-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary V Sent: Thursday, March 20, 2008 10:22 PM To: [email protected] Subject: Re: [AMaViS-user] Advice on specs accroding to the amount of mail I recieve per month
On 3/20/08, Ilo Lorusso wrote: > > Hi, > > I would like some input from the experts if possible ;) I recieve on estimate about 23 million mails a month > Or about 18 messages per second on average. > can someone advice what would be the best approuch to setting up amavisd-new as my spam solution. > It's hard to answer your question, and even though I'm not an expert, I will give my 2 cents anyway, even if it's possibly bad advice. > - How many servers would recommend ? Let's see, dual Zeons with 4 gigs ram and fast hard drives. Let's go with 20 $max_servers each and assume it takes between 2 and 5 seconds per message. If we need 20 messages per second, that comes out to 2 to 5 of these boxes. Possibly start with two, add domains one at a time until the servers croak, then start on the third box if needed, and so on. Maybe just start with one in order to first measure real life throughput and experiment with tuning. Add one domain at a time, when it reaches the croaking point, and you are desperate to get the mail delivered, turn off spam scanning (or possibly just network tests) until the queue clears. > - Would you recommend I use a MySQL database for Bayes ? Yes, but it needs to be tuned for performance and I recommend including a timestamp field in the awl and bayes_seen tables and then purging records out of these tables that are more than a couple weeks old on a daily basis (these tables grow forever by default). Run a cron job to go thru and clear out messages older than X amount of days. I think Bayes for MySQL has a self prune option......But, don't quote me on that. If you run CRM114; then you can nix Bayes. > - Would you recommend I use RBLs on postfix aswell to cut down on the load for Amavisd-new? Yes, but only one or two or three I think. The most often recommended one (zen.spamhaus.org) will deny you access after a short while (because of your volume of mail) unless you pay for the service, so you would need to pay. With that volume, would it be better to just rsync those BLs' down to your DNS? I just use up to 7 dnsbl in SA. Look at using the Shortcircuit plugin in SA 3.2.x, too. Which AV are you planning on using? We use ClamAV with the sanesecurity signatures. Catches and scores a lot of messages. > - Would you recommend using DSPAM option within amavis? No. Agrees with Gary on this. CRM114 works well with it. You can even control CRM114 based on reached scores, too. > - Would you recommend using a ramdisc for when processing amavis files? Not really. It's not cool when it's full. > - What else would one recommed to a 95% spam capture rate? Learn how everything that can affect the spamassassin score works, or anything that can reject mail works. Assuming these are relay servers, you MUST reject mail to unknown users. This means any server you build must either have a list of every recipient for each of the domains you are responsible for (a relay_recipients map), or the downstream servers MUST immediately reject mail to unknown recipients so you can take advantage of Postfix' recipient verification (reject_unverified_recipient). A big hammer that is easy to implement is greylisting (selective greylisting is preferred), but there are real issues with delayed mail and occasional false positives that make it potentially unsuitable for large installations. In smaller installations you can simply whitelist problematic servers, but that may not be practical in a larger implementation. Knowing the system is your best weapon. Doing mta based checks for bad MX hosts and misconfigured DNS (yes! We get a lot of those. Seems they forget to update the reverse zone file.) > - How can I obtain an even balance of mail between my mx servers ? even though they are set to equal prefernces > Assuming you are working with a number of domains, for each of the busiest domains, you could try listing the servers in a different (rotating) order. If you only have one domain, then I don't have a clue. My guess is not all name servers dish up round robin, or maybe intermediate servers cache only one record, and hence the imbalance, but I'm guessing here. You can balance this using a central MX record that balances the load between two additional MX records (hosts). > > Thanks? > > > Ilo -- Gary V ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
