Mathew Thomas wrote:
Is it a good idea to check the SPAM first before checking the virus? Hope this can reduce some load on our gateways. What have I to do check the SPAM first on our existing installation without doing any recompilation?
Actually, you're probably better off checking for viruses first, then spam. Spam checks tend to be much more resource-intensive than virus checks.
One optimization I'd suggest, if you haven't already done it, is to make sure you're using ClamAV via clamd rather than the clamav executable. That way MIMEDefang just connects to the daemon instead of having to load the entire virus database from disk each time.
Some other ideas for lightening your load: If you can find a blacklist that you trust, you can block some messages in Sendmail, before they even get to MD/SA/Clam/UV. Check for forged HELO strings in filter_sender and reject senders who pretend to be your server. Reject incoming mail claiming to be from your admin accounts in filter_sender. Since you're running Sendmail 8.13, enable greet_pause, which will block senders that ignore the SMTP handshake. Sendmail 8.13 also has some rate control and connection control features that will limit the number simultaneous connections from a given host.
Basically, anything *simple and reliable* that can drop junk before it gets to SpamAssassin will improve matters.
Another thing: SA 2.64 and MD 2.44 are both very old. You might look into upgrading SpamAssassin (which will probably require a newer version of MIMEDefang), since you're basically checking for 20-year-old spam.
-- Kelson Vibber SpeedGate Communications <www.speed.net> _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
