Peter Kirk wrote: >> Started new thread :-) >> >> Spamassassin is not using greylisting database, > >> It never uses and will never use. >> > > >I noticed that spamassassin is using all the cpu as when I stop > it, the server returns > >to normal. > >> Are you passing ALL mail through spamassassin, even 1MB ...20MB? >> I never pass any mail larger than 256K through spamassassin. > >> -- >> Best regards, >> Odhiambo WASHINGTON, >> Nairobi,KE >> +254733744121/+254722743223 >> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ >> "Clothes make the man. Naked people have little or no influence on > society." >> -- Mark Twain > > > > I don't scan anything over 256K either and have turned off the auto > whitelist but still having the problem >
Do you use 'require verify = recipient' If not, suggest you read up on it and apply it, as it will buy you 'time' to add even better tools. No point in scanning traffic from dictionery-attack zombots. Next step is to better qualify arrivals within Exim, so that they never need to reach SA at all. Most zombots can be blown off with a combination of rDNS checks, HELO FQDN checks, and a small 'delay' or two. They are terribly impatient.. These need not be 'hard edged' tests! A small set of 'warn' verb loading values into acl_c thence to acl_m variables as 'scores' can be tested against a threshold and/or added to 'spamint'. It helps to run, for example, ClamAV *before* SA, and hard-reject, as it is a lighter system load as very, very rarely false-alarms. At that point you can begin to 'strip' SA by optioning-off of its tests in interpreted perl that have already made faster and cheaper within Exim's compiled 'C'. Ideally, a slimmed-down SA nneds a mere fraction of the resources to complete its scan, and will only be asked to look at around 10 to 20% of arriving traffic. Exim will have shed the worst of the garbage beforehand. *Many* ways to get to that point... - but you'll need to select what fits your environment, step at a time - and test, test, test... Do not just adopt acl snippets that work for others without through testing, as there are many possible interactions. HTH, Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
