Ymmv of course, but here is the list that I use. I have read through the descriptions of each and made a case by case decision. My average scanning time is around 9.5 seconds. I did as you did in initially and added them all. D'oh. Of course some rule sets are for specific versions of SA, watch that. Also I only use the rules that have no triggered a false positive as I drop the caught spam at the filter level. For me a false positive is bad news. Also as was suggested to me, ensure if you can utilize RBL and/or user verification at the MTA level. Cheers.
Ed TRUSTED_RULESETS= TRIPWIRE ANTIDRUG SARE_EVILNUMBERS0 SARE_ADULT SARE_FRAUD SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER0 SARE_HTML0 SARE_SPECIFIC SARE_OBFU0 SARE_REDIRECT_POST300 SARE_GENLSUBJ0 SARE_UNSUB SARE_URI0 SARE_WHITELIST SARE_STOCKS --------------------------------------------------- Talk is cheap since supply always exceeds demand. --------------------------------------------------- -----Original Message----- From: Joey [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 15, 2006 12:37 PM To: SpamAssassin Subject: Help with config... I went a LITTLE overboard OK I got a little greedy in hoping to stop more spam, to the point that I am making my servers crawl. I read through the rules and I thought the difference between lets say SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 was that 1 was a little more aggressive and if you used 1 you should also use 0 and so on. So I used them all. Below is my config, how can I pick what to use -vs- not when we are getting slammed and need all the blocking we can, but of course don't want the server to die in the next 24 hours. I cleaned up the file some as you can see from my FIRST CONFIG FILE to SECOND. I would appreciate any ideas or thoughts on how to improve this. Thanks! FIRST CONFIG FILE -------------------------------------------------------- SA_DIR="/etc/mail/spamassassin" SA_RESTART="killall -HUP spamd" TRUSTED_RULESETS=" TRIPWIRE ANTIDRUG SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 BLACKLIST BLACKLIST_URI RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_FRAUD_PRE25X SARE_BML SARE_BML_PRE25X SARE_RATWARE SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_OBFU SARE_OBFU0 SARE_OBFU1 SARE_OBFU2 SARE_OBFU3 SARE_WHITELIST SARE_GENLSUBJ SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3 SARE_GENLSUBJ_X30 SARE_GENLSUBJ_ENG SARE_HTML SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_HTML4 SARE_HTML_ENG SARE_HTML_PRE300 SARE_HEADER SARE_HEADER0 SARE_HEADER1 SARE_HEADER2 SARE_HEADER3 SARE_HEADER_ENG SARE_HEADER_X264_X30 SARE_HEADER_X30" SECOND ( NEW ) CONFIG FILE -------------------------------------------------------- SA_DIR="/etc/mail/spamassassin" MAIL_ADDRESS="[EMAIL PROTECTED]" SA_RESTART="killall -HUP spamd" TRUSTED_RULESETS=" TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 BLACKLIST BLACKLIST_URI RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_FRAUD_PRE25X SARE_BML SARE_BML_PRE25X SARE_RATWARE SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_OBFU SARE_WHITELIST SARE_GENLSUBJ SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3 SARE_GENLSUBJ_ENG SARE_HTML SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3 SARE_HTML_ENG SARE_HEADER SARE_HEADER0 SARE_HEADER1 SARE_HEADER2 SARE_HEADER3 SARE_HEADER_ENG SARE_ADULT SARE_SPECIFIC SARE_STOCKS SARE_UNSUB SARE_URI0 SARE_WHITELIST_SPF SARE_WHITELIST_RCVD"
