Server OS upgraded from Debian 7.4 to 8.2
Debian 8 has been the stable version since April, but I only just got round to upgrading the server today. Even then the main motivation was because of a sudden huge increase in spam which turned out to be due to two things. First we were being blocked from using the domain black-lists, and second because our version of Debian was using version 3.3.2 of [SpamAssassin], but it needs to use at least version 3.4 to make full use of the domain black-lists. Here's an example X-Spam email header showing that we're being blocked:
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,HTML_IMAGE_ONLY_32, HTML_MESSAGE,T_DKIM_INVALID,T_RP_MATCHES_RCVD,URIBL_BLOCKED,URI_NOVOWEL autolearn=ham version=3.3.2
The first problem was happening because the black-list services run over DNS, but they will block requests from DNS servers that use their free services too much. We were using our server host's DNS servers which were being blocked because they relay requests to the black-lists from thousands of their clients, but they don't pay for the black-list services. This issue is easily fixed though, we simply needed to set up our own caching DNS server so that when SpamAssassin requests information form the black-lists they're going through our own server that makes only a minimal amount of requests. See Configure mail server for more details.
The best way to fix the second problem was to upgrade the OS because Debian 8 uses SpamAssassin version 3.4.0 which is modern enough to properly support the black lists. Here's an example of what the X-Spam headers are looking like now :-)
X-Spam-Status: Yes, score=11.0 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, BAYES_00,HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY,RCVD_IN_BRBL_LASTEXT, RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_DBL_SPAM,URIBL_SBL,URIBL_SBL_A, URIBL_WS_SURBL autolearn=no autolearn_force=no version=3.4.0
Another thing that's much more up to date in the new Debian version is our web-server, Nginx. This was only on version 1.2 before but now has gone all the way up to 1.6! This is good news because versions prior to 1.3 had no support for WebSockets, so now our page comments no longer need to use Ajax-polling which is very unresponsive and wasteful.