Are you using your provider's DNS server? I noticed that for many of my clients, if I ran my own DNS server (that went out to root instead of falling forward to ISP's DNS server), my scan times went DRASTICALLY down. It is pretty trivial to set up a DNS server (don't do just DNSmasq, or other simple one... Use a real one like BIND, or other full functioning one on your box). Especially nice is when you set it to properly cache... So the postfix hit on the RBL is cached for the SpamAssassin query on same IP.
- Jason -----Original Message----- From: Len Conrad [mailto:[EMAIL PROTECTED] Sent: Thursday, October 16, 2008 7:58 PM To: users@spamassassin.apache.org Subject: Any other tuning tricks or is this it? FreeBSD 6.2 2 GHz 1 GB RAM Amavisd-new 400 KB max msg size to scan 10 servers TIMING shows sa-check taking 85% - 90% spamassassin: rulesets: updates.spamassassin.org saupdates.openprotect.com sought.rules.yerp.org We run sa-compile. external checks: pyzor, razor, dcc bayes uses Berkeley db. I was told SQL was faster, but I don't think it will matter that much in our case. SA RBL activated. RBL checks are also activated at postfix policy-service and show no RBLs timing out or long responses. The machine gets overloaded during peak business hours, with the postfix-to-vscan delivery delay taking sometime 100s to 1000s of seconds. When falls behind, can take hours to catch up. amavisd-nanny shows all 10 servers busy, and occasional time outs. load average about 10 CPU idle 0% WCPU shows the amavis/vscan processes each taking 7% - 10% iostat shows spiky disk i/o with 2-3 seconds of 0 KB i/o between spikes (disk not saturated), leads us to think a memory disk won't make any difference. free + inactive memory totals about 200 - 300 MB (an amavis process takes about 75MB), so not memory constrained. In business hours (08:00-17:00), traffic inbound is about 400 msgs/hour Traffic outbound, is about 1250 msgs/hour. postfix-policy services and postfix processes are so idle that don't even show up in top with "i"dle processes hidden. It's vscans, named, and occasional clamd Is this machine maxed out, or is there other tuning that will speed it up? Len ______________________________________________ IMGate OpenSource Mail Firewall www.IMGate.net
