Am 15.03.2015 um 22:19 schrieb Robert Schetterer:
hypothetical...

spam tagging by spamassassin is "expensive" by design so it should be
the last step in a long chain of different "antispam" features mostly
i.e postscreen, clamav-milter, greylisting, rbl filtering, spf dkim
dmarc checks

surely, only 5% of incoming spam attempts make it to spamassassin / clamav here, but you need to keep in mind the amount of your regular ham messages in your mailflow which unconditionally touch the content scanners

hence optimizing the ressource usage of the content filter makes in any case sense

having clamav-milter before spamass-milter in theory is a good idea because clamav is much faster, in the real world the problem is that it only rejects a small amount of junk and having spamass-milter before clamav reduces the load because it bypasses the next layer - here too: your ham mail makes it through both layers anyways

a few months ago after looking at the real mail flow clamav-milter was ordered here after spamass-milter since it only rejected 1% of the junk making it throgh milters at all while SA rejects 10% of the complete mail flow

Speculation... big spam mails sourced by hacked big mail providers accounts
are perhaps most difficult to catch ( cause they pass spf dkim etc
checks before )

So an idea might be switch those providers in another scan chain as
other mails by milter-manager conditions, you might use multiple
instances of spamass-milter and/or spamassassin with different setups.
Multiple other "switches" may integrated with other milters features

For sure such stuff has to be checked against real world examples
an log analysis. At the end this should give most flexible chances to
goal multiple scenarios

which makes the setup more complex and difficult to maintain

even if you go that road - performance optimizing inside SA would improve *both* chains

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to