On Thu, Oct 23, 2008 at 03:15:33PM +0200, mouss wrote:
> Brent Clark a écrit :
> > Hiya
> >
> > I would like to know, what are the implications of using / enabling
> > shortcircuit.
> >
> > Other than speeding up the scan processing, from my side, I cant see a
> > downgrade in spam detection.
> >

>
> if you don't have performance issues, don't shortcircuit. The more you
> check, the better.


Lets get some facts straight.

If you are not certain what you are shortcicuiting, don't do it. But you
don't need to have performance issues to do it! I like to save resources for
a bad day (spam flood?).

I shortcircuit:

USER_IN_SPF_WHITELIST
USER_IN_DKIM_WHITELIST
USER_IN_WHITELIST

Why bother scanning?

Also:

ALL_TRUSTED

I have extensive list of trusted_networks for whitelisting purposes. How
can you whitelist people if they send through a large ISP smarthost etc and
they are not using DKIM? Not with whitelist_from_rcvd/spf. Well ok, you
can, but there is a small chance of spoofing. But why risk anyway, since
this does the job efficiently. Hits 13% of all traffic.

My magic rule:

(BAYES_00 && RELAY_FI && !ANY_BOUNCE_MESSAGE)

Bayes works extraordinary well, since most my ham is in Finnish, and spam
in English.. together with relay from Finland (very small source of spam)
it skips almost 40% of my traffic! (BAYES_00 alone is about 50%)

There is no point checking known good traffic. If you can identify such
rules, good for you. I really don't care if there are very few non-serious
FNs. ClamAV/Sanesecurity will catch most anyway.