Commtouch

Ryan Bair

-------- Original message --------
Subject: [sniffer] Re: IP Change on rulebase delivery system 
From: Richard Stupek <rstu...@gmail.com> 
To: Message Sniffer Community <sniffer@sortmonster.com> 
CC:  

Can you point me at the documentation for the truncate blacklist and its usage?


On Thu, May 23, 2013 at 3:36 PM, Pete McNeil <madscient...@armresearch.com> 
wrote:
On 2013-05-23 15:22, Richard Stupek wrote:
Looks like I have this issue again (pegging 4 core cpu) and resetting the 
process doesn't make a difference.  Not sure what is causing it but it does 
slow down spam detection to 40-50 seconds for many emails.  Any ideas what I 
can look at or do to resolve this?

Check the message sizes. As part of the newest spam storms we've noticed that a 
lot of the messages are huge (65536++). I suspect this might impact throughput 
as large buffers are allocated and moved around to handle these messages. This 
kind of thing has also been known to cause NTFS to crawl.

Please let us know what you find.

If you are not already doing it -- you should consider blocking connections 
using the truncate blacklist. No sense taking on some of these messages if they 
can be eliminated up front.


_M

-- 
Pete McNeil
Chief Scientist
ARM Research Labs, LLC
www.armresearch.com
866-770-1044 x7010
twitter/codedweller


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <sniffer@sortmonster.com>.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to  <sniffer-requ...@sortmonster.com>


Reply via email to