You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matt Kettler <mk...@verizon.net> on 2008/02/06 09:53:12 UTC

Re:

Juergen.Boehm@inframation.de wrote:
>
> Hi
>
> i need help with Spamassassin. Once in a month we have to send a 
> massive amount of mails at the same time. These are Invoice mails to 
> our customers.
> The problem is, that spamd controls all these mails, which are send 
> from a different Server in our network. It happens that 1/4 of this 
> mails are not send because of:
>
> 554 Relay rejected for policy reasons.
>
> Error.
>
> When i look in the mail file on the Mailserver I see that spamd 
> arrives at the limit of spawned childs and there are some errors.
>
> My question now is: is there an opportunity to tell spamassassin to 
> ignore a server in the own network completely so that spamd isn't 
> called when there comes a mail from this server?
>
> It can't be "trusted networks" because this parameter is set.
>
Well, the problem is for spamassassin to tell that, you'd already have 
to have called spamd. ie: by the time SA knows, it's too late, you're 
already in spamd.

You have two basic options:

1) Configure whatever tool is calling spamc to not call it. This is your 
best option, but doing it depends on how you're handling SA integration, 
and what that toolset is capable of. I can tell from your headers you're 
using postfix as a MTA, but how have you integrated SA into it??

2) Assuming you have SA 3.2.0 or newer, you could do a shortcircuit on 
the ALL_TRUSTED rule, which would shorten the scan time. However, this 
would not avoid calling spamd and you'll probably only make it less 
severe, not better. It is however, purely a function of SA 
configuration, so I can tell you exactly how to do this with no extra 
information.

To do this, you'll have to load the shortcircuit plugin by uncommenting 
it in /etc/mail/spamassassin/v320.pre, then in your local.cf:

priority ALL_TRUSTED -2000
shortcircuit ALL_TRUSTED on

Note: make absolutely sure that trusted_networks is set properly before 
doing something like this. Because it will make SA abort all of its 
scanning on any message that has only been touched by hosts in 
trusted_networks.