DNS Caching for Spamassassin RBLs

So I’m tweaking the mail filter server which is a Debian Linux server running Postfix, MailScanner and SpamAssassin.

I just wanted to share some of the performance improvements after installing pdns-recursor for local caching.

Install PowerDNS

root@mxfilter:~# apt-get install pdns-recursor

Obtain a sample spam email

root@mxfilter:~# wget http://people.apache.org/~wtogami/sample-spam.eml

First Test

root@mxfilter:~# cat sample-spam.eml | spamassassin -D 2>&1 | grep ‘async: timing’ | sed ’s/^.*dbg: async: //’ timing: 0.740 . dns:A:45.135.176.118.iadb.isipp.com. timing: 0.741 . dns:A:45.135.176.118.dnsbl.sorbs.net. timing: 0.749 . dns:TXT:45.135.176.118.sa-accredit.habeas.com. timing: 0.749 . dns:A:45.135.176.118.bb.barracudacentral.org. timing: 0.750 . dns:TXT:45.135.176.118.bl.spamcop.net. timing: 0.752 . dns:A:45.135.176.118.psbl.surriel.com. timing: 0.753 . dns:A:45.135.176.118.list.dnswl.org. timing: 0.756 . dns:A:45.135.176.118.zen.spamhaus.org. timing: 0.758 . dns:A:45.135.176.118.bl.score.senderscore.com. timing: 1.790 . dns:TXT:45.135.176.118.sa-trusted.bondedsender.org.

Second Test

timing: 0.002 . dns:A:45.135.176.118.iadb.isipp.com. timing: 0.006 . dns:TXT:45.135.176.118.sa-accredit.habeas.com. timing: 0.012 . dns:A:45.135.176.118.list.dnswl.org. timing: 0.016 . dns:A:45.135.176.118.bl.score.senderscore.com. timing: 0.206 . dns:A:45.135.176.118.psbl.surriel.com. timing: 0.996 . dns:A:45.135.176.118.dnsbl.sorbs.net. timing: 1.001 . dns:TXT:45.135.176.118.bl.spamcop.net. timing: 1.003 . dns:A:45.135.176.118.bb.barracudacentral.org. timing: 1.003 . dns:TXT:45.135.176.118.sa-trusted.bondedsender.org. timing: 1.009 . dns:A:45.135.176.118.zen.spamhaus.org.

After running pdns-recursor for about 5 minutes here are some statistics.

root@mxfilter:~# rec_control get-all all-outqueries 116 dlg-only-drops 0 dont-outqueries 0 outgoing-timeouts 0 tcp-outqueries 4 throttled-out 0 throttled-outqueries 0 unreachables 0 answers-slow 0 answers0-1 0 answers1-10 0 answers10-100 1 answers100-1000 24 case-mismatches 0 chain-resends 0 client-parse-errors 0 edns-ping-matches 0 edns-ping-mismatches 0 ipv6-outqueries 0 no-packet-error 0 noedns-outqueries 120 noerror-answers 15 noping-outqueries 0 nsset-invalidations 0 nxdomain-answers 18 over-capacity-drops 0 qa-latency 893 questions 33 resource-limits 0 server-parse-errors 0 servfail-answers 0 spoof-prevents 0 tcp-client-overflow 0 tcp-questions 0 unauthorized-tcp 0 unauthorized-udp 0 unexpected-packets 0 cache-entries 496 cache-hits 0 cache-misses 25 concurrent-queries 0 negcache-entries 10 nsspeeds-entries 369 packetcache-entries 24 packetcache-hits 8 packetcache-misses 25 sys-msec 36 tcp-clients 0 throttle-entries 0 uptime 462 user-msec 48

Published At
Tagged with