You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2007/08/09 11:44:19 UTC

Re: spam leaks, high server load!? 

Broadly, Matthias' advice is correct.  Here's some additions:

Matthias Leisi writes:
> > Perform DCC checks
> > Perform Pyzor checks
> > Perform Razor2 checks
> 
> I don't run any of these and don't have the urge to enable them. The
> other rules (including Bayes) work fine with me.

Turning these off will definitely help reduce load.

> > Perform Spamcop reporting
> > Perform AWL checks
> 
> How big is your AWL file? It's not maintained automatically as the Bayes
> files and can become *really* huge if not maintained manually (through
> scripts).

It's definitely wise to turn off AWL if you're having load problems.

> > AutoLearnThreshold
> > WhiteListSubject
> > MimeHeader
> > ReplaceTags
> > URIDNSBL
> 
> These are all core features which I would not remove.
> 
> > HashCash
> 
> How many hits does this give you?
> 
> > SPF
> 
> How much value does this offer to you? I have found the actual use of
> SPF to be rather limited, but YMMV.
> 
> > ImageInfo
> 
> I don't use ImageInfo, and have little to no image spam coming through
> (thanks to Bayes and RBLs), and I understand it is pretty CPU intensive.

Actually, ImageInfo is quite efficient; it should be OK.

> > VBounce
> 
> Same as for ImageInfo, but I don't know how much additional load it causes.

Again, not too bad, actually.

> > Bayes
> > BodyEval
> > [..]
> 
> The remainder of the plugins you listed are core features which I would
> not want to miss. If you are *really* tight on resources, you may
> disable Bayes, but doing so will noticeably decrease the ratio of
> detected spam and may increase the number of false positives at the same
> time.
> 
> Other things to check:
> 
> * Do your DNS queries time out (it may be that your DNS server is
> limiting the number of concurrent recursive queries it is willing to
> handle)?
> 
> * What is the maximum size of messages you pass through SA? 256K seems
> to be a good upper limit.

Definitely worth checking.

> * Is your machine swapping / low on memory, is it CPU, ...
> 
> * What additional rulesets (SARE?) do you use?

see also the advice at
http://wiki.apache.org/spamassassin/FasterPerformance

--j.