Performance issues with MS and SA
Martin Hepworth
maxsec at gmail.com
Wed Mar 30 19:50:19 IST 2011
Your also running the spamhaus rules in SA, I'd look at what rbls you
want and turn those you don't want off
Have a look at performance in the wiki and the bit about getting the
most of of spamassassin .
For bayes you may find running a different format for bayes, again the
wiki will help in howto to change the database format
Martin
On Wednesday, 30 March 2011, <donald.dawson at bakerbotts.com> wrote:
>
>
>
>
>
>
>
>
>
>
> I would like to get some input from the community on our performance issue.
>
>
> Running 'MailScanner --debug --debug-sa' points to DCC as a bottleneck and Bayes.
>
>
> Turning off Bayes and DCC makes a big difference, but I would like to keep DCC.
>
>
> We are running 4 MX servers each with 4 CPU and 3.5 GB of memory. We process about 150k emails over the 4 MX servers, excluding rejected, aborted and incomplete messages.
>
> Software:
>
>
> MailScanner: 4.83.4-1
>
>
> SpamAssassin: 3.3.1
>
>
> Scam-Back: 1.5.1-pre2 (checks email recipient against internal Exchange server)
>
>
> OS: Fedora Core 8 (want to upgrade to RedHat Enterprise)
>
>
> DCC: Current version
>
>
> Pyzor: Latest - servers: public.pyzor.org:2444
>
>
> Razor: 2.84
>
>
> Sendmail: 8.14.2 with:
>
> ClientRate: 3
>
>
> ClientConn: 3
>
>
> Here's are our settings in spam.assassin.prefs.conf:
>
>
> dns_available yes
>
>
> bayes_path /var/spool/spamassassin/bayes
>
>
> bayes_ignore_header X-BakerBotts-MailScanner
>
>
> bayes_ignore_header X-BakerBotts-MailScanner-SpamCheck
>
>
> bayes_ignore_header X-BakerBotts-MailScanner-SpamScore
>
>
> bayes_ignore_header X-BakerBotts-MailScanner-Information
>
>
> lock_method flock
>
>
> use_auto_whitelist 0
>
>
> ifplugin Mail::SpamAssassin::Plugin::DCC
>
>
> dcc_path /usr/local/bin/dccproc
>
>
> endif
>
>
> rbl_timeout 10
>
>
> razor_timeout 10
>
>
> pyzor_timeout 10
>
>
> envelope_sender_header X-BakerBotts-MailScanner-From
>
>
> score BAYES_00 -0.400
>
>
> score BAYES_05 -0.300
>
>
> score BAYES_20 -0.200
>
>
> header __RCVD_IN_ZEN eval:check_rbl('zen', 'zen.dnsbl.', '127.0.0.[124]')
>
>
> header RCVD_IN_XBL eval:check_rbl('sblxbl-lastexternal', 'xbl.dnsbl.', '127.0.0.4')
>
>
> header RCVD_IN_SBL eval:check_rbl_sub('sblxbl', 'zen.dnsbl.', '127.0.0.2')
>
>
> header RCVD_IN_PBL eval:check_rbl('zen-lastexternal', 'zen.dnsbl.', '127.0.0.10')
>
>
> uridnsbl URIBL_SBL sbl.dnsbl. TXT
>
>
> score RCVD_IN_BSP_TRUSTED -0.5
>
>
> header __FROM_YOURDOMAIN From =~ /\@bakerbotts\.com\b/i
>
>
> meta SPF_FAIL_YOURDOMAIN (SPF_FAIL && __FROM_YOURDOMAIN)
>
>
> score SPF_FAIL_YOURDOMAIN 1.0
>
>
> score USER_IN_WHITELIST -1.0
>
>
> score SUBJECT_IN_WHITELIST -1.0
>
>
> score USER_IN_SPF_WHITELIST -1.0
>
>
> score USER_IN_ALL_SPAM_TO -1.0
>
>
> score FB_GET_MEDS 2.5
>
>
> score GENERIC_IXHASH 4.5
>
>
> score NIXSPAM_IXHASH 4.5
>
>
> score CTYME_IXHASH 4.5
>
>
> score HOSTEUROPE_IXHASH 4.5
>
>
> score DRUGS_ERECTILE 1.50
>
>
> score RCVD_IN_DNSWL -1.00
>
>
> score LOTTERY_PH_004470 4.0
>
>
> score ALL_TRUSTED -0.5
>
>
> internal_networks 204.194.96/21
>
>
> internal_networks 63.241.249.0/25
>
>
> internal_networks 10/8
>
>
> header MS_FOUND_SPAMVIRUS exists:X-BakerBotts-MailScanner-SpamVirus-Report
>
>
> score MS_FOUND_SPAMVIRUS 3.0
>
>
> Here is our custom MailScanner file in /etc/MailScanner/conf.d:
>
>
> Max Children = 9
>
>
> Queue Scan Interval = 10
>
>
> Max Normal Queue Size = 2000
>
>
> Unrar Command = #/usr/bin/unrar
>
>
> Allow Password-Protected Archives = yes
>
>
> Check Filenames In Password-Protected Archives = no
>
>
> Allowed Sophos Error Messages =
>
>
> Dangerous Content Scanning = no
>
>
> Find Phishing Fraud = no
>
>
> Also Find Numeric Phishing = no
>
>
> Use Stricter Phishing Net = no
>
>
> Highlight Phishing Fraud = no
>
>
> Allow IFrame Tags = yes
>
>
> Allow Form Tags = yes
>
>
> Allow Object Codebase Tags = yes
>
>
> Quarantine Infections = no
>
>
> Information Header Value = Please contact Baker Botts IT Help Desk for more information
>
>
> Always Include SpamAssassin Report = yes
>
>
> Sign Clean Messages = no
>
>
> Mark Infected Messages = no
>
>
> Mark Unscanned Messages = no
>
>
> Notify Senders = no
>
>
> Notify Senders Of Blocked Filenames Or Filetypes = no
>
>
> Notify Senders Of Other Blocked Content = no
>
>
> Virus Modify Subject = no
>
>
> Filename Modify Subject = no
>
>
> Content Modify Subject = no
>
>
> Size Modify Subject = no
>
>
> Disarmed Modify Subject = no
>
>
> Spam Modify Subject = no
>
>
> High Scoring Spam Modify Subject = no
>
>
> Archive Mail = /var/spool/MailScanner/archive
>
>
> Send Notices = no
>
>
> Spam Checks = %rules-dir%/spam.checks.rules
>
>
> Is Definitely Not Spam = &SpamWhiteList('/etc/MailScanner/rules/bb_ms_custom.whitelist')
>
>
> Is Definitely Spam = %rules-dir%/spam.blacklist.rules
>
>
> Definite Spam Is High Scoring = yes
>
>
> Ignore Spam Whitelist If Recipients Exceed = 40
>
>
> Max Spam Check Size = 1500k
>
>
> Use Watermarking = yes
>
>
> Treat Invalid Watermarks With No Sender as Spam = 9
>
>
> Watermark Secret = %org-name%-TvnSx97qf
>
>
> Required SpamAssassin Score = 5
>
>
> SpamAssassin Auto Whitelist = no
>
>
> Rebuild Bayes Every = 86400
>
>
> Wait During Bayes Rebuild = yes
>
>
> High Scoring Spam Actions = delete
>
>
> Log Speed = yes
>
>
> Log Spam = yes
>
>
> Log Non Spam = yes
>
>
> Log Delivery And Non-Delivery = yes
>
>
> SpamAssassin Timeout = 120
>
>
> Donald Dawson
>
>
> Security Administrator
>
>
> Baker Botts L.L.P.
>
>
> One Shell Plaza
>
>
> 910 Louisiana
>
>
> Houston, TX 77002
>
>
> W: 713-229-2183
>
>
>
> Confidentiality Notice: The information contained in this email and any attachments is intended only for the recipient[s] listed above and may be privileged and confidential. Any dissemination, copying, or use of or reliance upon such information by or to anyone other than the recipient[s] listed above is prohibited. If you have received this message in error, please notify the sender immediately at the email address above and destroy any and all copies of this message.
>
>
>
--
--
Martin Hepworth
Oxford, UK
More information about the MailScanner
mailing list