You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2007/08/09 11:44:19 UTC
Re: spam leaks, high server load!?
Broadly, Matthias' advice is correct. Here's some additions:
Matthias Leisi writes:
> > Perform DCC checks
> > Perform Pyzor checks
> > Perform Razor2 checks
>
> I don't run any of these and don't have the urge to enable them. The
> other rules (including Bayes) work fine with me.
Turning these off will definitely help reduce load.
> > Perform Spamcop reporting
> > Perform AWL checks
>
> How big is your AWL file? It's not maintained automatically as the Bayes
> files and can become *really* huge if not maintained manually (through
> scripts).
It's definitely wise to turn off AWL if you're having load problems.
> > AutoLearnThreshold
> > WhiteListSubject
> > MimeHeader
> > ReplaceTags
> > URIDNSBL
>
> These are all core features which I would not remove.
>
> > HashCash
>
> How many hits does this give you?
>
> > SPF
>
> How much value does this offer to you? I have found the actual use of
> SPF to be rather limited, but YMMV.
>
> > ImageInfo
>
> I don't use ImageInfo, and have little to no image spam coming through
> (thanks to Bayes and RBLs), and I understand it is pretty CPU intensive.
Actually, ImageInfo is quite efficient; it should be OK.
> > VBounce
>
> Same as for ImageInfo, but I don't know how much additional load it causes.
Again, not too bad, actually.
> > Bayes
> > BodyEval
> > [..]
>
> The remainder of the plugins you listed are core features which I would
> not want to miss. If you are *really* tight on resources, you may
> disable Bayes, but doing so will noticeably decrease the ratio of
> detected spam and may increase the number of false positives at the same
> time.
>
> Other things to check:
>
> * Do your DNS queries time out (it may be that your DNS server is
> limiting the number of concurrent recursive queries it is willing to
> handle)?
>
> * What is the maximum size of messages you pass through SA? 256K seems
> to be a good upper limit.
Definitely worth checking.
> * Is your machine swapping / low on memory, is it CPU, ...
>
> * What additional rulesets (SARE?) do you use?
see also the advice at
http://wiki.apache.org/spamassassin/FasterPerformance
--j.