Server Loads/hardware standards - recommendations

Julian Field MailScanner at ecs.soton.ac.uk
Tue Oct 17 20:29:15 IST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Silva wrote:
> Michael Kain spake the following on 10/17/2006 9:52 AM:
>   
>> Recently, I've gone from handling 40k messages /day to nearly 30k/hour. 
>> The change has surfaced in the last month or so.
>>
>> My current setup:
>> Dual P3 1.13
>> 1GB Ram
>> FC5
>>
>> Mail gateway running MS/clam/SA forwards scanned mail to internal mail
>> server (when there's a problem, users hit send/receive and that doesn't
>> cause an error..thus avoiding immediate call) I've used Julian's clam/sa
>> install script (which is awesome), and read posts relating to new
>> releases before upgrading/such.
>>
>> With spamassassin enabled, the batch list grows and grows, was up to 95k
>> at one point.. disabling SA in MS cleared that out fairly quickly.  I've
>> wiped the SA/bayes temp files thinking bayes was backing up, however, it
>> seems that is not helping.
>>
>> What I would like an opinion on is this... Am I trying to do too much
>> with the hardware that I currently have?  Or do I put together a bigger
>> beefier machine?
>>
>> -Mike
>>     
You can make a huge difference to the amount of spam you have to process 
with 2 tools:

1) milter-gris
2) milter-null

Number 1 implements grey-listing. There are a lot of discussions about 
greylisting on the web, and a lot of people are very wary of it 
initially. I was too. Then I ran a test with a handful of the fussiest 
email users I have (I've got about 2000 users in total). I told them I 
was implementing something new, but refused to tell them what, so they 
would not have any pre-conceptions about it. They *all* loved it, and 
none of them reported any problems at all. So I implemented it across 
all of my users, who are very fussy Computer Science and Electronics 
academics, as well as the students. That was about 6 months ago, since 
when I have had *1* complaint, which I dealt with by adding them to the 
whitelist for it.

So my conclusion with greylisting is test it with some very fussy users, 
then roll it out to everyone.

Number 2 implements back-scatter detection. Basically, what this does is 
get rid of all the "This message could not be delivered..." notices that 
weren't generated in response to your own users' mail. It doesn't throw 
away all of them, so that if your users mistype an address, they still 
get the error message from it. But all the delivery failure messages 
generated by forged spam get killed.

Between these 2, you will remove 80-90% of all the mail coming into your 
site, without losing any genuine real mail at all. This will make your 
hardware go a hell of a lot further, and you will find you don't need to 
spend any money on new hardware at all.

My MX servers used to just about cope. Then I implemented these 2 
techniques and they now just tick along quite happily, getting very bored.

Both of the above techniques can be done very easily in sendmail and 
Postfix using the milters which are available from www.snertsoft.com. I 
thoroughly recommend them to everyone.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.0 (Build 1112)
Comment: Fetch my public key foot-print from www.mailscanner.info
Charset: ISO-8859-1

wj8DBQFFNS8QEfZZRxQVtlQRAlVDAKDAcLnmAPCpH7joNTguKkSqKazZXACg5xRc
UsdsgAaMsK/YW02xH109FQw=
=mOLq
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk

More information about the MailScanner mailing list