On Mon, 9 Oct 2006, Matias Lopez Bergero wrote: >Thanks Robert, > >I have requested more memory and an additional processor for the server, >hope they give me something... > >I will be working with the Greylisting and validrcptto, and let you know >how it goes. > >Thanks again, > >BR, >Matias.
You might also consider using DNSBL at the MTA level, which could significantly reduce the amount of scanning SA does. We run lots of fairly intensive tests on our mail -- ImageInfo, FuzzyOcr, several network tests, etc. -- so we use greylisting, DNSBL, and a number of header checks within Postfix to prevent the lion's share of spam from ever reaching SpamAssassin. If the temporary spikes in spam you're seeing are originating from a single IP/class C/etc., blacklisting at the MTA could be especially effective. Here's a graph of the activity on one of our mail servers over the past 24 hours: http://www.nebrwesleyan.edu/people/stpierre/mailgraph.png Notice that we reject *lots* of messages -- more than we mark as spam. Lots of messages are greylisted, too, although it's prohibitively difficult to graph how many are eventually accepted. Still, you can see that we're rejecting over 9 messages per minute due to bad HELOs, bogus recipients, etc., and only marking 3 messages per minute as spam. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University
