Performance issues with MS and SA

donald.dawson at bakerbotts.com donald.dawson at bakerbotts.com
Wed Mar 30 18:00:09 IST 2011 

I would like to get some input from the community on our performance
issue.

Running 'MailScanner --debug --debug-sa' points to DCC as a bottleneck
and Bayes.

Turning off Bayes and DCC makes a big difference, but I would like to
keep DCC.

We are running 4 MX servers each with 4 CPU and 3.5 GB of memory.  We
process about 150k emails over the 4 MX servers, excluding rejected,
aborted and incomplete messages.

Software:
MailScanner:	4.83.4-1
SpamAssassin:	3.3.1
Scam-Back:	1.5.1-pre2 (checks email recipient against internal
Exchange server)
OS:		Fedora Core 8 (want to upgrade to RedHat Enterprise)
DCC:		Current version
Pyzor:		Latest - servers: public.pyzor.org:2444
Razor:		2.84
Sendmail:	8.14.2 with:
	ClientRate:                     3
	ClientConn:                     3

Here's are our settings in spam.assassin.prefs.conf:

dns_available yes
bayes_path /var/spool/spamassassin/bayes
bayes_ignore_header X-BakerBotts-MailScanner
bayes_ignore_header X-BakerBotts-MailScanner-SpamCheck
bayes_ignore_header X-BakerBotts-MailScanner-SpamScore
bayes_ignore_header X-BakerBotts-MailScanner-Information
lock_method flock
use_auto_whitelist 0
ifplugin Mail::SpamAssassin::Plugin::DCC
dcc_path /usr/local/bin/dccproc
endif
rbl_timeout 10
razor_timeout 10
pyzor_timeout 10
envelope_sender_header X-BakerBotts-MailScanner-From
score BAYES_00 -0.400
score BAYES_05 -0.300
score BAYES_20 -0.200
header __RCVD_IN_ZEN            eval:check_rbl('zen', 'zen.dnsbl.',
'127.0.0.[124]')
header RCVD_IN_XBL              eval:check_rbl('sblxbl-lastexternal',
'xbl.dnsbl.', '127.0.0.4')
header RCVD_IN_SBL              eval:check_rbl_sub('sblxbl',
'zen.dnsbl.', '127.0.0.2')
header RCVD_IN_PBL              eval:check_rbl('zen-lastexternal',
'zen.dnsbl.', '127.0.0.10')
uridnsbl        URIBL_SBL       sbl.dnsbl.       TXT
score RCVD_IN_BSP_TRUSTED     -0.5
header  __FROM_YOURDOMAIN       From =~ /\@bakerbotts\.com\b/i
meta    SPF_FAIL_YOURDOMAIN     (SPF_FAIL && __FROM_YOURDOMAIN)
score   SPF_FAIL_YOURDOMAIN     1.0
score USER_IN_WHITELIST -1.0
score SUBJECT_IN_WHITELIST -1.0
score USER_IN_SPF_WHITELIST -1.0
score USER_IN_ALL_SPAM_TO -1.0
score FB_GET_MEDS 2.5
score   GENERIC_IXHASH 4.5
score   NIXSPAM_IXHASH 4.5
score   CTYME_IXHASH 4.5
score   HOSTEUROPE_IXHASH 4.5
score   DRUGS_ERECTILE 1.50
score RCVD_IN_DNSWL -1.00
score LOTTERY_PH_004470 4.0
score ALL_TRUSTED -0.5
internal_networks 204.194.96/21
internal_networks 63.241.249.0/25
internal_networks 10/8
header MS_FOUND_SPAMVIRUS
exists:X-BakerBotts-MailScanner-SpamVirus-Report
score  MS_FOUND_SPAMVIRUS 3.0

Here is our custom MailScanner file in /etc/MailScanner/conf.d:

Max Children = 9
Queue Scan Interval = 10
Max Normal Queue Size = 2000
Unrar Command = #/usr/bin/unrar
Allow Password-Protected Archives = yes
Check Filenames In Password-Protected Archives = no
Allowed Sophos Error Messages =
Dangerous Content Scanning = no
Find Phishing Fraud = no
Also Find Numeric Phishing = no
Use Stricter Phishing Net = no
Highlight Phishing Fraud = no
Allow IFrame Tags = yes
Allow Form Tags = yes
Allow Object Codebase Tags = yes
Quarantine Infections = no
Information Header Value = Please contact Baker Botts IT Help Desk for
more information
Always Include SpamAssassin Report = yes
Sign Clean Messages = no
Mark Infected Messages = no
Mark Unscanned Messages = no
Notify Senders = no
Notify Senders Of Blocked Filenames Or Filetypes = no
Notify Senders Of Other Blocked Content = no
Virus Modify Subject = no
Filename Modify Subject = no
Content Modify Subject = no
Size Modify Subject = no
Disarmed Modify Subject = no
Spam Modify Subject = no
High Scoring Spam Modify Subject = no
Archive Mail = /var/spool/MailScanner/archive
Send Notices = no
Spam Checks = %rules-dir%/spam.checks.rules
Is Definitely Not Spam =
&SpamWhiteList('/etc/MailScanner/rules/bb_ms_custom.whitelist')
Is Definitely Spam = %rules-dir%/spam.blacklist.rules
Definite Spam Is High Scoring = yes
Ignore Spam Whitelist If Recipients Exceed = 40
Max Spam Check Size = 1500k
Use Watermarking = yes
Treat Invalid Watermarks With No Sender as Spam = 9
Watermark Secret = %org-name%-TvnSx97qf
Required SpamAssassin Score = 5
SpamAssassin Auto Whitelist = no
Rebuild Bayes Every = 86400
Wait During Bayes Rebuild = yes
High Scoring Spam Actions = delete
Log Speed = yes
Log Spam = yes
Log Non Spam = yes
Log Delivery And Non-Delivery = yes
SpamAssassin Timeout = 120


Donald Dawson
Security Administrator
Baker Botts L.L.P.
One Shell Plaza
910 Louisiana
Houston, TX 77002
W: 713-229-2183


Confidentiality Notice: The information contained in this email and any attachments is intended only for the recipient[s] listed above and may be privileged and confidential. Any dissemination, copying, or use of or reliance upon such information by or to anyone other than the recipient[s] listed above is prohibited. If you have received this message in error, please notify the sender immediately at the email address above and destroy any and all copies of this message.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110330/27727261/attachment.html

More information about the MailScanner mailing list