> From: Matt Kettler > Sent: Monday, 5 July 2004 2:18 a.m. Hi Matt,
> No, but it gets mentioned at least 4 times a year. > > The biggest problem is that SA launches the DNS queries > before it runs the > local body tests. After all, they take the longest, and you > may as well do > something useful while waiting for the results to come back. > > SA could be re-coded to abort waiting after the body is done > and score is > over xx points, but I don't know that this would buy you very much. By the looks of it, it would buy me some time - but I would need to do some more thorough testing. I wrote to the dev list: "My measurements for the traffic lookups were approx 5 to 15k each message with RBL, SURBL and DCC. (This wouldn't include packet headers), but the interesting thing was that with all net tests disabled, the scan time was always 0 seconds (less than 1 sec?) - however with the default SA RBLS + DCC + 3 SURBL tests, the scan time was 2 to 4 seconds. Although more testing would need to be done, it would appear (at least in my environment) running net tests after local tests would not incur much of a performance hit. My local tests and bayes are working quite well with tweaking and although all spam would have been rejected, a few would have required net tests to send them over an example "Dont_run_net_tests" score of say +15. This machine is running SA2.63 and is a 2.8Ghz Xeon. Net tests: SA RBL defaults, DCC, 3 x SURBL Local tests: SA defaults, Bayes, SARE additional rules (bayes and some SA rules scores modified) I simply "bounced" these spam from another server which sends us legitimate email so this may have thrown bayes." Additional info: DSL, local caching DNS server, located way down in New Zealand :) > Yes, you are correct. All tests with score of 0.0 are not > run, including > network rules. (there is a minor exception of rules named with double > underscore at the start (__), which are unscored sub-tests > for meta rules) Good to know, thanks for that. Are you sure about "all tests" - under SA3, at least, I see 0.0 local tests? Cheers Scott
