I recently upgraded from version 2 to 3 and my performance has gone to pot. It may just be that I need a much stronger computer for this version but I suspect it may be doing a lot of RBL checking. In version 2, I had all net checking turned off in local.cf. I think something is being checked now and I can't figure out where to find it.
Here's a header excerpt: X-Spam-Report: * 0.0 RCVD_BY_IP Received by mail server with no name * 0.6 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should * 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO * 0.1 HTML_40_50 BODY: Message is 40% to 50% HTML * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.5 MPART_ALT_DIFF BODY: HTML and text parts are different * 0.6 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: dnek.com] * 2.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist * [URIs: dnek.com] * 0.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist * [URIs: dnek.com] * 2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist * [URIs: dnek.com] * 3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist * [URIs: dnek.com]
What blocklists are these? How do I tell my version which RBL's I want it to check? I think it's checking too many.
There are 5 network checks in that message, and all 5 are URIBLs, which do RBL lookups on the domain parts of URIs (web links) found in message bodies.
The first one is a query to SBL. SBL is useful both as a URIBL and as a normal spam-source blacklist and SA uses it for both.
The last 4 are all one DNS query to an aggregate list at multi.surbl.org. SURBL is an aggregate of several (5? 6?) URI blacklists and returns them all as a single DNS response (they bitmask the results).
or am I on the wrong track? I read a performance hit about losing local DNS listings for the blacklists. maybe that would help but I'd still need to know what lists to reference.
There are a lot of RBLs queried by a default SA setup, check in the .cf files for details.
However, rather than speculate about performance, measure it. Are you suffering from poor performance? Check your server load, is it high? does you mail queue keep backing up? If not, why are you worried?
The worst-case performance hit for network checks is 15 seconds for a message.. and that's highly improbable, as you'd have to get the responses from multiple lists to trickle in with just the right spacing. Generaly one RBL timing out will hit you for only a couple extra seconds per message.
Locally caching RBLs can improve performance, but unless you're processing a LOT of mail (ie: much more than 10k a day, generally 100k) the rsyncs are more bandwidth than they are worth.
In the case of SURBL, the data is HIGHLY dynamic, changing by the minute not by the day, so you'd kill yourself hosting it locally unless you really were processing a lot of mail (ie: think AOL scale here... millions of messages/day).
Really, if you can afford to keep the RBLs running the way they are, I'd do so.. keep an eye on it for a while. If it goes smooth, keep it, they really are quite helpful in picking up spam.
