Server Loads/hardware standards - recommendations

Tue Oct 17 23:09:11 IST 2006

Julian Field spake the following on 10/17/2006 12:29 PM:
> Scott Silva wrote:
>>> Michael Kain spake the following on 10/17/2006 9:52 AM:
>>>   
>>>> Recently, I've gone from handling 40k messages /day to nearly 30k/hour. 
>>>> The change has surfaced in the last month or so.
>>>>
>>>> My current setup:
>>>> Dual P3 1.13
>>>> 1GB Ram
>>>> FC5
>>>>
>>>> Mail gateway running MS/clam/SA forwards scanned mail to internal mail
>>>> server (when there's a problem, users hit send/receive and that doesn't
>>>> cause an error..thus avoiding immediate call) I've used Julian's clam/sa
>>>> install script (which is awesome), and read posts relating to new
>>>> releases before upgrading/such.
>>>>
>>>> With spamassassin enabled, the batch list grows and grows, was up to 95k
>>>> at one point.. disabling SA in MS cleared that out fairly quickly.  I've
>>>> wiped the SA/bayes temp files thinking bayes was backing up, however, it
>>>> seems that is not helping.
>>>>
>>>> What I would like an opinion on is this... Am I trying to do too much
>>>> with the hardware that I currently have?  Or do I put together a bigger
>>>> beefier machine?
>>>>
>>>> -Mike
>>>>     
> You can make a huge difference to the amount of spam you have to process 
> with 2 tools:
> 
> 1) milter-gris
> 2) milter-null
> 
> Number 1 implements grey-listing. There are a lot of discussions about 
> greylisting on the web, and a lot of people are very wary of it 
> initially. I was too. Then I ran a test with a handful of the fussiest 
> email users I have (I've got about 2000 users in total). I told them I 
> was implementing something new, but refused to tell them what, so they 
> would not have any pre-conceptions about it. They *all* loved it, and 
> none of them reported any problems at all. So I implemented it across 
> all of my users, who are very fussy Computer Science and Electronics 
> academics, as well as the students. That was about 6 months ago, since 
> when I have had *1* complaint, which I dealt with by adding them to the 
> whitelist for it.
> 
> So my conclusion with greylisting is test it with some very fussy users, 
> then roll it out to everyone.
> 
> Number 2 implements back-scatter detection. Basically, what this does is 
> get rid of all the "This message could not be delivered..." notices that 
> weren't generated in response to your own users' mail. It doesn't throw 
> away all of them, so that if your users mistype an address, they still 
> get the error message from it. But all the delivery failure messages 
> generated by forged spam get killed.
> 
> Between these 2, you will remove 80-90% of all the mail coming into your 
> site, without losing any genuine real mail at all. This will make your 
> hardware go a hell of a lot further, and you will find you don't need to 
> spend any money on new hardware at all.
> 
> My MX servers used to just about cope. Then I implemented these 2 
> techniques and they now just tick along quite happily, getting very bored.
> 
> Both of the above techniques can be done very easily in sendmail and 
> Postfix using the milters which are available from www.snertsoft.com. I 
> thoroughly recommend them to everyone.
> 
> Jules
> 
So the addition of the two milters doesn't add that much load?
I am using mimedefang currently to kill all the dictionary attacks at my
backup MX's, but might consider something else when the spam load goes up.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!