RE: [exim] Reducing Spam Assassin Load

Top Page
Delete this message
Reply to this message
Author: Herb Martin
Date:  
To: exim-users
Subject: RE: [exim] Reducing Spam Assassin Load
> [mailto:exim-users-bounces@exim.org] On Behalf Of Marc Perkel
> The point of all this is to avoid using Spam Assassin on
> known ham because running through SA ads 100x load to the
> system for that message.
> I'll call it "fast passing".


> Actually heres what I need. Perhapes some sort of access to
> the hints database to add my own cuscom hints?


> If say 3 messages come in from a particulat user - or
> user/host combination - and it's all ham then that person is
> automatically whilelisted for a short time. The idea is that
> this data would expire.


> So what is blessed? It should be more than just the from
> address. It should be perhaps a combination of the from
> address and the sending host. And by from address I mean the
> From header - not just the email address.
>


You really need to use at least the "doublet" who
and received from or even the "triplet" used by
greylisting: sending_server/From/RCPT

If you take a look at the greylist daemons (like
the Python greylistd) you will see this method
implemented.

You could even USE the greylistd to implement most
of the work of this -- by counting the emails and
injecting the doublet (or triplet) into the greylist's
"whitelist".

My sentence above sounds confusing, but the greylist
daemon has each of these: greylist (automatic),
whitelist (manual AND automatic), and blacklist (manual.)


> Like greylisting or my penalty box which cuts SA load
> processing spam - the idea here is to cut SA load processing
> ham. So that's the topic of this thread. Any ideas?


If you count legit mail and inject those into the
whitelist as doublet/triplets (or even singletons
if you must) then you will have most of the work
done by the greylistd software.

Which greylist do you use? It should be fairly
easy to modify or to use an external utility.


--
Herb Martin