[Cialug] spam filtering
Jon Clemons
cialug@cialug.org
Thu, 21 Oct 2004 07:22:47 -0500
The problem with the server not knowing if the recipient is valid is it
accepts mail to any address at a given domain whether
valid or not and has to handle it. I would bet it is accepting at least 10
times more mail then is legit and has to spam check
and virus check bogus mail which is unnecessary. Then it in turn tries to
deliver bogus mail to the remote
mail system which is failing. This wastes the main system resources, the
remote servers resources and bandwidth.
What you should do is setup a virtual user table and have it do lookups on
that and then use the
transport_domains to tell it where to deliver all mail for a particular
domain. That way it only accepts mail
for valid addresses and cuts down on lots of scanning. Trust me use Sophie
with sophos it works wonders and
will drastically cut your server load because it doesn't have to call sweep
each time and load virus definitions up each time
sweep is invoked. It daemonizes them in memory and will breathe new life
into a loaded server. Been there and done it myself.
I would also update your amavisd-new to amavisd-new-20030616-p10.tar.gz it
has many fixes and some to work around some issues with
Perl 5.8 but it won't fix your load problem.
----- Original Message -----
From: "Dave Weis" <djweis@sjdjweis.com>
To: <cialug@cialug.org>
Sent: Wednesday, October 20, 2004 11:54 AM
Subject: RE: [Cialug] spam filtering
>
> On Wed, 20 Oct 2004, Nathan C. Smith wrote:
>> Does amavisd-new run as a daemon?
>> Why are they accepting mail to bounce to a non-existent host?
>> Have you looked into tarpit for this client?
>
> Yes
> The virus scanner fronts for 3 other mail servers in other locations so it
> doesn't do much dropping of mail because it doesn't know if the recipient
> is valid.
> The mail server now is making a good tarpit, but it's holding valid mail
> too :-)
>
> dave
>
>
>> -----Original Message-----
>> From: Dave Weis [mailto:djweis@sjdjweis.com]
>> Sent: Wednesday, October 20, 2004 11:29 AM
>> To: cialug@cialug.org
>> Subject: [Cialug] spam filtering
>>
>>
>>
>>
>> I've got a client that's getting about 25k emails per day, 95%+ is spam.
>> We are running on redhat 9 with amavisd-new amavisd-new-20030314-p2 and
>> postfix 1.1.11 using the content filtering and sophos as the AV plugin.
>> We
>> are having severe load problems and mail speed is a couple minutes for
>> incoming mail. Part of the problem is that we will get 200-500+ messages
>> stuck in the queue waiting to bounce to non-existant hosts. Would an
>> upgrade to a newer version of amavisd-new help?
>>
>> dave
>>
>>
>> --
>> Dave Weis "I believe there are more instances of the
>> abridgment
>> djweis@sjdjweis.com of the freedom of the people by gradual and silent
>> encroachments of those in power than by violent
>> and sudden usurpations."- James Madison
>> _______________________________________________
>> Cialug mailing list
>> Cialug@cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>> _______________________________________________
>> Cialug mailing list
>> Cialug@cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>
> --
> Dave Weis "I believe there are more instances of the
> abridgment
> djweis@sjdjweis.com of the freedom of the people by gradual and silent
> encroachments of those in power than by violent
> and sudden usurpations."- James Madison
> _______________________________________________
> Cialug mailing list
> Cialug@cialug.org
> http://cialug.org/mailman/listinfo/cialug
>