On Fri, 2009-09-18 at 16:13 -0500, Jose Luis Marin Perez wrote:
> > > 512 MB Ram
> >
> > Ouch -- that server could go with some RAM, don't you think? No hard
> > numbers, but given your 10k+ messages a day, I guess that's about the
> > bare minimum.
> >
> > Oh, you mentioned yesterday running ClamAV, too. Yes, that is low. Hope
> > you don't hit swap yet.
>
> For more than 10000 emails a day how much memory should be the server?
> as one can calculate the amount of memory needed?
That depends on mail spikes, processing times, how you call SA, other
applications (like ClamAV), and whether or not you hit swap. You didn't
answer that.
> > > skip_rbl_checks 1
> >
> > You *disabled* DNS BL checks. Enabling them should drastically improve
> > results. You'd likely want a local, caching nameserver.
>
> In qmail-smtpd rblsmtpd option is used, is equivalent to DNS BL checks
> of SpamAssassin?
No. SA is a scoring system, no one rule can single-handedly flag a mail
as spam. Instead, RBL hits contribute to the spam score. Also, there are
more RBLs in SA than you use with rblsmtpd, each weighted based on
effectiveness.
But this part really seems familiar. Like, yesterday.
> > > required_hits 3
> >
> > Not a safe thing to do. That's severely lower than the default. Do
> > expect FPs. If you find yourself in the need to lower the threshold that
> > drastically, something else is wrong.
>
> Indeed this value was set to 5.0, but there were many SPAM emails so I
> decided to lower it to 3.0, which do you recommend?
The default. I do add third-party stuff, but I wouldn't lower the
threshold like that. I know I'd get FPs.
> > *Lots* more snipped. If you need that much whitelisting, it indicates
> > there is a problem -- in this case, my guess can be seen above. Your
> > required_score threshold is too low, and thus you need to whitelist more
> > and more legit senders...
>
> This configuration should implement the previous postmaster, if there
> is the need to eliminate rest assured that I will.
>
> > Even worse, you are using the un-constrained variant. Do NOT do that,
> > unless as a last resort. If you need whitelisting at all, do use at
> > least the *_rcvd variant, if not the auth'ed ones.
>
> You mean the option whitelist_from_rcvd?
>
> > In particular: DO NOT whitelist_from your own domain! If you do, a *lot*
> > of spam will sail right through. Spammers love to pretend sending from
> > your domain.
You did not get back to the "your own domains" part. If there are any,
remove 'em. Now.
Generally, there should rarely be the need to whitelist anything. That
huge list shows that it was used in an attempt to cure a problem, that
stems from other mis-configuration. Rather than just throwing more
whitelisting at SA, you should investigate the actual cause.
And yes, I was talking about whitelist_from_rcvd, or actually *any*
whitelist_from_* if they apply. But don't use the plain, un-constrained
whitelist_from, unless as a last resort.
Also see the docs.
> > > header _LOCAL_I_HATE_VIAGRA Subject =~
> > > /v.?[i1].?...@].?g.?[\@a]?.?r....@a]/i
> > > describe _LOCAL_I_HATE_VIAGRA viagra
> > > score _LOCAL_I_HATE_VIAGRA 100.0
> >
> > Funny. Can't even recall when the last spam like that got through. Do
> > you really need such rules?
>
> I did it because many emails arriving with subject or body of the
> message with the word VIAGRA
That's a header rule. It does not match the body. Anyway, as I pointed
out before, you'd better carefully check the rules hit, and investigate
the real cause.
These are generally high hitters. And the score suggests you are trying
to counter a bad whitelist -- but I said that before. You should check
*why* they might be slipping through, instead of assigning a ridiculous
high score.
> > Maybe your Bayes is severely mis-trained? Or maybe you need that to
> > counter the whitelist_from for pills spam pretending to be sent from
> > your own domain. The score sure hints at that...
>
> As if well trained Bayes?
Sorry, don't get that.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
