On 16 May 2006 at 10:07, Matt Kettler wrote:
> Dermot Paikkos wrote:
> > Hi
> >
> > Spamassassin 3.02 running from SA-Exim (exim 4.5).
> >
> > OPTIONS="--nouser-config --max-children 6 --helper-home-
> > dir=/var/spool/spamassassin/ -s /var/log/spamd.log
> > --username=nobody"
> >
> > I recently went live with the above system and am noticing some very
> > heavy memory usage. Each spamd is using near or over 200MB.
> That's highly unusual.. Did you download any add-on rulesets? In
> particular, did you add sa-blacklist? If so, remove it.
>
I agree - I am no expert - but this seems high.
========= top output ========
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
16099 nobody 18 0 202m 171m 59m R 85.8 13.6 7:30.15 spamd
16098 nobody 12 0 245m 198m 39m S 11.2 15.8 8:00.58 spamd
32020 root 18 0 1664 1664 1296 R 2.2 0.1 0:02.05 top
50 root 12 0 0 0 0 S 0.0 0.0 0:48.54 kjournald
15818 root 12 0 2696 2216 2176 S 0.0 0.2 0:03.55 sshd
==========================
On the matter of more computers; between 06:30 and 15:47 today we
have received 2040 mail and delivered 2407. Today has been
exceptional as there is a backlog of mail from the server upgrade. I
am not sure what sort of bracket that puts us in but I wouldn't say
we're a big site in terms of number emails. What's more we don't have
the budget or resources to build a server farm for mail and I don't
think it's really necessary. I think the problem is either in my
configuration or with my version of SA.
Autolearn isn't on. I would have thought that would have given me a
performance boost.
The config does have several blacklists by default. I haven't added
any. For example:
# the black list. See /usr/share/doc/exim4-config/default_acl for
details.
deny
message = sender envelope address $sender_address is locally
blacklisted here. If you think this is wrong, get in touch with
postmaster
!acl = acl_whitelist_local_deny
senders = ${if exists{CONFDIR/local_sender_blacklist}\
{CONFDIR/local_sender_blacklist}\
{}}
ditto for hosts. I do have a local_hosts_blacklist which has 1118
lines in. Is this what you mean by remove the sa-blacklist?
I had SA 3.0 running on a test system and I noticed this behaviour
before. It seemed to go away with V3.1. Problem is there isn't a
version of 3.1 in the stable distro of Debian just yet and I don't
want to use un-tested stuff on a production system.
Thanx.
Dp.
These are some custom rulesets I have installed.
70_sare_bayes_poison_nxm.cf
70_sare_evilnum0.cf
70_sare_evilnum1.cf
70_sare_evilnum2.cf
70_sare_header0.cf
70_sare_header1.cf
70_sare_header2.cf
70_sare_header3.cf
70_sare_html.cf
70_sare_obfu0.cf
70_sare_obfu1.cf
70_sare_oem.cf
70_sare_random.cf
70_sare_specific.cf
70_sare_unsub.cf
70_sare_uri0.cf
72_sare_redirect_post3.0.0.cf
99_FVGT_Tripwire.cf
99_sare_fraud_post25x.cf
anti_bayes.cf
bogus-virus-warnings.cf
