I don't know about all of you, but I was running into a big problem with my spamassassin list. I would normally add domains or addresses to the local.cf file and, over time, the list grew to include thousands of entries.
The problem was that when a message came in, it would have to go through this file, which took up valuable cpu and memory resources. I already was using spamhaus and other techniques to get spam down, but it didn't seem to help much.
Regardless, here's what I did: I took all of my domains that were being blocked and left out individual addresses, and put them into a plain text file. I then used a utility called NS-Batch which can be found here:
http://www.jimprice.com/jim-soft.shtml to convert all those domains to ip addresses.
Once I had those ip's, I worked a little "vim" magic and made a file with entries that looked like this:
-A INPUT -s 63.64.121.170 -j DROP
Please note, this was the first one I was doing, so it was a mass ban rather than an add entry one by one.
Then I would simply ban these ip's at the firewall with the command iptables-restore < /iplist.txt then iptables-save
Make sure that you set up your system to automatically ban those ip's on bootup.
Then I removed those domain entries in my local.cf file.
Basically, instead of the domains being banned at the local.cf file, they were now being blocked at the firewall level.
The difference? Instead of my cpu shooting up to 90% every 3-5 seconds (we get thousands of messages a day) my cpu hums along nicely and peaks at around 10%.
Of course, I'm probably leaving out a step or two that I'm forgetting or someone may have a better idea, so I'd be happy to hear your input!
