Will high whitelist row count adversely affect performance?
glenn.steen at gmail.com
Fri Sep 22 00:53:36 IST 2006
On 21/09/06, donald.dawson at bakerbotts.com <donald.dawson at bakerbotts.com> wrote:
> We are running MailScanner 4.52.2 and Spamassassin 3.1.1 and are wanting to
> increase our white list for known valid addresses.
> Currently we have about 10k rows in the file, but want to know if increasing
> it to 30k will adversely affect performance.
> We use HP DL boxes with 2 CPU's and 2 GB of memory. We currently do not
> have any performance issues.
Out of curiosity, are you whitelisting by email address(es)? And are
these observed to FP, or are they just "blanket safeguards"?
Reason I ask is because if the answer to the first is "yes" and the
second "the latter", you might be setting yourself up to fail. (wait
while I get my asbestos underwear on... who knows, this might be a tad
too opinionated for some:-).
When I started out with MailScanner, my PHB pestered me into
configuring that kind of massive "safeguards"... and I rather naively
went along with it. Until untagged spam started sneaking by as being
See, it's extremely simple to fake email sender (both envelope and
header), and if you whitelist by it, things like SPF wont come into
play (unless you do them at MTA level). The only somewhat safe
whitelisting one can do is by IP address, which make whitelisting a
pain... But there it is.
Since then I've removed practically all whitelisting and haven't
looked back. I'll probably be adding some idiots^H^H^H^H^H^Hsenders
over at Lehman, since they consistently outdo themselves to "earn" SA
points... but that will be at the most 4-5 IP addresses total.
To me the solution has always been to trim SA/MS as best one can. Sure
it isn't perfect, but one can get it to be pretty darned close.
And using the quarantine for the very few that would trigger a
spamaction, one can be reasonably safe, and even though most users
don't appreciate the nature of email (glorified postcards, with no
guarantees as to when they will be delivered), they wont notice delays
(when you need release their mail) that often:-):-).
Being in the finacial sector I rather often get requests from senders
to whitelist their domains/sender addresses "just to be safe". I
always ignore them. The PHB and my users (who often are asked by the
sender to pass on the requests to me) all "see the light" when
presented with this argument, and some stats on how the ones asking
have been scored so far ("What, so they never got a score above
Wow, that got a bit long... Sorry for that. It's just that a 10k
whitelist seems quite unreasonable, unless you have more than 500k-1m
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner