SA at SMTP time (was Re: newbie: configure SA to reject spam)

[David B Funk <db...@engineering.uiowa.edu>]

On Thu, 14 Jan 2010, LuKreme wrote:

> On 14-Jan-2010, at 06:22, Robert Schetterer wrote:
> > http://savannah.nongnu.org/projects/spamass-milt/
>
> How efficient is spamass-milter? I've always been hesitant to try running SA during the transaction because I was afraid it would take too long.
>

I cannot speak for spamass-milter as I use a different milter
(milterassassin) but the general concept of filtering at SMTP time is
viable (depending upon your load) with a few considerations.

1) structure your filter stack so that SA runs after all lightweight
  filters (DNSBL, helo checks, valid recipient checks, gray-listing, etc).
2) Make sure that your milter uses SA intelligently, not opening premature
  connections to spamd (if your milter uses spamd rather than running SA
  directly in the milter; EG amavisd). The milter I use talks the SA
  net protocol directly (as opposed to forking spamc) and originally opened
  the connection to spamd when it got the receipt-from info. This would
  waste connections as unnecessary as recipient checks often would kill the
  SMTP transaction. I re-coded it to collect headers and not open the
  spamd connection until it reached the data-phase.
3) Adjust your MTA to limit the number of simultaneous incoming
  connections to the max number of spamd processes that your SA box(s) can
  reasonably handle.

With these considerations we comfortable handle 100K messages/day with
just one moderately sized SA box.

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{