New server request

[DAve]

Glenn Steen wrote:
> On 08/04/2008, DAve <dave.list at pixelhammer.com> wrote:
>> Currently we get hit with 200k to 300k connections a day that hit an RBL. We
>> see 15k to 25k pipeline attempts. We spam scan almost 50% of our mail and we
>> Virus scan everything that comes in. We process 4gb of mail a day on two
>> servers, total around 50k to 65k message we actually deliver. We process
>> 16,908 whitelist and 14,348 blacklist entries from MailWatch.
>>
>>  Mail delivery for our clients *INCLUDES* outbound scanning and filtering
>> through my smtp servers (different hardware) and coming back in through my
>> MailScanner servers.
>>
>>  I can get that done in 5 minutes round trip time for a message. 90% of that
>> time is spent in the MS server, queues, waiting for pickup, etc. I think
>> that is pretty darned good.
>>
>>  That is apparently not good enough. Every month or so I get told that mail
>> delivery in incredibly slow and I need to look at the servers. I do, and
>> every message I check takes around five minutes.
>>
>>  I need a recommendation for the root'n toot'nist, rockem sockem, nuklear
>> powered, rocket fuel fed servers money can buy. I want to push a batch of 30
>> messages through a full featured install of SA, Clamav, and local rulesets
>> in less than 5 seconds. Tops. When my sales director hits send in his
>> outlook, I want the message to deliver so fast his laptop jumps from his
>> desk.
>>
>>  I think I need striped SAS disks with 15k spindles, four CPUs, and 16gb of
>> ram. I am open to realistic suggestions, though humor is still welcome. I
>> intend to submit a quote this week.
>>
>>  Thanks,
>>
>>  DAve
>>
> I'd look long and hard at where you're time is spent ATM... HW can
> only solve HW type problems:-).

ATM?

> 
> For instance.... Making sure you only use "feeded" BLs (meaning only
> query to local copy) would probably be ... good.

We cache DNS lookups heavily.

> Having your MailWatch database non-local to the machine... might tip
> you either way (cheaper to buy two boxes with semi-extreme HW, instead
> of one monster).

We currently do that as we have two MS servers reporting to a single 
MailWatch server.

> 
> I suppose you already do most of the "normal" tricks, like tmpfs,
> caching nameserver, perhaps noatime on selected filesystems etc?
> 

Yep, all of the above.

DAve


-- 
In 50 years, our descendants will look back on the early years
of the internet, and much like we now look back on men with
rockets on their back and feathers glued to their arms, marvel
that we had the intelligence to wipe the drool from our chins.