The primary anti-spam of Halon MTA's integrated package is a commercial technology from CYREN, which detects spam by measuring the volume of messages, globally. However, SpamAssassin is included as well, primarily to provide a "second opinion" in case the CYREN engine isn't sure.
The integrated package ship's with SpamAssassin's default configuration, with the exceptions list below. Bayesian is disabled because our standard configuration doesn't run SpamAssassin on messages with a CYREN "spam" classification.
For information on what rules are included by default, please see SpamAssassin's official default rules page. It's possible to add your own rules on the Configuration -> Anti-spam/virus -> SpamAssassin page (the configuration key antispam_sa_config). Rules are updated through SpamAssassin's own channel.
time_limit 30 lock_method flock # Faster locking method use_bayes 0 # Faster Bayes database (lines below) bayes_auto_learn 1 bayes_path /storage/spamassassin/bayesian/bayes bayes_file_mode 0777 bayes_store_module Mail::SpamAssassin::BayesStore::SDBM use_razor2 1 razor_config /usr/local/share/halon/razor.conf score RDNS_NONE 0 # We don't do reverse lookups for performance reasons score T_DKIM_INVALID 0
if (ScanSA() >= 5) Reject("Rejected by spam filter (".$transaction["id"].")");
And to combine it with Cyren's RPD engine you can call on the ScanSA() function for all classifications other than "spam" (100).
if (ScanRPD() === 100) Reject("Rejected by spam filter (".$transaction["id"].")"); if (ScanRPD() === 50 and ScanSA() >= 2) Reject("Rejected by spam filter (".$transaction["id"].")"); if (ScanRPD() === 10 and ScanSA() >= 3) Reject("Rejected by spam filter (".$transaction["id"].")"); if (ScanSA() >= 5) Reject("Rejected by spam filter (".$transaction["id"].")");
SpamAssassin has strict policy for which DNSBL lists to include by default. Some of them might, or might not, be free for you to use. However, your system's accuracy or performance shouldn't be significantly degraded if some of those DNSBL's start blocking you.
Disabling DNSBL and other online checks
If you have a very high traffic system which is likely to be blocked by all SpamAssassin's included DNSBL lists, you can disable all of them by adding
skip_rbl_checks 1 skip_uribl_checks 1
to your configuration, or disabling some of them by adding lines such as
score __RCVD_IN_ZEN 0 # SpamHaus score URIBL_SC_SURBL 0 # SURBL score URIBL_WS_SURBL 0 score URIBL_PH_SURBL 0 score URIBL_MW_SURBL 0 score URIBL_AB_SURBL 0 score URIBL_JP_SURBL 0 score RCVD_IN_DOB 0 # Day Old Bread score URIBL_RHS_DOB 0 score DNS_FROM_DOB 0
or you can block them based on domain name using
dns_query_restriction deny spamhaus.org dns_query_restriction deny sorbs.net
Before reading this chapter, please familiarise yourself with the general performance guidelines.
SpamAssassin has several "deep scanning" and network lookup filters, that may take some time depending on the size, content, complexity and layout of a message. High volume systems need to cope with this fact, and for that reason we have developed a queuing and bypass system.
|antispam_sa_sizelimit||512 KiB||Max message size; NOT_SCANNED_TOO_BIG=0 is returned if exceeded|
|antispam_sa_waitlimit||30 s||Max estimated queue wait time; NOT_SCANNED_QUEUE_TOO_LONG=0 is returned if exceeded|
|antispam_sa_processes||Depends on RAM||Max number of SpamAssassin processes|
In order to provide a predicable throughput, we have implemented a queue in front of SpamAssassin, and messages are bypassed if the estimated wait time exceeds antispam_sa_waitlimit. However, in some cases SpamAssassin may still take a bit longer, that is due two possible reasons.
- The message is being processed by SpamAssassin which for some reason takes more time than expected. That could be reloading of rules or some other unforeseen events.
- The message has been put into the wait queue (somewhat commited to wait), but for some reason it takes way more time than expected. In that case, it waits up to three times the antispam_sa_waitlimit (* 3) before stepping out of the queue.