Shortcircuiting Ruleset
The following is a demonstration ruleset which uses the new 3.2.0 feature of short-circuiting, together with existing reliable, hard-to-forge whitelist/blacklist rules, in order to reduce CPU load.
Give it a try if you like 
I use it on my own server with very good results. --j.
# Note that these rules use a variety of normally-optional plugins; you need to # enable the DK, DKIM, SPF, Shortcircuit, ClamAV, and VBounce plugins to use # them. ifplugin Mail::SpamAssassin::Plugin::Shortcircuit # always log shortcircuit status add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ shortcircuit=_SCTYPE_ autolearn=_AUTOLEARN_ version=_VERSION_" # simple, non-network-based whitelists, locally-generated messages, # messages via a trusted relay chain, simple, non-network based blacklists meta SC_HAM (USER_IN_WHITELIST||USER_IN_DEF_WHITELIST||USER_IN_ALL_SPAM_TO||NO_RELAYS||ALL_TRUSTED||USER_IN_BLACKLIST_TO||USER_IN_BLACKLIST) priority SC_HAM -1000 shortcircuit SC_HAM ham score SC_HAM -20 # slower, network-based whitelisting meta SC_NET_HAM (USER_IN_DKIM_WHITELIST||USER_IN_DK_WHITELIST||USER_IN_SPF_WHITELIST||USER_IN_DEF_DK_WL||USER_IN_DEF_DKIM_WL||USER_IN_DEF_SPF_WL) priority SC_NET_HAM -500 shortcircuit SC_NET_HAM ham score SC_NET_HAM -20 # bounce messages: always ignored if the vbounce plugin is active priority ANY_BOUNCE_MESSAGE -700 shortcircuit ANY_BOUNCE_MESSAGE spam score ANY_BOUNCE_MESSAGE 20 # ClamAV support: no need to scan viruses/malware priority CLAMAV -900 shortcircuit CLAMAV spam score CLAMAV 20 # add additional DK/SPF whitelists whitelist_from_dk *@gmail.com whitelist_from_spf *@gmail.com endif