Set it and forget it?

donald.dawson at bakerbotts.com donald.dawson at bakerbotts.com
Mon Nov 26 23:19:00 GMT 2007 

I can't go along with 1 CPU system handling 1,000,000 message attempts,
unless you are actually talking about very few being processed by MS/SA.
We have 4 dual-core server-grade systems running MS and SA (no virus
checking) and we can barely handle spam checking 500,000 emails.  Total
emails and attempts are close to 1,000,000 but that is spread over 4
servers.

Log starts:		Nov 24 00:07:08
Log ends:		Nov 26 00:00:17
****************************************************************
519,762 received messages totaling 2651 Mbytes (Avg Size: 5.22 Kbytes)
	441,860 suspected spam
	 15,101 delivered spam
-428,114 deleted spam
-51,079 pending processing
-----------------
 40,569 delivered messages

519,762 messages received
102,908 messages rejected
 70,703 messages Aborted/Incomplete
-----------------
693,373 total message attempts

****************************************************************
102,908 messages were rejected:
	  9,017 (550) - Relaying denied
	  6,507 (451) - Sender domain did not resolve
	 14,534 (553) - Domain of sender address does not exist
	     57 (450) - Relaying temporarily denied. Cannot resolve PTR
record
	     99 (Admin) - Administratively rejected
	 47,840 Reject due to pre-greeting traffic
	 24,854 Unknown reasons
183,590 deferred delivery attempts:
	 37,274 Connection refused
	  6,610 Connection reset
	      3 Connection limit reached
	102,112 Connection timed out
	 11,932 Deferred localy
	 25,659 Unknown reasons
    296 (DSN) Delivery Service Notifications:
	     22 Return receipt
	     36 User unknown
	    231 Service unavailable
	      1 Host unknown
	      5 Local configuration error
	      1 Data format error
****************************************************************
 10,050 messages FROM bakerbotts.com
 25,317 messages TO bakerbotts.com
  3,911 inbound connections encrypted with TLS
  9,464 outbound connections encrypted with TLS
****************************************************************

Messages received by server:
Server         		  Count
-------------- 		-------
ausgate        		     12
baker8         		      3
bbmx01         		129,075
bbmx03         		  4,679
bbmx06         		173,909
confgate       		      3
daldmz01       		      2
dalgate        		    294
hkgate         		      6
hougate2       		    243
houmx02        		  9,240
houmx04        		 83,601
houmx05        		118,672
longate        		      5
nygate         		      7
tempfw2        		      4
wasgate        		      7
               		=======
               		519,762

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Stephen
Swaney
Sent: Monday, November 26, 2007 4:35 PM
To: mailscanner at lists.mailscanner.info
Subject: Re: Set it and forget it?


Ugo Bellavance wrote:
> Steve Campbell wrote:
>>
>>
>> Ugo Bellavance wrote:
>>> Steve Campbell wrote:
>>>> I'm curious as to how much time is spent by most of the email 
>>>> admins here using MS. I realize that some of my efforts could be 
>>>> streamlined by upgrading to the latest release, but the people here

>>>> seem to think that this is a "set it and forget it" type of
operation.
>>>
>>> I don't believe that.
>> Gosh, maybe it _is_ me then.
>
> Not sure.  What I meant is similar to what Hugo said.  It does need 
> maintenance, as spam is evolving.  We see a new version of SA almost 
> every 3 months, MS about the same, then razor, DCC, system updates.
>
> More components you have, more effective it is, but more maintenance 
> it requires.
>
> What I meant is that it is not a system that you can install and let 
> hum for a few months w/o touching it.
>
We do make such a system. It's not as flexible as MailScanner and it's 
not open source but it does run for a long time with very minimal 
maintenance and very little cost.

It's our BarricadeMX product with SpamAssassin (using spamd) and ClamAV 
(using clamd) along with Razor, SARE rules and DCC. All of the software,

The operating system, CentOS 5, and all applications are updated using 
rpms. Many of which we maintain in our own yum repositories.

Since BarricadeMX typically correctly identifies over 90% of the 
incoming mail as spam and rejects it with an NDR, there aren't a lot of 
messages to push through SpamAssassin or ClamAV.

And since there are few options:

 * You can reject at the MTA level with NDR if spam score is greater
   than x.xx
 * You can tag and deliver if spam score is less than x.xx but
   greater than y.yy
 * You can deliver untouched if spam score is less than y.yy and
   Message passes ClamAV
 * You can reject with NDR is message is rejected by ClamAV.
 * You can white / black list with a web interface

And you cannot:

 * Block on filename or file type
 * Disarm dangerous HTML
 * Quarantine anything (not necessary because messages are rejected
   with an NDR or accepted)

Most of the cool things MailScanner can do to protect your email systems

are not available. This is a basic but simple system.

You do get a very low maintenance, high capacity gateway that does a 
very good job at detecting spam with little white / black listing 
required and a very low false positive ratio.

A single core, single CPU system with 2 GB of memory can actually handle

over 1,000,000 delivery attempts a day so you can push a LOT of mail 
through relatively inexpensive systems.

We have very inexperienced Systems Administrators using these systems 
because it really is as simple to maintain as running `yum -y update`.

And if you want the best of both worlds and don't mind a bit more work, 
you can run BarricadeMX on most MailScanner systems. This gives you very

high capacity gateways that really block almost every bit of the junk 
that's out there

Best regards,

Steve

Steve Swaney
www.fsl.com

More information about the MailScanner mailing list