Building an MS-SA box

Michael Weiner hunter at
Sat Feb 21 14:22:53 GMT 2004

On Fri, 2004-02-20 at 10:54, Martin Hepworth wrote:
> 1) make sure the MailScanner working area, "Incoming Work Dir" defined
> in MailScanner.conf, is on a tmpfs not a disk.

always an excellent suggestion, once i move this to "production" i will
be throwing the Incoming Work Dir onto a Boxhill array.

> 2) configure a caching nameserver on the MS box.

DEFINITELY!! currently running nscd-2.3.2-27.9.7 (aint redhat's latest
versioning crazy?)

> 3) have a look at the "Max Children" ,"Max Unscanned Messages Per Scan"
> and "Max Unsafe Messages Per Scan". Altering these, esp the Max Children
> can have a big effect. Given you load average I'd consider lowing the
> Max Children - after 1 and 2 have been done. Mine's at 5, but I'm only
> running an single 600mhz, 8-9k messages a day.

are you talking about within sendmail itself or within MS? Sendmail, tho
not running of course, had been configured for an earlier exercise with
the following (but still in the cf file):

QueueLA=18, RefuseLA=22, DelayLA=0, MaxDaemonChildren=0,

now withing MS itself i have the following set:

Max Children 10
Max Unscanned Messages Per Scan 30
Max Unsafe Messages Per Scan 30

> 4) RAM RAM and plenty of RAM..1-2GB is not unheard of in this list for
> your sort of message load.

This is an older piece of hardware as well its a dual proc 750MHz PIII
with 1G RAM and 1G swap currently. 

Things have calmed down and the system is running much better albeit at
a fairly constant load average of 5-7 throughout the day, once i
disabled sendmail's ability to use spamass-milter and regex-milter which
i had been using in conjunction with another exercise. But i still run
SA with pyzor, razor, and dcc along with MS and the system seems to be
stabilizing now over the past 12 hours. Just trying to finish getting
ClamAV working. I have 0.67-1 rpm rebuilt and installed, and i can run
the wrapper test successfully as follows:

/usr/lib/MailScanner/clamav-wrapper /usr

and it scans and does find exploits yet MS doesnt mark any nor log any
as having been found. I am trying to figure out why, but have had no
luck. Any ideas?

Thanks in advance.
Michael B. Weiner, Linux+, Linux+ SME
Systems Administrator/Partner
The UserFriendly Network (UFN)
Linux Registered User #94900    Have you been counted?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the MailScanner mailing list