Spam.blacklist.rules critical mass

mikea mikea at MIKEA.ATH.CX
Fri Dec 5 16:01:24 GMT 2003

On Fri, Dec 05, 2003 at 10:27:57AM -0500, Jason Burzenski wrote:
> Does anyone know if there is a maximum limit to the number of entries in a
> rules file?  I've been regularly adding entries to my spam.blacklist.rules
> file which has now reached about 30K in size.  I haven't noticed much impact
> on system performance or memory use but was wondering if someone else has
> seen a direct correlation between a growing rules file and decreased system
> performance?  At what level did your system start to choke?  Whats the best
> practice for blacklisting?

I've noticed that there is some correlation between rulefile linecount
(and complexity) and SA process time-to-scan, but that is only to be
expected. It is much more evident on older, slower machines (e.g.,
_mine_ *sigh*) than on newer, roomer, faster machines, but (again)
that is only to be expected.

Even if you can keep the rulefiles in RAM, you still have to go
through the rules, and even RAM access time is nonzero.

Best practice? Minimal ruleset size and complexity consistent with
blocking efficiently. It's not a static thing: rulesets themselves
are works in progress.

My system starts to choke at about 5K rules, running MS 4.25-13 and
SA 2.50, with 5 instances of MS and of SA running. But my box is, as
I wrote above, old, small, and slow. Not as small and slow as its
predecessor, but small and slow by modern standards.

Mike Andrews
mikea at
Tired old sysadmin

More information about the MailScanner mailing list