Re: [SA-exim] Re: [Exim] EXIM 4.31, courier-imap, Clamd, exi…

Top Page
Delete this message
Reply to this message
Author: Ross Boylan
Date:  
To: Tor Slettnes
CC: ross, Doug Block, sa-exim, 'Exim'
Subject: Re: [SA-exim] Re: [Exim] EXIM 4.31, courier-imap, Clamd, exiscan, spamassassinLoad problems
On Mon, 2004-05-10 at 17:50, Tor Slettnes wrote:
> [Top-quoted, non-attributed message corrected.
> See http://www.netmeister.org/news/learn2quote.html]
>
> On May 10, 2004, at 15:58, Doug Block wrote:
> > Tor Slettnes wrote:
> >> You probably mean "SA-Exim", not "SA-Scan". SA-Exim has problems
> >> with Exim
> >> v4.31 through 4.33, due to the Received: header change. Either stay
> >> with
> >> 4.30, or upgrade to 4.34, or you will get wildly inaccurate SA scores
> >> (specifically, SA-Exim may trust forged Received: headers, or else
> >> treat
> >> messages sent through a smarthost as if they came directly from a
> >> dialup
> >> host).
> >
> > Yes your right!!! On the spam and the courier
> > Oh the sa-exim is working great so far on the scores. I have had a
> > 75% drop
> > in spam and I have been using spam pit to check the scores which so
> > far have
> > been correct on both real mail and spam. I may upgrade to 4.34 once I
> > get
> > some time since it came out today.
>
> Keep in mind that your success is not only reflected in how much spam
> you block, but more importantly, in how much legitimate mail you let
> through. With that in mind, running SA-Exim with Exim 4.31 - 4.33 is
> at best ignorant - at worst, irresponsible. Especially this is the
> case if you are hosting mail for other people.
>
> (Sure, blocking 75% of spam is good; but with a properly configured SA,
> you ought to be able to catch well above 90%, while not impacting
> legitimate mail at all).
>
>
> > I have a older (half the speed) exim 4 box that handled the load for
> > up 150 users with courier-imap with out this problem but it did not
> > have clamd, sa-exim, exiscan, and spamassassin on it. This box worked
> > fine for 18 months+ but the virus's and spam where a big problem. I
> > have spam set to under 256k but I have been watching this while
> > writing this email and I notice 8-12 messages at a time coming in and
> > eating 100% of the cpu for about 5 secs while they get spamd and
> > clamd.
>
> You could start "spamd" with "--nicelevel 15" or so, essentially
> lowering its priority if there are other (presumably more important)
> tasks going on. (On a Debian machine, look in
> /etc/default/spamassassin).
>


On my Debian machine (testing level) the following settings go in
/etc/spamassassin/local.cf, I think.
> You could disable the SA network tests (which, while using Exim 4.31 to
> 4.33, probably do more harm than good):
>     skip_rbl_checks 1
>     use_dcc         0
>     use_pyzor       0
>     use_razor2      0


Does anyone know if the use_xxx settings are necessary if
skip_rbl_checks is 1?

Also, the manpage lists use_bayes in the same section (Network Test
Options). This seems odd. Should it be there? Is it just doing RBL
tests?