Why is MS doing spam checks first?

Remco Barendse mailscanner at BARENDSE.TO
Sat Dec 3 04:41:34 GMT 2005 

On Sat, 3 Dec 2005, Kai Schaetzl wrote:

> Remco Barendse wrote on         Fri, 2 Dec 2005 18:56:41 +0100:
>
>> Unfortunately, in my case I also have batched SMTP from my provider. This
>> means that any mail that is not deliverable directly to one of the mail
>> servers, it is queued by my provider.
>
> You mean, the mail is delivered from your ISP to you instead of directly? If
> you have a static IP and connected 24/7 to the net I'd change this. Obviously
> you are better off if you can just reject all those viruses instead of taking
> them from your ISP.

Yes, they are backing up / queuing mail when our mail servers would be 
offline. It's a thing from the past actually, something that was in use 
when there was still dial-up internet and dsl connections were flakey.

>> Right now one box (an Athlon XP2600 with 1 Gb of ram and max 2 MailScanner
>> threads) is getting hammered with virii. It's taking up to 10K virus mails
>> per day now (normal volume is 100-200 mails per day on that 2nd in
>> line box).
>
> You need more than 2 MailScanner processes for this, go to 5 or more. Your
> RAM is enough for that unless something else is hogging memory.
> If you can't get mail to you directly the only choice you have is to avoid
> processing as much as possible. F.i. if many viruses go to non-existent
> addresses because of catch-alls remove the catch-alls. Drop sa scanning for
> the time being. And complain to your upstream ISP.

I tried, but as soon as I increase the number of MailScanner processes I 
start getting these annoying SpamAss timeouts resulting in spam slipping 
through (which is really infuriating me because it would have been killed 
otherwise). Without SA in between the box handles 5 processes easily, it's 
SA that starts to be difficult. (The box is only handling mail, 
nothing else).

If all mails get filtered through SA+MS I have only 2-3 spam mails per 
WEEK slipping through (for the whole company!).

That's why I thought it would be nifty if the scanning order would be user 
settable. I know that I will never get more mail than this but 
virusscanning first could take out the really nasty peaks in traffic we 
are seeing now.

Remco

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list