User specific rulesets

Mon Jan 22 07:44:59 CET 2007

Burak Ueda wrote:
> Greetings everyone.
> I have a question about rule sets.
> First let me describe the environment and conditions:
> 
> Server:
> Intel Dempsey Dual Core HT 3.0 GHz (4 virtual processors)
> 2 GB of memory (upgradeable to 16 GB)
> CentOS 4.5 / Apache 1.3
> cPanel/WHM control panel installed.
> 
> This is an email server. There are about 80 domains (with no websites) 
> and currently a bit more than 2000 email accounts.
> Number of email account expected to go up to 10K in this 1~2 years.
> The busiest domain will have approx 500 email accounts, the domain with 
> the least email accounts will have around 50.
> 
> I will let the email account owners write their own filter, up to 10 per 
> address. This will be black list only.

Blacklists are almost useless when used by 'average' users. Inevitably,
things like insxisliekan at throwawaydomain.info get blacklisted most of
the time. Whitelists are more useful. my $.02 :-\

> 
> Here is a simple scenario:
> 
> Mr. A has an address: email-A at domain1.com
> Mrs. B has an address in same domain:  email-B at domain1.com
> 
> These two people are not related to each other in way. They just own an 
> email address with same domain name. Just like gmail.com, yahoo.com etc.
> So Mr A doesn't wants to receive email from  offers at shop.com,
> but Mrs. B is a regular customer of shop.com and want to get emails form 
> offers at shop.com
> 
> I can achieve this by editing the global rules file:
> /usr/mailscanner/etc/rules/spam.blacklist.rules
> adding this line:
> To: email-A at domain1.com and From: offers at shop.com    yes
> 
> Here is the problem:
> Lets say server has 9000 email accounts. And 70% of the email account 
> owners are using personal filter.
> It is unlikely that all the users will use all 10 filters, so average 
> filter usage per user will be like 5.
> With some calculations, my global black list file will have 30K to 40K 
> lines of rules.

> And each time an email arrives to the server, MailScanner will check 
> this huge blacklist file (correct?).

MailScanner loads it all into ram on startup. It doesn't read config 
files when it receives mail. Large config files will bloat the 
MailScanner/SA processes quite a bit, but it should work on the system 
you describe, so long as it's dedicated to MailScanner/SA. 
Apache/cpanel/pop/imap should be on another box. MailScanner will often 
use 100% of cpu when it's busy, which is not a problem, so long as the 
box is dedicated to Scanning mail. The ONLY thing I'd run on this box 
besides MailScanner would be your antivirus software, and a caching 
nameserver, and perhaps a milter or two. Additionally, depending on how 
much mail you actually receive, be prepared to add another MailScanner 
box to the picture too.

Ken A
Pacific.Net

> Instead, I want to do this:
> Create a global blacklist file with 50 or so line, included the most 
> obvious spammers.
> And create a rule set for each domain. Somewhere in:
> /home/user/etc/spam.blacklist.rules
> 
> So even for the busiest domain, even if the all account holders using 
> all of their 10 rules, it will make 5000 lines of rules.
> So MailScanner will check the global file 50 lines + black list file for 
> the receiver domain 5000 = will be 5050 lines max.
> 
> I am so sorry for over detailed explanation, but I hope you got my point.
> Is this possible at all? If yes How?
> And if this is not possible, is my server specs enough to handle that 
> big blacklist file ?
> 
> Thanks in advance.