SpamAssassin is a great tool for helping to reduce spam. However, on it's own it has a pretty big problem: it's very expensive. Ditto for ClamAV. ClamAV is great to get rid of the obvious viruses, but is also expensive. I'm not talking the cost of the software, but the CPU cycles required to run them. For example, I currently have around 900 messages in our mail queue generated by a cron job which got away from me. So, these messages are fairly small.
We run all of our incoming messages through SpamAssassin and ClamAV. Currently, our mail server is a 2.66GHz P4, and processing each delivery is taking almost 4 seconds with 100% CPU usage.
So, if these were your only anti-spam defenses, it would be pretty easy for a spammer to swamp your system such that it would delay legitimate messages with the scanning of spam. I think in some cases this may be exactly what the spammers are trying for. If they can get you to disable the spam filters because your queues are constipated, they win.
Here's one of the places where greylisting is a huge benefit. I've found that greylisting drops between 80 and 90% of incoming messages, and is extremely cheap. One test I ran of one of my implementations of greylisting was showing performance of handling 384 recipients per second. 3 orders of magnitude faster than the 4 seconds for SA+ClamAV.
In fact, this was one of the major reasons why I implemented greylisting. Our mail server was, at least a few times a week, getting it's queues jammed up with spam that was causing legitimate e-mail to require an hour or more to come through.
In conclusion, remember the costs of your various anti-spam components, and try to put the less expensive ones up in front of the more expensive ones.comments powered by Disqus