You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2007/10/01 12:34:59 UTC

Open letter to the SpamAssassin maintainers. (fwd)

guys --

Is anyone on SPAM-L, and following this thread?  (I received this
forwarded, I'm not subscribed there)

--j.

------- Forwarded Message

From: Matthew Sullivan <ma...@sorbs.net>
Date: Sep 28, 2007 8:13 PM
Subject: Open letter to the SpamAssassin maintainers.
To: SPAM-L@peach.ease.lsoft.com


I'm posting publicly because I'm not subscribing to yet more mailing
lists and this should get public comment/have public review, and if
nothing else serve as a warning to other oblivious SpamAssassin users.

Recently I have had to spend a great deal of time working out what is
wrong with a number of SpamAssassin installations.  The installations
are both medium and small, in each case the SpamAssassin installations
have become significantly inaccurate and in the case of the larger
systems been the cause of several outages relating to load.

I won't go though all the details of the investigation just get straight
to the cause....

Spamhaus DNSbl lookups, by default these are turned on, and Spamhaus are
now charging for use.  Their claim of "we only block people that should
be paying for lookups" is lame, tiring, and just doesn't fly.  I don't
use Spamhaus for blocking as it doesn't pickup anything else over the
freely available DNSbls out there, and the number of spam bots hitting
my mail server is fairly significant (upto a maximum of 440 messages per
minute according to my "mailgraph".

I have two of my spamassassin installations are nothing more than a user
with a home DNSbl hosted domain using a local DNS cache, both of those
installations are now blocked by Spamhaus (I have others that are
significantly larger).  All lookup requests go via a local BIND based
caching resolver and lookups to Spamhaus are only for SpamAssassin.  The
number of lookups performed by SpamAssassin is quite typical of a home
user hosted *single* domain and therefore I can only assume this is an
issue that will be affecting affecting all the SpamAssassin
default/recommended installations.

Suggestion for SpamAssassin is to place Spamhaus in the config as
disabled by default as they do with the MAPS list(s) with the reasoning
that Spamhaus is now a pay-for-use DNSbl.  From their read me:

Disabled code
-------------

There are some tests and code in SpamAssassin that are turned off by
default: experimental code, slow code, or code that depends on
non-open-source software or services that are not always free.  These
disabled tests include:

   - DCC: depends on non-open-source software (disabled in init.pre)
   - DomainKeys: experimental (disabled in init.pre)
   - MAPS: commercial service (disabled in 50_scores.cf)
   - TextCat: slow (disabled in init.pre)
   - various optional plugins, disabled for speed (disabled in *.pre)

To turn on tests disabled in 50_scores.cf, simply assign them a non-zero
score, e.g. by adding score lines to your ~/.spamassassin/user_prefs file.

Spamhaus lookups are by now 'slow code' (~20 seconds per lookup == 20+
seconds per message) and has been the direct cause of the various
systems I maintain going down under load.  Before Spamhaus attempt to
debunk my claims with "you are a large user", the busiest of the home
DSL mail servers is currently showing the following stats:

Daily Average messages processed via SpamAssasin: 3.52 msgs/min
Weekly Average messages processed via SpamAssasin: 4.14 msgs/min
Monthly Average messages processed via SpamAssasin: 3.82 msgs/min
Yearly Average messages processed via SpamAssasin: 3.22 msg/min

Max processed via SpamAssassin in the last 24 hours: 177 msgs/min
Max processed via SpamAssassin in the last 7 days: 177 msgs/min
Max processed via SpamAssassin in the last month: 182 msgs/min
Max processed via SpamAssassin in the last year: 192 msgs/min

This mail server is for a domain with 8 user accounts, and rejects mail
at SMTP for bad DNS, SORBS lookups, CBL lookups, bogons lookups, NJABL
lookups, DSBL lookups, non-existant user accounts and other reasons.
SpamAssassin processing, and therefore Spamhaus lookups is post accept ONLY.

Regards,

Matthew

Re: Open letter to the SpamAssassin maintainers. (fwd)

Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.

Justin Mason wrote:
> guys --
> 
> Is anyone on SPAM-L, and following this thread?  (I received this
> forwarded, I'm not subscribed there)

I forwarded the same message to this (dev@) list on Saturday and asked a 
related question on the private@ list yesterday.

Daryl