Re: Minimizing spamd's memory footprint

Wed, 17 May 2006 09:44:17 -0700 

Soo.....yesterday I decided to get gutsy and use just about all the
rules from SARE.  Here's my rulesdujour config:

TRUSTED_RULESETS="ANTIDRUG BLACKLIST BLACKLIST_URI BOGUSVIRUS RANDOMVAL
SARE_ADULT SARE_BAYES_POISON_NXM SARE_BML SARE_EVILNUMBERS0
SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_FRAUD SARE_GENLSUBJ
SARE_GENLSUBJ0 SARE_GENLSUBJ1 SARE_GENLSUBJ2 SARE_GENLSUBJ3
SARE_GENLSUBJ_ENG SARE_GENLSUBJ_X30 SARE_HEADER SARE_HEADER0
SARE_HEADER1 SARE_HEADER2 SARE_HEADER3 SARE_HEADER_ENG SARE_HEADER_X30
SARE_HIGHRISK SARE_HTML SARE_HTML0 SARE_HTML1 SARE_HTML2 SARE_HTML3
SARE_HTML4 SARE_HTML_ENG SARE_OBFU SARE_OBFU0 SARE_OBFU1 SARE_OBFU2
SARE_OBFU3 SARE_OEM SARE_RANDOM SARE_RATWARE SARE_REDIRECT
SARE_REDIRECT_POST300 SARE_SPAMCOP_TOP200 SARE_SPECIFIC SARE_SPOOF
SARE_UNSUB SARE_URI0 SARE_URI1 SARE_URI2 SARE_URI3 SARE_URI_ENG
SARE_WHITELIST TRIPWIRE"
I know I keep harping about this on the list, but you should check which rulesets are actually triggering on the spam your server receives. These are the rulesets I'm grabbing with RulesDuJour: 

SARE_ADULT
SARE_BAYES_POISON_NXM
SARE_FRAUD
SARE_HTML0
SARE_OBFU0
SARE_OEM
SARE_RANDOM
SARE_REDIRECT_POST300
SARE_SPAMCOP_TOP200
SARE_SPECIFIC
SARE_SPOOF
SARE_WHITELIST_RCVD
SARE_WHITELIST_SPF
SARE_STOCKS
From looking at my logs, it's mostly SARE_SPECIFIC and SARE_STOCKS that
trigger. Most of the others are wastes of resources for the spam my server receives. It could be the same for you too. OTOH, Bayes, Razor, and the DNS tests identify the most spam.

Reply via email to