[SA-exim] Re: [Exim] EXIM 4.31, courier-imap, Clamd, exiscan, spamassassinLoad problems

[Ross Boylan]

On Mon, 2004-05-10 at 17:50, Tor Slettnes wrote:
> [Top-quoted, non-attributed message corrected.
>   See http://www.netmeister.org/news/learn2quote.html]
> 
> On May 10, 2004, at 15:58, Doug Block wrote:
> > Tor Slettnes wrote:
> >> You probably mean "SA-Exim", not "SA-Scan".  SA-Exim has problems 
> >> with Exim
> >> v4.31 through 4.33, due to the Received: header change.  Either stay 
> >> with
> >> 4.30, or upgrade to 4.34, or you will get wildly inaccurate SA scores
> >> (specifically, SA-Exim may trust forged Received: headers, or else 
> >> treat
> >> messages sent through a smarthost as if they came directly from a 
> >> dialup
> >> host).
> >
> > Yes your right!!! On the spam and the courier
> > Oh the sa-exim is working great so far on the scores.  I have had a 
> > 75% drop
> > in spam and I have been using spam pit to check the scores which so 
> > far have
> > been correct on both real mail and spam.  I may upgrade to 4.34 once I 
> > get
> > some time since it came out today.
> 
> Keep in mind that your success is not only reflected in how much spam 
> you block, but more importantly, in how much legitimate mail you let 
> through.   With that in mind, running SA-Exim with Exim 4.31 - 4.33 is 
> at best ignorant - at worst, irresponsible.  Especially this is the 
> case if you are hosting mail for other people.
> 
> (Sure, blocking 75% of spam is good; but with a properly configured SA, 
> you ought to be able to catch well above 90%, while not impacting 
> legitimate mail at all).
> 
> 
> > I have a older (half the speed) exim 4 box that handled the load for 
> > up 150 users with courier-imap with out this problem but it did not 
> > have clamd, sa-exim, exiscan, and spamassassin on it.  This box worked 
> > fine for 18 months+ but the virus's and spam where a big problem.  I 
> > have spam set to under 256k but I have been watching this while 
> > writing this email and I notice 8-12 messages at a time coming in and 
> > eating 100% of the cpu for about 5 secs while they get spamd and 
> > clamd.
> 
> You could start "spamd" with "--nicelevel 15" or so, essentially 
> lowering its priority if there are other (presumably more important) 
> tasks going on.  (On a Debian machine, look in 
> /etc/default/spamassassin).
> 

On my Debian machine (testing level) the following settings go in
/etc/spamassassin/local.cf, I think.
> You could disable the SA network tests (which, while using Exim 4.31 to 
> 4.33, probably do more harm than good):
>     skip_rbl_checks 1
>     use_dcc         0
>     use_pyzor       0
>     use_razor2      0

Does anyone know if the use_xxx settings are necessary if
skip_rbl_checks is 1?

Also, the manpage lists use_bayes in the same section (Network Test
Options).  This seems odd.  Should it be there?  Is it just doing RBL
tests?