Am 15.03.2015 um 22:19 schrieb Robert Schetterer:
hypothetical... spam tagging by spamassassin is "expensive" by design so it should be the last step in a long chain of different "antispam" features mostly i.e postscreen, clamav-milter, greylisting, rbl filtering, spf dkim dmarc checks
surely, only 5% of incoming spam attempts make it to spamassassin / clamav here, but you need to keep in mind the amount of your regular ham messages in your mailflow which unconditionally touch the content scanners
hence optimizing the ressource usage of the content filter makes in any case sense
having clamav-milter before spamass-milter in theory is a good idea because clamav is much faster, in the real world the problem is that it only rejects a small amount of junk and having spamass-milter before clamav reduces the load because it bypasses the next layer - here too: your ham mail makes it through both layers anyways
a few months ago after looking at the real mail flow clamav-milter was ordered here after spamass-milter since it only rejected 1% of the junk making it throgh milters at all while SA rejects 10% of the complete mail flow
Speculation... big spam mails sourced by hacked big mail providers accounts are perhaps most difficult to catch ( cause they pass spf dkim etc checks before ) So an idea might be switch those providers in another scan chain as other mails by milter-manager conditions, you might use multiple instances of spamass-milter and/or spamassassin with different setups. Multiple other "switches" may integrated with other milters features For sure such stuff has to be checked against real world examples an log analysis. At the end this should give most flexible chances to goal multiple scenarios
which makes the setup more complex and difficult to maintaineven if you go that road - performance optimizing inside SA would improve *both* chains
signature.asc
Description: OpenPGP digital signature