Gary V wrote:
6 seconds seems somewhat typical. Mostly due to network tests. Some
RBLs are no longer and you could turn the non functional RBL rules off
by setting to 0. I'm not sure which ones though. Maybe someone else
knows.
From my own stats of hits against DNSBLs and URIBLs for the last ~1000
spam (these results are typical for me):
## DNSBL Statistics ##
1223 RCVD_IN_ZEN (Spamhaus PBL, SBL or XBL)
1067 RCVD_IN_UCE_COMBINED (UCEPROTECT level 1, 2 or 3)
1052 RCVD_IN_PBL
900 RCVD_IN_UCEPROTECT3
834 RCVD_IN_UCEPROTECT2
678 RCVD_IN_SBLXBL
427 RCVD_IN_UCEPROTECT1
163 RCVD_IN_PSBL
105 RCVD_IN_BL_SPAMCOP_NET
15 RCVD_IN_SORBS_WEB
14 RCVD_IN_NJABL_PROXY
1 RCVD_IN_SORBS_DUL
1329 Total Spam
## URIBL Statistics ##
1060 URIBL_BLACK
829 URIBL_JP_SURBL
695 URIBL_OB_SURBL
611 URIBL_SC_SURBL
444 URIBL_SBLXBL
440 URIBL_WS_SURBL
427 URIBL_AB_SURBL
163 URIBL_RHS_DOB
42 URIBL_PH_SURBL
1329 Total Spam
Spamhaus Zen is highly effective for me and hits on >90% of spam when
used as -lastexternal, and is the only DNSRBL I'd trust to use at the
smtp level. I've also added custom rules for UCE Protect levels 1-3 and
PSBL blacklists. I wouldn't use either at the smtp level as they do
generate the occasional FP, but UCE Protect is useful in a scoring
environment such as SA. For me NJABL, SORBS and pretty much anything
else are a waste of space relative to the effectiveness of Spamhaus. If
you can implement Spamhaus Zen at the smtp level then blocking ~90% of
spam before it ever reaches SA is hugely beneficial to system load and
the rest could probably be dropped from SA with minimal impact.
I also find the URIBLs to be very effective, especially URIBL_BLACK.
Between Bayes and my top DNSRBLs and URIBLs, nothing gets through -
everything else is just bumping the score further past the spam threshold.
I'd recommend taking a look at your own stats to see which are effective
for you and maybe drop those that are ineffective or, better still, look
at ways to pre-filter spam at the smtp level before it ever reaches
amavisd/SA so as to reduce the load (for example,
http://wiki.centos.org/HowTos/postfix_restrictions). A good setup like
this can easily block the vast majority of spam at the smtp level
meaning that your server/SA now primarily only has to deal with the ham
and an insignificantly small proportion of spam.
BTW, checking my logs I note typical delays of 4-6secs on a 3.0GHz quad
core server with 4GB RAM running 4 amavisd child processes that handles
a very light load.
-Ned