Performance
Scott Silva
ssilva at sgvwater.com
Thu Feb 1 23:20:26 CET 2007
John Schmerold spake the following on 2/1/2007 1:50 PM:
> MailScanner -changed is a great help.
>
> I promised to let the group know how things are going. Very well is the
> answer. Messages are getting processed in 4 to 10 seconds.
>
> The main problem I have now is responding to mal-formed HELO
> announcements. I am having to write a lot of "your critical emails
> aren't getting through because your correspondent's mail server is
> mis-configured. Of course, I'm keeping "check_helo_access
> hash:/etc/postfix/helo_access" in my back-pocket.
>
> When things quiet down, I'll deal with the scatterback issue. For now,
> I'm dumping them off the face of the earth by specifying a non-existant
> relay host. /etc/postfix/transport takes care of getting legitimate mail
> where it needs to go. Yes, I know this isn't optimal way of dealing with
> the problem.
>
> Kept Pyzor, since things are under control. It will be on my short list
> of things to eliminate if we get back to 2-6 hour queue times.
> Kept cbl.abuseat.org and zen.spamhaus.org due to Spamhaus TOS, and the
> fact that RBL checks do not seem to be the bottleneck.
> Added ws.surbl.org to list of RBLs
> Added combined.njabl.org to list of RBLs
>
> /dev/shm & /var/spool/MailScanner/incoming was a tmpfs dir. Added
> following to /etc/cron.hourly/check_MailScanner
> if [ -d /dev/shm ]; then
> TMPDIR=/dev/shm
> export TMPDIR
> fi
>
> Changes to MailScanner.conf:
> Max Children = 5
> Max Unscanned Messages Per Scan = 30
> Max Unsafe Messages Per Scan = 30
>
> Changes to main.cf
> smtpd_delay_reject=no
>
> smtpd_helo_restrictions = permit_mynetworks,
> check_helo_access hash:/etc/postfix/helo_access
> reject_invalid_hostname
> reject_unknown_hostname
> reject_non_fqdn_hostname
> reject_unauth_pipelining
> permit
>
> PolicyD was already giving me GreatPause, so I didn't add
> smtpd_client_restrictions as recommended
>
> For the record, my current configuration is as follows:
> [root at mx1 ~]# MailScanner -changed
> Table of Changed Values:
>
> Option Name Default Current Value
> ===============================================================================
>
> alwaysincludespamassassinreport no yes
> archivemail RULESET:Default=
> highscoringspamactions deliver header "X-Spam-Status: Yes"
> store
> highspamassassinscore 10 7
> incomingqueuedir /var/spool/mqueue.in
> /var/spool/postfix/hold
> languagestrings /etc/MailScanner/reports/en/languages.conf
> logspam no yes
> logspeed no yes
> maxspamassassinsize 30000 20k
This setting has gone in and out of errors. The k sometimes gives an
error--keep an eye out or just change to 20000. Julian has probably fixed
this, but I don't remember it in the changelog.
> mta sendmail postfix
> outgoingqueuedir /var/spool/mqueue
> /var/spool/postfix/incoming
> requiredspamassassinscore 6 4
> restartevery 14400 7200
> runasgroup 0 postfix
> runasuser 0 postfix
> signcleanmessages yes no
> spamactions deliver header "X-Spam-Status: Yes"
> deliver header "X-Spam-Status: Res"
> spamassassinsiterulesdir /etc/mail/spamassassin
> spamheader X-MailScanner-SpamCheck:
> X-Schmerold-MailScanner-SpamCheck:
> spamliststobespam 1 3
> spamliststoreachhighscore 3 7
> spamscoreheader X-MailScanner-SpamScore:
> X-Schmerold-MailScanner-SpamScore:
> virusscanners auto f-prot
Clamav doesn't add much overhead, since the scanners run on batches of mail.
But clam catches a lot of phishing spams.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list