Adding memory is generally the cheapest and simplest way to handle machine
overload in most cases. One should also carefully trim the maximum number
of children so that SA comfortably fits entirely in RAM without hitting
the swap file. When SA hits the swap file it very suddenly becomes very
very slow. Off hand I'd suspect the sa_blacklist file would be quite
redundant with and stale relative to the various BL tests.
{^_^}
----- Original Message -----
From: <[EMAIL PROTECTED]>
Yes server was getting overloaded. So I went through all my old rules and
deleted them. Went from 36 rules down to 15 rules. Apparently there were a
couple that were obsolete. Also I noticed I had a sa-blacklist.cf file
with thousands of email addresses I got from some site awhile back. It was
a huge file. I also noticed the same file was being used for qmail,
badmailfrom file. So when I removed the sa-blacklist.cf file all of a
sudden I had a ton of memory available and the memory spamd used was a
fraction of what it was using originally. Again dont know if it was the
sa-blacklist.cf file. I know it wasnt the other cf files I removed because
after I removed those the spamd processes were still using a lot of
resources.
As you can tell Im not the most knowledgeable when it comes to running SA
so thats why I was asking about these other rules I found.
Thanks
Robert
From: <[EMAIL PROTECTED]>
I been trying to "optimize" SA on my system and decided to look at the
rules I have that SA uses. Im using qmail with SA 3.1 on Fedora Core 2.
I
started SA in debug mode and noticed a bunch of rules running in another
folder on top of what I have in my up to date rules folder. The rules in
this other folder are in /usr/share/spamassassin. Should I delete all of
these rules or do they need to be there?
10_misc.cf
20_drugs.cf
20_phrases.cf
25_body_tests_es.cf
30_text_fr.cf
20_anti_ratware.cf
20_fake_helo_tests.cf
20_porn.cf
25_hashcash.cf
30_text_nl.cf
20_body_tests.cf
20_head_tests.cf
20_ratware.cf
25_spf.cf
30_text_pl.cf
20_compensate.cf
20_html_tests.cf
20_uri_tests.cf
25_uribl.cf
50_scores.cf
20_dnsbl_tests.cf
20_meta_tests.cf
23_bayes.cf
30_text_de.cf
60_whitelist.cf
Sorry if its a lot.
It's not very much compared to what I run.
Only you can define your "should". You know your conditions far better
than any of us. Is your machine overloaded? If not then why "optimize"
when it means it's very likely more spam will leak through? In my case
optimize meant going to over 45 rule sets along with extensive
user_prefs files. The machine spends about 141 seconds per hour filtering
email. This 4% load does not materially affect its performance with
anything else it does. So YMMV takes on a very strong meaning in this
context.
{^_^}
Robert Bartlett
Digital Phoenix iTechnologies
