Matus UHLAR - fantomas wrote:
On 08.04.08 10:52, DAve wrote:
We recently upgraded to SA 3.2.4 and are experiencing much slower
processing. After watching my rule hits for a few days I would like to
remove some rules (set score to 0) to gain back some speed.
Ami I correct in believing that the below rules will not be run and no
lookup will be made if skip_rbl_checks is set to 1? Looking at my
dnscache I think this is true.
Matus UHLAR - fantomas wrote:
if you want to turn those off, simply disable network rules. Many rules
have different scores when used with network and without it, and simply
disabling network rules would increase FN (maybe even FP) rate for you.
On 08.04.08 11:34, DAve wrote:
But I want some network rules, some of the URIBL tests are my golden
bullets, by far the most effective rules we run. Your spam may vary of
course.
Aha. Well, since network rules are run in parallel, I don't think turning
off some of them will help you much. And what I say is still valid, even if
it applies only in some cases :)
I see your point, problem is the new SA is taking a much larger load,
and catching less spam. I am getting complaints from clients. So now I
am hesitant to remove any rules.
I wanted to check the Wiki to refresh my SA performance knowledge, but
it is down today 8^(
Dave
However, if you can afford it, do run those tests. They are much effective
than most of static rules in SA. They don't take much CPU time, just some
network traffic and a few seconds more. And they increase efficiency very
much
... and I still say this ;)
I would also like to not run the following rules, they hit, but in less
than 1% of my spam do they make any difference. The lookups are not
worth it, at least not for our mail, not today. That all may change. I
am assuming I will need to set each one to zero to stop any lookups?
those were network too.
Which was why I asked. I read through the rules to see what was doing a
lookup and where it looked up the URI. I do not want to check sorbs or
spamhaus, we do that at the MTA. I do not what to lookup anything via
spamcop, njabl, or bl.whois.
I think that should not cause any problems to you. We use blacklist at MTA
level too, and SA still hits some of them (of those
same lists!). SA just may check different IPs.
--
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
