SA 3.0 and RBLs

Matt Kettler mkettler at EVI-INC.COM
Thu Sep 23 20:13:08 IST 2004 

<x-flowed>
At 02:29 PM 9/23/2004, Kevin Miller wrote:
>In the past, I've turned off RBL checking in SA, and let MailScanner do it.
>Now that SA incorporates the SURBL stuff in it (the BigEvil stuff) should I
>turn RBL checking on in SA and off in MS?  I wasn't using SURBL before - my
>mail load is pretty humble (between 1K and 2K a day) so the mailservers
>didn't grumble too much using BigEvil.

I for one prefer to run them in SA, as it's a bit more flexible. If I want
a single RBL to be a "one-hit-tag" I can jack up the scores, but
MailScanner doesn't have the flexibility of using a false-positive-prone
DNSBL as a small score increment.

(i.e.: I have some blackholes.us lists that add 1.0 or so. I clearly don't
want to one-shot tag-as-spam based on these lists, but it's nice to have
the extra score bias for mail from china/korea/etc to help pick up a few
mid-scoring FN's without risking FPs for the occasional list-post. It's
also useful statistics wise, even if you set the score to near-zero)

SURBL is MUCH nicer than bigevil. Not just for load reasons, but SURBL
contains many sources of data, not just Chris's work.



>As an aside, I was noticing a lot of timeouts in SA yesterday, so I began
>poking around.  Had a lot of bayes_toks.expire* files.  Ran a sa-learn
>--sync --force-expire and then deleted the expire files.

I for one like to disable opportunistic expiry under MailScanner.
         (needs to be in local.cf, will be ignored in spam.assassin.prefs.conf)

         #disable auto-expire, it messes with MailScanner
         bayes_auto_expire 0

I often add a daily cronjob to run a --force-expire, but if you have
"Rebuild Bayes Every" set in your MailScanner.conf this isn't needed.  I
still like to do it anyway as a failsafe measure.

(Julian: I have tested the Rebuild Bayes bit, and it appears to work, I see
SA expiring the bayes DB every couple days, and journal syncs every time
you call rebuild. )


>  The --force-expire didn't get rid of any of the
>expiry files - had to delete them by hand but maybe that's the norm, I
>dunno.

That's normal. SA when it starts the expire creates a temporary file to
work with using it's PID as an extension. After it's done, the temp file is
moved back over top of the main database. When mailscanner kills SA in the
middle of running, it winds up leaving the tempfile behind and no change is
made the the bayes DB.

When you later run --force-expire, it just starts a whole new expiry run,
and isn't aware of the old tempfiles laying around.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

More information about the MailScanner mailing list