Matthias Leisi wrote:
>
> A couple of notes:
>
> 1) This advice:
>
> > Tue Jun 10 14:55:36 2008 [72096] dbg: conf: trusted_networks are not
> > configured; it is recommended that you configure trusted_networks
> > manually

>
> should not be ignored. Setting trusted_networks would slightly reduce
> the number of DNS lookups and can avoid all sorts of funny error
> situations.


Agreed. "trusted_networks" is a key setting for quite a few of the
network based tests. If you don't set it manually, SA takes a guess at
it and can get it wrong (especially if your server is behind a NAT
firewall).

> 3) Do you reject connections at the MTA level with a selection of
> blacklists (eg sbl/xbl/pbl/zen.spamhaus.org) and/or other means? This
> should greatly reduce the workload on SpamAssassin.


You should definitely consider this if you don't have it in place
already. I recommend zen.spamhaus.org. This one blacklist gets rid of
most of my spam and I haven't found a false hit yet.

I had a similar situation to you. There was too much garbage coming in
and the server couldn't keep up with spam and virus scans for all of it.
I solved the problem by adding the zen blacklist.

--
Bowie