Weird Problem with MailScanner

Damian Rivas damian at cht.com.ar
Mon Oct 22 14:41:45 IST 2007 

It catches and accepts e-mails for our pack of domains: cht.com.ar, aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar and ci-educ.com.ar.

The main problem is that domains like hispanoamericana are way too old and recieve lots of spam messages. The main domain, cht.com.ar recieves a lot of mails daily, the problem with this is that it is difficult for me to find a good filter policy, because as it is a Travel Agency it recieves mails from hotels and other agencies, so, if I put a strict filter of "if you are not in my Exchange contact list you cannot pass" this mails are not likely entering any way and that is not the idea.

I'm following up some guidelines that UxBoD sent me in one of the links to accelerate MS, so I'll let you know if things go better.

I think that a BackScatter attack is very likely to be happening. Until these last months, there was never a single problem, so something strange might have happened to increase the SPAM bombing and therefore to turn the old server useless.

And about upgrading memory, I think that it would be cheaper (at least in Argentina PC100 Memories are very expensive as they aren't produced anymore) and have more sense to directly make an entire new server, with better processor and better memory. I was thinking in a 1Ghz processor, is it ok? Which are the minimum recommended requisites?

___________________________________________________
 
Damián Rivas
Administrador de Hardware y Redes
Departamento de Sistemas
Consult House Turismo S.A.
Tel: 4315-1900
email: damian at cht.com.ar
web: www.cht.com.ar


-----Mensaje original-----
De: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Jason Ede
Enviado el: lunes, 22 de octubre de 2007 10:08
Para: MailScanner discussion
Asunto: RE: RE: Weird Problem with MailScanner


What domains do you accept email for? Are you sure its not operating as an open gateway?

Jason

From: mailscanner-bounces at lists.mailscanner.info [mailscanner-bounces at lists.mailscanner.info] On Behalf Of Damian Rivas [damian at cht.com.ar]
Sent: 22 October 2007 13:48
To: MailScanner discussion
Subject: RE: Weird Problem with MailScanner

Ok, here we go again. How was your weekend people?

Ugo, here is the output you asked for:

vmstat 5 10:

procs -----------memory---------- ---swap-- -----io---- --system--
----cpu----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy
id wa
 0  0 105712  46416  14388  53324    5    3     1     8   13    11 21  1
78  0
 0  0 105712  46264  14392  53324    0    0     0    10  111   171  0  0
99  0
 0  0 105712  46196  14408  53324    0    0     0    24  108   170  0  1
99  0
 0  0 105712  46128  14448  53324    0    0     0    39  112   179  0  0
100  0
 0  0 105712  46132  14456  53324    0    0     0    54  124   174  0  0
100  0
 1  0 105712  44988  14496  53424    0    0    21    89  123   176  8  4
88  0
 0  0 105712  45464  14512  53548    0    0    24    28  110   162  8  3
89  0
 0  0 105712  45264  14628  53612    0    0    22   138  138   208  9  4
87  0
 0  0 105712  46036  14668  53596    0    0     0    61  114   179  0  0
100  0
 2  0 105712  46028  14676  53596    0    0     0     4  105   166  0  0
100  0

I'm also attaching a bit of the output of a tail -f /var/log/maillog for you to see, there's too much spam and false addresses which slowing down MS a lot. There are still about 28k messages!(on Friday there were 45k!!!!).

UxBoD, you told me to run the init.d script to stop the MS, the problem is Slackware uses the traditional BSD Init, so I went to the 'rc.d' directory but couldn't found, or couldn't figure out were the script for stoping MS is, sorry for my ignorance again.

As always thank you people for your valuable help.

Regards.-


-----Mensaje original-----
De: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Ugo Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17
Para: mailscanner at lists.mailscanner.info
Asunto: Re: Weird Problem with MailScanner


Damian Rivas wrote:
> 1) There are 3 MS childs running

That is way too much. Your system is probably swapping like crazy.  Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service MailScanner restart' (assuming redhat/centos)

Can you send us the output of :

'vmstat 5 10' (will take 50 seconds to execute)

Did you check if memory was available for this system?  If it is and if it is not too expensive, I'll add at least another 128 (more if you can).

Ugo

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list