Re: [exim] Spamassassin

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: W B Hacker
Data:  
Para: exim users
Asunto: Re: [exim] Spamassassin
Peter Kirk wrote:
>> Started new thread :-)
>>
>> Spamassassin is not using greylisting database,
>
>> It never uses and will never use.
>>
>
>     >I noticed that spamassassin is using all the cpu as when I stop
> it, the server returns
>     >to normal.

>
>> Are you passing ALL mail through spamassassin, even 1MB ...20MB?
>> I never pass any mail larger than 256K through spamassassin.
>
>> -- 
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254733744121/+254722743223
>> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
>> "Clothes make the man.  Naked people have little or no influence on
> society."
>>             -- Mark Twain

>
>
>
> I don't scan anything over 256K either and have turned off the auto
> whitelist but still having the problem
>


Do you use 'require verify = recipient'

If not, suggest you read up on it and apply it, as it will buy you
'time' to add even better tools.

No point in scanning traffic from dictionery-attack zombots.

Next step is to better qualify arrivals within Exim, so that they never
need to reach SA at all.

Most zombots can be blown off with a combination of rDNS checks, HELO
FQDN checks, and a small 'delay' or two. They are terribly impatient..

These need not be 'hard edged' tests!

A small set of 'warn' verb loading values into acl_c thence to acl_m
variables as 'scores' can be tested against a threshold and/or added to
'spamint'.

It helps to run, for example, ClamAV *before* SA, and hard-reject, as it
is a lighter system load as very, very rarely false-alarms.

At that point you can begin to 'strip' SA by optioning-off of its tests
in interpreted perl that have already made faster and cheaper within
Exim's compiled 'C'.

Ideally, a slimmed-down SA nneds a mere fraction of the resources to
complete its scan, and will only be asked to look at around 10 to 20% of
arriving traffic.

Exim will have shed the worst of the garbage beforehand.

*Many* ways to get to that point...

- but you'll need to select what fits your environment, step at a time -
and test, test, test...

Do not just adopt acl snippets that work for others without through
testing, as there are many possible interactions.

HTH,

Bill