2500 timeouts a day!

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Thu May 27 09:11:04 IST 2004


Max

missed you original reply, but here's the answers inline with Ugo's..

Ugo Bellavance wrote:
> Max Kipness wrote:
>
>>> max I started to see alot of timeouts as my server load
>>> increased. I've moved off as many RBL's as possible (just
>>> using a couple inside SA), moved the bigevil.cf etc to use
>>> surbl.org instead and made sure I have a name server (caching
>>> only) running my my MS box.
>>>
>>> I also reduced the number of children and the max number of
>>> messages to process at time.
>>>
>>> Now the timeouts have reduced dramatically.
>>
>>
>>
>> Now the load on the server is something I've never really thought of.
>
>
> And what is the number?  Have you checked with vmstat?
>
>> Is
>> there anyway to offload any processes to another MS server as I'm
>> bringing one up as a failover?
>
>
> What do you mean exactly?
>

yes, you can share the load by having two systems with the same MX
value, DNS will then round robin the values...if one of the systems
stops the other will take all the traffic automagically.

>>
>> You are saying that you removed bigevil.cf? How do I use surbl.org?
>> Isn't that an RBL? It can replace bigevil?
>
>
> I think this is in an FAQ entry.  I don't use it myself.
>

www.surbl.org - install the plugin for SA 2.63 and make sure the rule
set had all four lists. You can then remove the bigevil.cf, midevil,cf
and Bill Stearnes sa-blacklist from /etc/mail/spamassassin.

>>
>> Is there a limit on how many SA rule files you should use?
>>
>> The primary DNS for the MailScanner server is an internal DNS server on
>> the same LAN, this in turn forwards requests to an external DNS server
>> that is also on the same LAN (we host public DNS). Would it give me any
>> advantage to create a caching nameserver on the MailScanner server?
>
>
> I think so.  A local request is always faster than any network request.
>

no limit on rule files (or rules!) - but obviously the more you use the
more processing power it takes..

better to run a local caching nameserver on the MS host, and if you are
running more 100K requests a day the recommendation is to setup rbldnsd
to rsync the zone files...(see bottom of www.surbl.org main page for
instructions on this)

>> The
>> queries seem to resolve pretty quick when testing with Dig.
>>
>> I run RBL's via MailScanner and SA. Even though the MS RBL's timeout
>> sometimes, that would never cause SA to timeout, right?
>
>
> No, but there are some RBLs in SA, if you didn't deactivate them.
>

might cause issues if you have alot of messages per batch...

>>
>> One other thing. I have a blacklist with about 1500 entries in it. I'm
>> going to move this temporarily tonight and see if this reduces the
>> timeouts. My blacklist removes 300 pieces of spam per day, so I'm afraid
>> to remove it permanently. I tried to look on the logs to see how many of
>> them might be also caught by bayes, but it seems as though once an email
>> is blacklisted, no other checks are done.
>>
>> I will also look at reducing the number of children/messages to process.
>
>
> Take a look at the amount of messages you have in your incoming queue
> and compare it with "max child process X max batch size".
>

are you blacklisting in MS or SA? I'd look at rules rather then
blacklists...

>>
>> Thanks,
>> Max
>>


--
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list