Hello Ronan, Tuesday, November 23, 2004, 7:14:18 AM, you wrote:
R> im running 3.0.1 with the SURIBLS R> but im starting to get the load related R> spam acl condition: spamd connection to 127.0.0.1, port 783 failed: R> Connection timed out R> which of the following could i cut back on or does it depend on R> which types of spam our site is getting?? Yes, when looking at custom rules files, it strongly depends on what spam you're getting R> 70_sare_adult.cf R> 70_sare_bayes_poison_nxm.cf I personally don't use this -- I personally verify 75%+ of all mail that goes through SA's analysis on three domains, and I feed 100% of that mail (excepting lists like this) into SA-Learn. IMO there is no bayes poison, only bayes fodder. I expect the rule set would be useful for those with less comprehensive training. Also, since you don't mention Bayes above, if you /don't/ run Bayes, this rules file can be very useful. R> 70_sare_genlsubj0.cf R> 70_sare_header0.cf R> 70_sare_html0.cf The above are great, and the most efficient of their families. I hope to have updates for them out in another week or so. R> 70_sare_oem.cf R> 70_sare_random.cf R> 70_sare_specific.cf R> 70_sare_spoof.cf R> 70_sare_unsub.cf R> 70_sare_uri.cf R> 72_sare_bml_post25x.cf R> 72_sare_redirect_post3.0.0.cf R> 99_sare_fraud_post25x.cf Ought to get that last set renamed back to the 70's range... R> chickenpox.cf R> evilnumbers.cf R> init.pre R> local.cf All look good. You've got an intelligent selection there. None of them should be expensive (in computer resources). You say you're running with SURIBLs. Are you also running with other network tests? All standard network tests are good aids to SA scoring, but they can contribute to a timeout problem, since they need to wait for that other system somewhere on the network to respond. R> are any of the above redundant in 3.0.1, and is there a list somewhere R> of the rulesets that are made redundant with subsequent versions of R> SA??? maybe helpful.. None of the ruleset files you list above are redundant with 3.0.1 nor with each other. Eventually we'll put a comprehensive list of what ruleset files are appropriate for which versions of SA (and/or which should/not be used with each other) on the Wiki ... hopefully one of us will have time to do that before end of year. Bob Menschel
