Mailscanner and server load

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Fri Aug 27 09:46:29 IST 2004


<x-flowed>
Hi

load looks a little high for that spec of machine...

make sure you have a caching DNS server on the machine - it makes alot
of difference to SURBL, easy to setup, I'd do that first.

As to RBL's I run only the spamcop combined list, known virus list and
ORB, all others are turned off...my spam.assassin.prefs.conf has this in
it..

############################################
header  RCVD_SPAMHAUS_XBL
rbleval:check_rbl('spamhaus-xbl','xbl.spamhaus.org.')
describe RCVD_SPAMHAUS_XBL Found in SpamHaus XBL
tflags RCVD_SPAMHAUS_XBL net
score RCVD_SPAMHAUS_XBL 1.5

header RCVD_IN_VIRBL
eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host
tflags RCVD_IN_VIRBL net
score RCVD_IN_VIRBL 0 3.0 0 3.0

# habeas getting totally abused by the spammers
score HABEAS_SWE 0.0

# don't do all the RBL's just orb and spamhause XBL - above
score RCVD_IN_NJABL 0.0
score RCVD_IN_NJABL_DIALUP 0.0
score RCVD_IN_NJABL_MULTI 0.0
score RCVD_IN_NJABL_PROXY 0.0
score RCVD_IN_NJABL_RELAY 0.0
score RCVD_IN_NJABL_SPAM 0.0
score RCVD_IN_DYNABLOCK 0.0
score RCVD_IN_OPM 0.0
score RCVD_IN_OPM_WINGATE 0.0
score RCVD_IN_OPM_SOCKS 0.0
score RCVD_IN_OPM_HTTP 0.0
score RCVD_IN_OPM_ROUTER 0.0
score RCVD_IN_SORBS_BLOCK 0.0
score RCVD_IN_DSBL 0.0
score RCVD_IN_RFCI 0.0
score DNS_FROM_RFCI_DSN 0.0
#score RCVD_IN_SBL 0.0
score HABEAS_VIOLATOR 0.0
score RCVD_IN_BSP_TRUSTED 0.0
score RCVD_IN_BSP_OTHER 0.0
#######################################################################

Doing it this way means you don't take the RBL as a complete blacklist,
just adds to the score, which helps prevent FPs.

I'd check the MAQ on tuning, esp logging and running a tmpfs for the MS
tempory files...

Also I check for valid email addresses on the inbound MTA. If it's not
from/to a valid address it gets rejected (this stops around 2/3's of
spam before it hits MS, yes 2/3's!!!), and thus reduces load on MS.

Adding RAM will always help..

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300


kfliong wrote:
> Thanks for the replies guys. I can learn a lot from all your comments.
>
> Anyway, here are more info on my system.
>
> Around 50,000 mails per day of which 95% are SPAMS. I am currently using
> list.dsbl.org on my sendmail.cf to which is helping a little to kill off
> mails before they can come into my server. But it have false identification
> which is causing some users unable to send mail using SMTP, that's why I
> need to rely on SURBL and remove dsbl on MTA.
>
> I was using only bigevil previously and since SURBL will replace bigevil, I
> have removed bigevil.
>
> A recap of my system specs :
>
> Celeron 1.3GHz, 512mb RAM, 60gb hdd, redhat 7.3, mailscanner+SA+clamav (all
> latest stable version)
>
> And I do not run any DNS server. But will do that once I upgraded my box to
> fedora core 1 and ensim pro 4.0.1.
>
> For now, I want to know if I should upgrade to 1GB RAM.
>
<snip>

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list