Re: [exim] Reducing Spam Assassin Load

Top Page
Delete this message
Reply to this message
Author: Stephen Gran
Date:  
To: exim-users
Subject: Re: [exim] Reducing Spam Assassin Load
On Fri, Sep 30, 2005 at 07:21:09PM -0700, Marc Perkel said:
> One of the things that is creating SA load is processing good email. I'm
> trying to figure out a way to bless stuff that I know is ham so I can
> bypass spam assassin. And it has to somehow just learn it automatically.
>
> Perhaps somehow if I could build a hints database so that if I'm getting
> only ham from some source that it will bless it for a period of time.
>
> Anyone got any ideas?


Off hand, the only clean solution I can think of is a multi part one,
and it's sort of kludgy.

Write (or adapt) a greylist type sql query daemon, that will look up
scores associated with the host/MAIL FROM/RCPT TO tuple. You storage
would need the following strucure:

id host sender recipient score ctime

So a typical row might contain:
-----------------------------------------------------------------------------------------------------------
| 57 | 131.111.8.41 | exim-users-bounces+steve=lobefin.net@??? | steve@??? | 0.43 | 1128249775 |

-----------------------------------------------------------------------------------------------------------

You'll need to find a way to feed $spam_score to the query daemon to
update the record and score lines, but this is largely implementation
dependant - if you call SA from exiscan, it can be done with an sql
query from exim, if you call it from procmail, you can write a helper
script that does the same thing.

So, the backend being done, you do a readsocket from exim, and if the
average score is lower than, say, 2, you add a header that will make your
SA method not use SA (if def $h_skip_SA in exim, or something similar
in procmail). The important thing is that if you skip an SA run, you
update the database with an sql query that adds a record with a score
of 3 - this will force periodic reevaluations by SA.

Then you can expire old records after whatever time period you like.
This way, places that consistently send very low scoring ham are kept
out of the SA run for longer periods, but all tuples eventually make it
back it to SA at some point.

Just sort of thinking out loud at this point. HTH,
--
--------------------------------------------------------------------------
|  Stephen Gran                  | "You can't get very far in this world   |
|  steve@???             | without your dossier being there        |
|  http://www.lobefin.net/~steve | first." -- Arthur Miller                |

--------------------------------------------------------------------------