Joey wrote: > OK I got a little greedy in hoping to stop more spam, to the point > that I am making my servers crawl. > > I read through the rules and I thought the difference between lets say > SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 was that 1 was a little more > aggressive and if you used 1 you should also use 0 and so on. So I > used them all. > > Below is my config, how can I pick what to use -vs- not when we are > getting slammed and need all the blocking we can, but of course don't > want the server to die in the next 24 hours. I cleaned up the file > some as you can see from my FIRST CONFIG FILE to SECOND. > > I would appreciate any ideas or thoughts on how to improve this. > > Thanks! > > SECOND ( NEW ) CONFIG FILE > -------------------------------------------------------- > SA_DIR="/etc/mail/spamassassin" > MAIL_ADDRESS="[EMAIL PROTECTED]" > SA_RESTART="killall -HUP spamd" > TRUSTED_RULESETS=" > TRIPWIRE > SARE_EVILNUMBERS0 > SARE_EVILNUMBERS1 > SARE_EVILNUMBERS2 > BLACKLIST > BLACKLIST_URI > RANDOMVAL > BOGUSVIRUS > SARE_ADULT > SARE_FRAUD > SARE_FRAUD_PRE25X > SARE_BML > SARE_BML_PRE25X > SARE_RATWARE > SARE_SPOOF > SARE_BAYES_POISON_NXM > SARE_OEM > SARE_RANDOM > SARE_OBFU > SARE_WHITELIST > SARE_GENLSUBJ > SARE_GENLSUBJ0 > SARE_GENLSUBJ1 > SARE_GENLSUBJ2 > SARE_GENLSUBJ3 > SARE_GENLSUBJ_ENG > SARE_HTML > SARE_HTML0 > SARE_HTML1 > SARE_HTML2 > SARE_HTML3 > SARE_HTML_ENG > SARE_HEADER > SARE_HEADER0 > SARE_HEADER1 > SARE_HEADER2 > SARE_HEADER3 > SARE_HEADER_ENG > SARE_ADULT > SARE_SPECIFIC > SARE_STOCKS > SARE_UNSUB > SARE_URI0 > SARE_WHITELIST_SPF > SARE_WHITELIST_RCVD"
As someone else pointed out, you are duplicating rules here. Whenever there are numbered versions of a ruleset, you should either use the numbered versions, or the non-numbered version, but not both. I also see a couple of "PRE25X" rules. You should only run the "PRE25X" rules if you are using SpamAssassin version 2.5X or earlier. If you are using a newer version (I recommend v3.10), use the standard versions of these rules instead. Also, there are some other issues that relate to performance. Are you using spamc/spamd, or calling spamassassin directly? How many spamd children are running? Take a look at my response to a recent thread for tips on adjusting settings for the best performance. http://article.gmane.org/gmane.mail.spam.spamassassin.general/77503 -- Bowie
