On Fri, 2009-02-06 at 21:55 -0500, Charles Sprickman wrote:
> I'm a bit stumped on this one.
>
> We recently got notice that we have too much volume to continue using
> spamhaus queries, and the quote for our rather small userbase was near
> what we'd pay for outsourcing all of our spam filtering anyhow...
Now that you already disabled them, and we know you are an ISP, just
some wild guesses and thoughts. Based on "rather small user base", I
just assume you're slightly above the threshold. Correct me if I'm
wrong. :)
> Running spamassassin in debug mode however:
>
> r...@spamd1[/usr/local/etc/mail/spamassassin]#
^
Running multiple spamd servers? Are all of them using the same DNS
server? Maybe another DNS server or two, perhaps in a different class C
network, would help.
> spamassassin -D 2>&1 < dialup-nospam.txt | grep -i spamhaus
^^^^^^
Is that dial-up as in "your customers" or direct dial-up end-user to MX
submission? Point here is, that scanning your own (authenticated)
customers' outgoing traffic might not be worth it. But given a cache it
shouldn't generate much queries anyway.
Something that really can help keeping the load (and DNS queries) low is
to not filter specific mail with SA, like known mailing lists, etc.
Granted, probably not easy to do for an ISP.
Don't recall details, but would it help to simply drop URIBL_SBL and
keep ZEN? That is, if a single threshold applies to all queries, as
opposed to two distinct ones. Personally, I find ZEN to be much more
effective.
Anyway, enough -- more coffee. :)
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
