Autor: Peter Kirk Data: A: W B Hacker, exim users Assumpte: Re: [exim] Spamassassin
>Do you use 'require verify = recipient' >
>If not, suggest you read up on it and apply it, as it will buy you
>'time' to add even better tools.
>
>No point in scanning traffic from dictionery-attack zombots.
>
>Next step is to better qualify arrivals within Exim, so that they never >need to reach SA at all.
>
>Most zombots can be blown off with a combination of rDNS checks, HELO
>FQDN checks, and a small 'delay' or two. They are terribly impatient..
>
>These need not be 'hard edged' tests!
>
>A small set of 'warn' verb loading values into acl_c thence to acl_m
>variables as 'scores' can be tested against a threshold and/or added to >'spamint'.
>
>It helps to run, for example, ClamAV *before* SA, and hard-reject, as it >is a lighter system load as very, very rarely false-alarms.
>
>At that point you can begin to 'strip' SA by optioning-off of its tests >in interpreted perl that have already made faster and cheaper within
>Exim's compiled 'C'.
>
>Ideally, a slimmed-down SA nneds a mere fraction of the resources to
>complete its scan, and will only be asked to look at around 10 to 20% of >arriving traffic.
>
>Exim will have shed the worst of the garbage beforehand.
>
>*Many* ways to get to that point...
>
>- but you'll need to select what fits your environment, step at a time - >and test, test, test...
>
>Do not just adopt acl snippets that work for others without through
>testing, as there are many possible interactions.
>
>HTH,
>
>Bill
Hey Bill
Thanks for the info, we do, do all of the above such as blacklisting,
whitelisting, dnslists, 'require verify = recipient', clamav and the
rest of the works. Make sure that spamassassin gets the last bit of
work there is to do.
The thing is that it works fine for about 3months and then just goes
crazy and uses a lot of cpu "well perl does". In the past I always end
up fixing it by either rebooting or updating all the packages on the
server. Though im sure there must be something causing this?
The server has 1GB mem and 1cpu 2.6... running on vmware, with a big
pipe to the internet. So there should be no bottlenecks. Server
handles anything from about 10-30k incoming mails per day, and blocks
about 20-50k spam a day so its not that much under strain.