As you can see I have loads of head room as far as memory goes. I was >>looking into integrating RBL into Qmail, but with the very high volume I > > am > >>quite concerned that this will introduce a slowdown. If I increase the >>inbound concurrent rate I eventually run into qmail-scanner problems with >>reformime. Is there anything else I need consider? >> >>Ed >> >>--------------------------------------------------- >> >> Talk is cheap since supply always exceeds demand. >> >>--------------------------------------------------- >> >> >>-----Original Message----- >>From: Kristopher Austin [mailto:[EMAIL PROTECTED] >>Sent: Friday, February 10, 2006 12:06 PM >>To: [EMAIL PROTECTED]; users@spamassassin.apache.org >>Subject: RE: General assistance >> >> >> >>>-----Original Message----- >>>From: Ed Russell [mailto:[EMAIL PROTECTED] >>>Sent: Friday, February 10, 2006 10:51 AM >>>To: users@spamassassin.apache.org >>>Subject: General assistance >>> >>>Am I completely off base in the way I have this all setup? I have >> >>went >> >> >>>with >>>a higher speed HD to increase the threshold on file I/O. Can I tune >> >>the >> >> >>>performance of razor etc while maintaining delivery time? Is there >>>anything >>>else I should be considering? If I have not explained things well or >> >>more >> >> >>>information is needed I will certainly provide anything. >>> >> >> >>A few questions I have: >>What SA version are you running? spamassassin --version >>What do you have --max-children set to? >>How much memory do you have free when the box is fully loaded? >> >>I'm trying to see if you have any headroom left to have more spamd >>children running. It sounds like your problem is with waiting on DNS >>returns. This should mean that you have plenty of processing power >>remaining just not enough children to handle the requests. >> >>Other things to consider: >>Do you use RBLs at the MTA level? >>Do you have user verification at the MTA level? >> >>Look for messages your MTA can drop before sending to SA. >> >>Kris >> >> >> > > > >
