mkettler_sa at verizon
Nov 1, 2007, 5:37 AM
Post #2 of 5
(302 views)
Permalink
|
Joey wrote:
>
> Hello All,
>
>
>
> After my post Help figuring our why SA is taking like 1.5 minutes to
> filter I decided to kind of clean up my configuration and also get rid
> of RulesDeJour.
>
Hmm interesting..
Question, what tools do you use to call SA? Do you know for sure what
user SA runs as while scanning mail?
If so, try running a sa-learn --force-expire as that user.
> I noticed these updates go to /var/lib/spamassassin/X.XXX, my first
> question is does this folder automatically get used by SA when it’s
> looking for rules, so there is no config I have to do?
>
Yes, it automatically gets used. If you run spamassassin --lint -D it
will show you, among other things, what paths and files SA is using.
>
>
>
> Second if I were to update to a specific folder lets say /myfolder I
> know I can pass the parameter on the sa-update of –updatedir
> /myfolder, however do I then have to specify in the local.cf anything
> to insure we are using that folder for rules?
>
AFAIK, there's no option to over-ride the LOCAL_STATE_DIR, which is what
this directory is, other than at compile time.
>
>
> For reference if I have a backup folder within the rules folder called
> backup, will SA look at any of the rules I copied there without having
> a cf file telling it to include any files in that folder?
>
> In other words does it automatically use any cf files it finds within
> any subfolder of the main rules folder?
>
No.
>
> 1. Is there a way for me to have sa-update update the .cf files
> here?
>
Some of them can be sa-updated. It's really up to the particular ruleset
maintainer to set up the DNS features needed. (sa-update doesn't just
fetch a web page like RDJ does. To save bandwidth it uses DNS to find
out what the latest update rev is before it goes to HTTP)
A lot of the SARE rules support sa-update, as can be found here.
http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt
>
> 2. Should I get rid of any of these rules ( tripwire etc)?
>
None of them look to be "bad" rules to have. The ones to avoid include
sa-blacklist* (kills your server), bigevil (kills your server),
antidrug.cf (redundant/outdated compared to rules built-in to SA)
>
> 3. Are there any other rules that do well that I should add?
>
I like the SARE spec ruleset, but I'd not go adding more stuff till you
fix your performance problems..
http://www.rulesemporium.com/rules/70_sare_specific.cf
>
>
>
> Anything that can be suggested to improve my configuration is GREATLY
> appreciated!
>
Everything else looks good, although you might be a bit over-trusting of
the URIBLS by placing them all at 7. Provided you don't mind a rare FP,
that should be fine, but if you are FP averse, I'd avoid that. I get
about 1 desirable email every 2 months that gets hit by one of them, and
about 2 newsletters that I intentionally subscribe to, but don't care
too much about, that hit one or more URIBL.. I request delisting, and
they generally do, but eventually some other domain gets picked up.. YMMV.
(and note: I get a *LOT* of email, so those frequencies still boil down
to a very low FP rate)
|
