[Top-quoted, non-attributed message corrected.
See
http://www.netmeister.org/news/learn2quote.html]
On May 10, 2004, at 15:58, Doug Block wrote:
> Tor Slettnes wrote:
>> You probably mean "SA-Exim", not "SA-Scan". SA-Exim has problems
>> with Exim
>> v4.31 through 4.33, due to the Received: header change. Either stay
>> with
>> 4.30, or upgrade to 4.34, or you will get wildly inaccurate SA scores
>> (specifically, SA-Exim may trust forged Received: headers, or else
>> treat
>> messages sent through a smarthost as if they came directly from a
>> dialup
>> host).
>
> Yes your right!!! On the spam and the courier
> Oh the sa-exim is working great so far on the scores. I have had a
> 75% drop
> in spam and I have been using spam pit to check the scores which so
> far have
> been correct on both real mail and spam. I may upgrade to 4.34 once I
> get
> some time since it came out today.
Keep in mind that your success is not only reflected in how much spam
you block, but more importantly, in how much legitimate mail you let
through. With that in mind, running SA-Exim with Exim 4.31 - 4.33 is
at best ignorant - at worst, irresponsible. Especially this is the
case if you are hosting mail for other people.
(Sure, blocking 75% of spam is good; but with a properly configured SA,
you ought to be able to catch well above 90%, while not impacting
legitimate mail at all).
> I have a older (half the speed) exim 4 box that handled the load for
> up 150 users with courier-imap with out this problem but it did not
> have clamd, sa-exim, exiscan, and spamassassin on it. This box worked
> fine for 18 months+ but the virus's and spam where a big problem. I
> have spam set to under 256k but I have been watching this while
> writing this email and I notice 8-12 messages at a time coming in and
> eating 100% of the cpu for about 5 secs while they get spamd and
> clamd.
You could start "spamd" with "--nicelevel 15" or so, essentially
lowering its priority if there are other (presumably more important)
tasks going on. (On a Debian machine, look in
/etc/default/spamassassin).
You could disable the SA network tests (which, while using Exim 4.31 to
4.33, probably do more harm than good):
skip_rbl_checks 1
use_dcc 0
use_pyzor 0
use_razor2 0
Also, if you are using the teergrube facilities of SA-Exim, beware that
the 8-12 simultaneously running Exim processes don't neccessarily
compete for CPU time - they may be just sitting there doing what they
do best: stalling, waiting, stalling, waiting...
If so, you may additionally need to remove the limit of simultaneously
running Exim processes in Exim's main section (or else, it only takes
about 20 spams to perform a DoS on your machine):
# Don't set a limit on incoming SMTP connections
smtp_accept_max = 0
# ... unless the system load is above 10.
smtp_load_reserve = 10
-tor