I decided last week to finally give the short circuit plug-in a try to see how much it sped up detection. Its working great on spam:
Aug 4 14:43:08 localhost spamd[1023]: spamd: result: Y 39 - CLAMAV,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RCVD_IN_BRBL_RELAY,RCVD_IN_JMF_BL,RCVD_IN_PSBL,RCVD_IN_SORBS_DUL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_WS_SURBL scantime=1.6,size=5206,user=chris, but not so well with ham: Aug 4 14:22:48 localhost spamd[1023]: spamd: result: . -10 - AWL,BAYES_00,DCC_CHECK,DK_POLICY_TESTING,KHOP_RCVD_UNTRUST,RCVD_IN_DNSWL_HI,RCVD_IN_JMF_W,RDNS_NONE,SPF_PASS,UNPARSEABLE_RELAY scantime=23.1,size=2682,user=chris the rules I'm using are straight out of the WiKi: # slower, network-based whitelisting meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST|| USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL|| USER_IN_DEF_SPF_WL) priority SC_NET_HAM -500 shortcircuit SC_NET_HAM ham score SC_NET_HAM -20 # ClamAV support: no need to scan viruses/malware priority CLAMAV -900 shortcircuit CLAMAV spam score CLAMAV 20 Are there any others I can add to the ham rule to speed things up? For instance can BAYES_00 be added or would that tend to cause FN's? Can another rule be added for spam that contains entries like: SAGREY, RCVD_IN_BRBL_RELAY, URIBL_BLACK and so forth with my highest hitting rules. Would it be written similiar to the SC_NET_HAM rule? Thanks Chris -- KeyID 0xE372A7DA98E6705C
signature.asc
Description: This is a digitally signed message part
