Mailscanner and server load

kfliong kfliong at WOFS.COM
Fri Aug 27 11:29:28 IST 2004 

<x-flowed>
At 04:46 PM 27/8/2004, you wrote:
----------
Also I check for valid email addresses on the inbound MTA. If it's not
from/to a valid address it gets rejected (this stops around 2/3's of
spam before it hits MS, yes 2/3's!!!), and thus reduces load on MS.
---------
Can you elaborate further on this? How do you do that? Do you have to add
the addresses manually to the list?

Thanks in advance.


>Hi
>
>load looks a little high for that spec of machine...
>
>make sure you have a caching DNS server on the machine - it makes alot
>of difference to SURBL, easy to setup, I'd do that first.
>
>As to RBL's I run only the spamcop combined list, known virus list and
>ORB, all others are turned off...my spam.assassin.prefs.conf has this in
>it..
>
>############################################
>header  RCVD_SPAMHAUS_XBL
>rbleval:check_rbl('spamhaus-xbl','xbl.spamhaus.org.')
>describe RCVD_SPAMHAUS_XBL Found in SpamHaus XBL
>tflags RCVD_SPAMHAUS_XBL net
>score RCVD_SPAMHAUS_XBL 1.5
>
>header RCVD_IN_VIRBL
>eval:check_rbl('virbl-notfirsthop','virbl.dnsbl.bit.nl')
>describe RCVD_IN_VIRBL VIRBL: Received from a virus infected host
>tflags RCVD_IN_VIRBL net
>score RCVD_IN_VIRBL 0 3.0 0 3.0
>
># habeas getting totally abused by the spammers
>score HABEAS_SWE 0.0
>
># don't do all the RBL's just orb and spamhause XBL - above
>score RCVD_IN_NJABL 0.0
>score RCVD_IN_NJABL_DIALUP 0.0
>score RCVD_IN_NJABL_MULTI 0.0
>score RCVD_IN_NJABL_PROXY 0.0
>score RCVD_IN_NJABL_RELAY 0.0
>score RCVD_IN_NJABL_SPAM 0.0
>score RCVD_IN_DYNABLOCK 0.0
>score RCVD_IN_OPM 0.0
>score RCVD_IN_OPM_WINGATE 0.0
>score RCVD_IN_OPM_SOCKS 0.0
>score RCVD_IN_OPM_HTTP 0.0
>score RCVD_IN_OPM_ROUTER 0.0
>score RCVD_IN_SORBS_BLOCK 0.0
>score RCVD_IN_DSBL 0.0
>score RCVD_IN_RFCI 0.0
>score DNS_FROM_RFCI_DSN 0.0
>#score RCVD_IN_SBL 0.0
>score HABEAS_VIOLATOR 0.0
>score RCVD_IN_BSP_TRUSTED 0.0
>score RCVD_IN_BSP_OTHER 0.0
>#######################################################################
>
>Doing it this way means you don't take the RBL as a complete blacklist,
>just adds to the score, which helps prevent FPs.
>
>I'd check the MAQ on tuning, esp logging and running a tmpfs for the MS
>tempory files...
>
>Also I check for valid email addresses on the inbound MTA. If it's not
>from/to a valid address it gets rejected (this stops around 2/3's of
>spam before it hits MS, yes 2/3's!!!), and thus reduces load on MS.
>
>Adding RAM will always help..
>
>--
>Martin Hepworth
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>
>kfliong wrote:
>>Thanks for the replies guys. I can learn a lot from all your comments.
>>
>>Anyway, here are more info on my system.
>>
>>Around 50,000 mails per day of which 95% are SPAMS. I am currently using
>>list.dsbl.org on my sendmail.cf to which is helping a little to kill off
>>mails before they can come into my server. But it have false identification
>>which is causing some users unable to send mail using SMTP, that's why I
>>need to rely on SURBL and remove dsbl on MTA.
>>
>>I was using only bigevil previously and since SURBL will replace bigevil, I
>>have removed bigevil.
>>
>>A recap of my system specs :
>>
>>Celeron 1.3GHz, 512mb RAM, 60gb hdd, redhat 7.3, mailscanner+SA+clamav (all
>>latest stable version)
>>
>>And I do not run any DNS server. But will do that once I upgraded my box to
>>fedora core 1 and ensim pro 4.0.1.
>>
>>For now, I want to know if I should upgrade to 1GB RAM.
><snip>
>
>**********************************************************************
>
>This email and any files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the system manager.
>
>This footnote confirms that this email message has been swept
>for the presence of computer viruses and is believed to be clean.
>
>**********************************************************************
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

More information about the MailScanner mailing list