Commtouch or similar on Gamera?

[TheEniGMa]

Happy holidays everyone.

We are running two Gamera boxes and the clean out SPAM perfecty great, but lately they are beeing slower and slower (simply more mail to handle)... The SA content checks are extremel CPU intensive and when we get a large outbreak hitting us the mail queue grows very fast since the boxes can´t handle them right away.

I found Commtouch that got a SA plug-in making SA check back with Commtouchs servers with the mails checksum (or something) and then immediatly know if the mail is a known SPAM Outbreak... If so, the CPU expensive content check can be skipped.

Has anyone tried Commtouch or got any other good solutions to get load of your gamera-boxes? Not a very big fan of black lists based on IPs...

Also, can SA be configured to stop checking a mail agains the SA rules if a score of X is reaced?

Thanks.

[breun]

Did you install pyzor, dcc and razor-agents? I believe they all do that checksum checking thing and are available from the Atomic repository.

[TheEniGMa]

Hmm, I´ll need to check on that. Belive I just ran the "yum install project" gamera way back in time and can´t remember is pyzor where included from start...

Where do the "pyzor checksum database" come from, how are the checksums collected and can it be updated some easy way equal to the sa-update for SA rules?

[breun]

You don't need to download any updates, mails are checked in realtime. It's not a central system, but a "collaborative, networked system". More info at http://pyzor.sourceforge.net/

[TheEniGMa]

Actually I did have pyzor installed and SA configured to use it. Also confirmed in the maillog that PYZOR_CHECK is is the SA result for detected SPAM. I just didn´t really knewthat Pyzor did what it does...

So, next step... Can I do a check with pyzor/razor and have SPAM deleted if it get a high pyzor-score BEFORE it beeing check by the SA rules. Trying to get rid of as much load as possible, still I don´t want any real mail to be mistaken for SPAM. Have any idea how failprof the pyzor is?

Or simply, can SA stop checking a message when a score of X is reaced? Currently many SPAM reaches a score 30-40 and I guess I can safely have SA delete it at 10-15 even if some negative scores might not be count is at a later stage...

[breun]

So, next step... Can I do a check with pyzor/razor and have SPAM deleted if it get a high pyzor-score BEFORE it beeing check by the SA rules.

Pyzor and friends are run by SpamAssassin as SA checks. So no, you can't run them before.

Trying to get rid of as much load as possible, still I don´t want any real mail to be mistaken for SPAM. Have any idea how failprof the pyzor is?

Or simply, can SA stop checking a message when a score of X is reaced? Currently many SPAM reaches a score 30-40 and I guess I can safely have SA delete it at 10-15 even if some negative scores might not be count is at a later stage...

I don't know how SpamAssassin handles this or if it can be configured to stop running checks once a certain threshold is reached. You might have to ask the SpamAssassin folks.