University MailScanner Setup

Wed Dec 16 17:04:09 GMT 2009

We filter for a few smaller post-secondary’s as well as a few dozen K-12
districts.  We have two gateway machines running MS/Postfix on Sun
coolthreads hardware.

Two separate DNS servers run RBLDNSd/Bind and serve a local mirror of the
Spamhaus Zen feed (for which we have a subscription and rsync with them),
the Barracuda RBL as well as a locally generated RBL.  We also use SQLGrey,
though I’m no longer convinced it adds terribly much value these days.

Another machine does MySQL for Mailwatch logging and fancy reporting with
pretty graphs.

We reject 85-95% of all incoming connections at the MTA level and pass the
rest to MS.  We use Clamd with the addition of Sanesecurity and ScamNailer
sigs.

We wrote in –house a parser for the MTA logs to have them inserted into the
MailWatch DB in order to get daily message counts, which get munged into a
daily summary table for all of our customer domains.  We then purge the MTA
junk out of the DB to save on space.

Load-balancing is done via DNS round-robin.  A proper load balancer is on my
list for Santa this year.  I emailed it, so I hope it doesn’t get caught in
a quarantine or collide with some queue file of the same name somewhere
along the way.

We see between 2 and 7 million connections hit our gateways per day, with
80,000 to 100,000 being delivered to user mailboxes or downstream customer
servers as “clean” daily.

/jared

On Fri, Dec 11, 2009 at 12:35 PM, Gottschalk, David <dgottsc at emory.edu>wrote:

> I'm posing a question to those of you who work for a University or College.
>
> Here at Emory, we have a hosted email filtering called Postini (which is
> now owned by Google). Behind that, we have six MailScanner machines that
> relay mail to the appropriate internal mail system. After the economic
> turndown, we have been looking anywhere to save costs. I'm contemplating
> proposing that we dump our hosted filtering solution because it is quite
> expensive ($5+ per user per year), and rely on MailScanner instead entirely.
> Then we would just have a bunch of MailScanner machines fronted by a load
> balancer to handle all inbound email (I'd imagine we need more than six
> after doing so)
>
> I'm wondering though how other colleges are handling their mail filtering
> using MailScanner. How many machines are being used, etc, etc?
>
> We currently get about 30-40 million email messages per week, of which
> about 1.5 million are delivered to our relays. We have approximately 40,000
> email accounts.
>
> Thanks for any assistance, advice.
>
> David Gottschalk
> Emory University
> UTS Messaging Team
>
>
>
> This e-mail message (including any attachments) is for the sole use of
> the intended recipient(s) and may contain confidential and privileged
> information.  If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution
> or copying of this message (including any attachments) is strictly
> prohibited.
>
> If you have received this message in error, please contact
> the sender by reply e-mail message and destroy all copies of the
> original message (including attachments).
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20091216/ea84d2f7/attachment.html