You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by DAve <da...@pixelhammer.com> on 2008/04/08 16:52:52 UTC
SA 3.2.4 speedup
Good morning,
We recently upgraded to SA 3.2.4 and are experiencing much slower
processing. After watching my rule hits for a few days I would like to
remove some rules (set score to 0) to gain back some speed.
Ami I correct in believing that the below rules will not be run and no
lookup will be made if skip_rbl_checks is set to 1? Looking at my
dnscache I think this is true.
RCVD_IN_NJABL_RELAY
RCVD_IN_NJABL_SPAM
RCVD_IN_NJABL_MULTI
RCVD_IN_NJABL_CGI
RCVD_IN_NJABL_PROXY
RCVD_IN_SORBS_HTTP
RCVD_IN_SORBS_SOCKS
RCVD_IN_SORBS_MISC
RCVD_IN_SORBS_SMTP
RCVD_IN_SORBS_WEB
RCVD_IN_SORBS_BLOCK
RCVD_IN_SORBS_ZOMBIE
RCVD_IN_SORBS_DUL
RCVD_IN_SBL
RCVD_IN_XBL
RCVD_IN_PBL
DNS_FROM_RFC_DSN
DNS_FROM_RFC_BOGUSMX
RCVD_IN_WHOIS_BOGONS
RCVD_IN_WHOIS_HIJACKED
RCVD_IN_WHOIS_INVALID
RCVD_IN_DSBL
DNS_FROM_AHBL_RHSBL
DNS_FROM_SECURITYSAGE
RCVD_IN_BL_SPAMCOP_NET
RCVD_IN_MAPS_RBL
RCVD_IN_MAPS_DUL
RCVD_IN_MAPS_RSS
RCVD_IN_MAPS_NML
RCVD_IN_BSP_TRUSTED
RCVD_IN_BSP_OTHER
RCVD_IN_IADB_VOUCHED
HABEAS_ACCREDITED_COI
HABEAS_ACCREDITED_SOI
HABEAS_CHECKED
SPF_PASS
SPF_NEUTRAL
SPF_FAIL
SPF_SOFTFAIL
SPF_HELO_PASS
SPF_HELO_NEUTRAL
SPF_HELO_FAIL
SPF_HELO_SOFTFAIL
RCVD_IN_DNSWL_HI
RCVD_IN_DNSWL_LOW
RCVD_IN_DNSWL_MED
RCVD_IN_DOB
RCVD_IN_IADB_DK
RCVD_IN_IADB_DOPTIN
RCVD_IN_IADB_DOPTIN_GT50
RCVD_IN_IADB_DOPTIN_LT50
RCVD_IN_IADB_EDDB
RCVD_IN_IADB_EPIA
RCVD_IN_IADB_GOODMAIL
RCVD_IN_IADB_LISTED
RCVD_IN_IADB_LOOSE
RCVD_IN_IADB_MI_CPEAR
RCVD_IN_IADB_MI_CPR_30
RCVD_IN_IADB_MI_CPR_MAT
RCVD_IN_IADB_ML_DOPTIN
RCVD_IN_IADB_NOCONTROL
RCVD_IN_IADB_OOO
RCVD_IN_IADB_OPTIN
RCVD_IN_IADB_OPTIN_GT50
RCVD_IN_IADB_OPTIN_LT50
RCVD_IN_IADB_OPTOUTONLY
RCVD_IN_IADB_RDNS
RCVD_IN_IADB_SENDERID
RCVD_IN_IADB_SPF
RCVD_IN_IADB_UNVERIFIED_1
RCVD_IN_IADB_UNVERIFIED_2
RCVD_IN_IADB_UT_CPEAR
RCVD_IN_IADB_UT_CPR_30
RCVD_IN_IADB_UT_CPR_MAT
I would also like to not run the following rules, they hit, but in less
than 1% of my spam do they make any difference. The lookups are not
worth it, at least not for our mail, not today. That all may change. I
am assuming I will need to set each one to zero to stop any lookups?
URIBL_SBL
URIBL_COMPLETEWHOIS
URIBL_RHS_ABUSE
URIBL_RHS_AHBL
URIBL_RHS_BOGUSMX
URIBL_RHS_DOB
URIBL_RHS_DSN
URIBL_RHS_POST
URIBL_RHS_TLD_WHOIS
URIBL_RHS_WHOIS
WHOIS_1AND1PR
WHOIS_AITPRIV
WHOIS_CONTACTPRIV
WHOIS_DMNBYPROXY
WHOIS_DOMESCROW
WHOIS_DOMPRIVCORP
WHOIS_DREAMPRIV
WHOIS_DROA
WHOIS_DYNADOT
WHOIS_FINEXE
WHOIS_GKGPROXY
WHOIS_IDSHIELD
WHOIS_IDTHEFTPROT
WHOIS_KATZ
WHOIS_LISTINGAG
WHOIS_LNOA
WHOIS_MAPNAME
WHOIS_MONIKER_PRIV
WHOIS_MYPRIVREG
WHOIS_NAMEKING
WHOIS_NAMESECURE
WHOIS_NETID
WHOIS_NETSOLPR
WHOIS_NOLDC
WHOIS_NOMINET
WHOIS_PRIVACYPOST
WHOIS_PRIVDOMAIN
WHOIS_PRIVPROT
WHOIS_REGISTER4LESS
WHOIS_REGISTERFLY
WHOIS_REGTEK
WHOIS_SAFENAMES
WHOIS_SECINFOSERV
WHOIS_SECUREWHOIS
WHOIS_SPAMFREE
WHOIS_SRSPLUS
WHOIS_UNLISTED
WHOIS_WHOISGUARD
WHOIS_WHOISPROT
Thanks,
DAve
--
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
Re: SA 3.2.4 speedup
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> >>Matus UHLAR - fantomas wrote:
> >>>if you want to turn those off, simply disable network rules. Many rules
> >>>have different scores when used with network and without it, and simply
> >>>disabling network rules would increase FN (maybe even FP) rate for you.
[...]
On 08.04.08 14:06, DAve wrote:
> I see your point, problem is the new SA is taking a much larger load,
> and catching less spam. I am getting complaints from clients. So now I
> am hesitant to remove any rules.
Haven't I already say that by removing those rules tou will catch even less
spam? :-)
do you usa sa-compile?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
Re: SA 3.2.4 speedup
Posted by jp <jp...@saucer.midcoast.com>.
> >Aha. Well, since network rules are run in parallel, I don't think turning
> >off some of them will help you much. And what I say is still valid, even if
> >it applies only in some cases :)
>
> I see your point, problem is the new SA is taking a much larger load,
> and catching less spam. I am getting complaints from clients. So now I
> am hesitant to remove any rules.
>
> I wanted to check the Wiki to refresh my SA performance knowledge, but
> it is down today 8^(
If you need to run more spamds in parrallel because of network tests
delays, increase the amount of RAM you have and the number of spamd
processes.
> Dave
> >>Which was why I asked. I read through the rules to see what was doing a
> >>lookup and where it looked up the URI. I do not want to check sorbs or
> >>spamhaus, we do that at the MTA. I do not what to lookup anything via
> >>spamcop, njabl, or bl.whois.
> >
> >I think that should not cause any problems to you. We use blacklist at MTA
> >level too, and SA still hits some of them (of those
> >same lists!). SA just may check different IPs.
We blacklist some stuff at the MTA too, but figure it's probably cached
in our nameserver if it has to check it again, so no big penalty. We
have our own rsync feed to some of those services, so it would
definitely be a local network check.
--
/*
Jason Philbrook | Midcoast Internet Solutions - Wireless and DSL
KB1IOJ | Broadband Internet Access, Dialup, and Hosting
http://f64.nu/ | for Midcoast Maine http://www.midcoast.com/
*/
Re: SA 3.2.4 speedup
Posted by DAve <da...@pixelhammer.com>.
Matus UHLAR - fantomas wrote:
>>> On 08.04.08 10:52, DAve wrote:
>>>> We recently upgraded to SA 3.2.4 and are experiencing much slower
>>>> processing. After watching my rule hits for a few days I would like to
>>>> remove some rules (set score to 0) to gain back some speed.
>>>>
>>>> Ami I correct in believing that the below rules will not be run and no
>>>> lookup will be made if skip_rbl_checks is set to 1? Looking at my
>>>> dnscache I think this is true.
>
>> Matus UHLAR - fantomas wrote:
>>> if you want to turn those off, simply disable network rules. Many rules
>>> have different scores when used with network and without it, and simply
>>> disabling network rules would increase FN (maybe even FP) rate for you.
>
> On 08.04.08 11:34, DAve wrote:
>> But I want some network rules, some of the URIBL tests are my golden
>> bullets, by far the most effective rules we run. Your spam may vary of
>> course.
>
> Aha. Well, since network rules are run in parallel, I don't think turning
> off some of them will help you much. And what I say is still valid, even if
> it applies only in some cases :)
I see your point, problem is the new SA is taking a much larger load,
and catching less spam. I am getting complaints from clients. So now I
am hesitant to remove any rules.
I wanted to check the Wiki to refresh my SA performance knowledge, but
it is down today 8^(
Dave
>
>>> However, if you can afford it, do run those tests. They are much effective
>>> than most of static rules in SA. They don't take much CPU time, just some
>>> network traffic and a few seconds more. And they increase efficiency very
>>> much
>
> ... and I still say this ;)
>
>>>> I would also like to not run the following rules, they hit, but in less
>>>> than 1% of my spam do they make any difference. The lookups are not
>>>> worth it, at least not for our mail, not today. That all may change. I
>>>> am assuming I will need to set each one to zero to stop any lookups?
>
>>> those were network too.
>
>> Which was why I asked. I read through the rules to see what was doing a
>> lookup and where it looked up the URI. I do not want to check sorbs or
>> spamhaus, we do that at the MTA. I do not what to lookup anything via
>> spamcop, njabl, or bl.whois.
>
> I think that should not cause any problems to you. We use blacklist at MTA level too, and SA still hits some of them (of those
> same lists!). SA just may check different IPs.
>
--
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
Re: SA 3.2.4 speedup
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> >On 08.04.08 10:52, DAve wrote:
> >>We recently upgraded to SA 3.2.4 and are experiencing much slower
> >>processing. After watching my rule hits for a few days I would like to
> >>remove some rules (set score to 0) to gain back some speed.
> >>
> >>Ami I correct in believing that the below rules will not be run and no
> >>lookup will be made if skip_rbl_checks is set to 1? Looking at my
> >>dnscache I think this is true.
> Matus UHLAR - fantomas wrote:
> >if you want to turn those off, simply disable network rules. Many rules
> >have different scores when used with network and without it, and simply
> >disabling network rules would increase FN (maybe even FP) rate for you.
On 08.04.08 11:34, DAve wrote:
> But I want some network rules, some of the URIBL tests are my golden
> bullets, by far the most effective rules we run. Your spam may vary of
> course.
Aha. Well, since network rules are run in parallel, I don't think turning
off some of them will help you much. And what I say is still valid, even if
it applies only in some cases :)
> >However, if you can afford it, do run those tests. They are much effective
> >than most of static rules in SA. They don't take much CPU time, just some
> >network traffic and a few seconds more. And they increase efficiency very
> >much
... and I still say this ;)
> >>I would also like to not run the following rules, they hit, but in less
> >>than 1% of my spam do they make any difference. The lookups are not
> >>worth it, at least not for our mail, not today. That all may change. I
> >>am assuming I will need to set each one to zero to stop any lookups?
> >those were network too.
> Which was why I asked. I read through the rules to see what was doing a
> lookup and where it looked up the URI. I do not want to check sorbs or
> spamhaus, we do that at the MTA. I do not what to lookup anything via
> spamcop, njabl, or bl.whois.
I think that should not cause any problems to you. We use blacklist at MTA level too, and SA still hits some of them (of those
same lists!). SA just may check different IPs.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"To Boot or not to Boot, that's the question." [WD1270 Caviar]
Re: SA 3.2.4 speedup
Posted by DAve <da...@pixelhammer.com>.
Matus UHLAR - fantomas wrote:
> On 08.04.08 10:52, DAve wrote:
>> We recently upgraded to SA 3.2.4 and are experiencing much slower
>> processing. After watching my rule hits for a few days I would like to
>> remove some rules (set score to 0) to gain back some speed.
>>
>> Ami I correct in believing that the below rules will not be run and no
>> lookup will be made if skip_rbl_checks is set to 1? Looking at my
>> dnscache I think this is true.
>
> if you want to turn those off, simply disable network rules. Many rules have
> different scores when used with network and without it, and simply disabling
> network rules would increase FN (maybe even FP) rate for you.
But I want some network rules, some of the URIBL tests are my golden
bullets, by far the most effective rules we run. Your spam may vary of
course.
>
> However, if you can afford it, do run those tests. They are much effective
> than most of static rules in SA. They don't take much CPU time, just some
> network traffic and a few seconds more. And they increase efficiency very
> much
>
>> I would also like to not run the following rules, they hit, but in less
>> than 1% of my spam do they make any difference. The lookups are not
>> worth it, at least not for our mail, not today. That all may change. I
>> am assuming I will need to set each one to zero to stop any lookups?
>
> those were network too.
>
Which was why I asked. I read through the rules to see what was doing a
lookup and where it looked up the URI. I do not want to check sorbs or
spamhaus, we do that at the MTA. I do not what to lookup anything via
spamcop, njabl, or bl.whois.
Thanks,
DAve
--
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.
Re: SA 3.2.4 speedup
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 08.04.08 10:52, DAve wrote:
> We recently upgraded to SA 3.2.4 and are experiencing much slower
> processing. After watching my rule hits for a few days I would like to
> remove some rules (set score to 0) to gain back some speed.
>
> Ami I correct in believing that the below rules will not be run and no
> lookup will be made if skip_rbl_checks is set to 1? Looking at my
> dnscache I think this is true.
if you want to turn those off, simply disable network rules. Many rules have
different scores when used with network and without it, and simply disabling
network rules would increase FN (maybe even FP) rate for you.
However, if you can afford it, do run those tests. They are much effective
than most of static rules in SA. They don't take much CPU time, just some
network traffic and a few seconds more. And they increase efficiency very
much
> I would also like to not run the following rules, they hit, but in less
> than 1% of my spam do they make any difference. The lookups are not
> worth it, at least not for our mail, not today. That all may change. I
> am assuming I will need to set each one to zero to stop any lookups?
those were network too.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !