I see. In your case, it seems likely that Postfix is doing some initial
validation/verification on mails and so reducing the number that get
through to ASSP, since there shouldn't be any difference otherwise,
since ASSP is a transparent proxy. At the concurrent connection rate
that you mention, you'll definitely need to configure more available
workers for ASSP and adjust the timeouts to get those workers available
again quickly. The issues that you mention sound like there weren't
enough available ASSP workers.
Anyways, here's my simplified exim config with assp:
This is the exim conf so that exim only listens on localhost ports and
1025 should be firewalled from the internet. Put local_interfaces at the
top of your exim.conf
/etc/exim.conf
local_interfaces = [your_main_ip].1025 : 127.0.0.1.25 : 127.0.0.1.465
daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465
ASSP Config (for V2):
/(listenPort): /[your_main_ip]:25/
(smtpDestination) /[your_main_ip]:1025
/(listenPortSSL)/ [your_main_ip]:465
/(smtpDestinationSSL) / SSL:127.0.0.1:465
/(listenPort2)/ [your_main_ip]:587
-C
Alexandre de Arruda Paes said the following on 9/2/2014 10:18 AM:
> Hi,
>
> I have the "correct" setup in most of my servers. But like I sad, sometimes
> I notice best performance results when Postfix
> take care the initial handshaking. If you have more than 30-40 connections
> concurrently in ASSP, the initial MTA banner sometimes takes
> a long time to appear (still in 2.x version) and the message
> transfer throughput can be a problem.
>
> I will research about exim more deeply.
>
> Thanks,
>
> Alexandre
>
>
>
>
> 2014-09-02 10:07 GMT-03:00 Mr. Courtney Creighton <a...@dezignguy.com>:
>
>> Well, it still looks like you're just duplicating the inherent
>> functionality of ASSP the hard way. ASSP doesn't 'reinject' anything...
>> as a transparent proxy, it is always passing the SMTP conversation to
>> and from the mailserver.
>>
>> If I am reading your original message correctly, then the way you
>> apparently have your mailserver configured sounds like you have Postfix
>> listening on port 25 and 587, and then you use the content_filter to
>> pass it off to ASSP which then loops back into another port that Postfix
>> is listening on (without content_filter - so you don't have an endless
>> loop) which then sends it on to the mail's destination. So you basically
>> have Postfix talking to itself, in a loop, with ASSP in the middle.
>>
>> If that is your setup, then that's definitely the hard way, and
>> unnecessary, and I don't see how you can possibly save any resources on
>> a high traffic system with it. If you have Postfix doing any sort of
>> mail/ip preliminary checks or initial blocking, it's usually quite
>> possible to either do those checks in ASSP or specifically configure the
>> mailserver to handle the needed checks with ASSP in front of it.
>>
>> You could indeed implement that same Postfix config with exim, but I
>> wouldn't recommend it.
>>
>> But yes, it's kinda a problem if you're using ASSP v.1. It's been a
>> while since I moved to v2, and I don't remember the config changes I had
>> to do for the migration. You can, and should, migrate to v2, by
>> installing a newer version of perl in /opt and configuring assp to use
>> that version (if that's the blocking reason why you're still using v1
>> there). Remember to install the necessary cpan packages there too.
>>
>> But if you're still interested, I can provide my exim-specific assp
>> config - basically the network setup - and you can translate it as
>> necessary for your v1 setup.
>>
>> -C
>>
>>
>> Alexandre de Arruda Paes said the following on 9/1/2014 4:41 PM:
>>> Hi,
>>>
>>> I have about 50 servers with ASSP. With postfix installations (standalone
>>> or with Zimbra), I use ASSP 2.x as a proxy. But, in high traffic
>>> enviroments, the best way is to allow MTA to do this job after antispam.
>>> In this particular server, we use exim instead postfix and ASSP
>>> 1.9(yes,this is part of the problem). Then, I want to test a similar
>>> scenario to try avoiding problems with this version of assp. :}
>>> Em 01/09/2014 19:03, "Mr. Courtney Creighton" <a...@dezignguy.com>
>>> escreveu:
>>>
>>>> ASSP/Exim does that automatically, just with setting it up properly.
>>>>
>>>> Your users sending good mail on port 587 should be authenticated, and
>>>> ASSP will use that information for the notspam collection and whitelist
>>>> additions... with the proper settings. It's all automatic, if you have
>>>> the settings correct. And you don't need to "reinject" mail.
>>>>
>>>> And your flow diagrams are incorrect... they should look something like
>>>> this:
>>>>
>>>> Internet -> ASSP proxy (25) -> ASSP (spam test) -> exim -> local
>> delivery
>>>> Internet -> ASSP proxy (587) -> ASSP (/notspam collect) -> exim -> relay
>>>> to internet
>>>>
>>>> If you need help with setting up the ports in ASSP/Exim, let me know and
>>>> I'll show you my config for that.
>>>>
>>>> -C
>>>>
>>>>
>>>> Alexandre de Arruda Paes said the following on 9/1/2014 1:54 PM:
>>>>> Hi,
>>>>>
>>>>> My skiil in exim are minimal, but I need to use it in one server.
>>>>> I'm thinking about a way to do the following:
>>>>>
>>>>> Internet -> exim (25) -> ASSP (spam test) -> exim -> local delivery
>>>>> Internet -> exim (587) -> ASSP (/notspam collect) -> exim -> relay to
>>>>> internet
>>>>>
>>>>> If an e-mail come to submission, I use ASSP to collect notspam. If the
>>>>> e-mail come
>>>>> to local delivery, ASSP will test e-mail and if it's is ok, reinject to
>>>>> exim.
>>>>>
>>>>> In postifix, this is very easy by setting content_filter in master.cf
>>>> and
>>>>> using relay host and relay port in ASSP to reinject e-mail in a port
>>>>> without content_filter.
>>>>> But I don't know how to do this in exim.
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Alexandre
>>>>>
>> ------------------------------------------------------------------------------
>>>>> Slashdot TV.
>>>>> Video for Nerds. Stuff that matters.
>>>>> http://tv.slashdot.org/
>>>>> _______________________________________________
>>>>> Assp-user mailing list
>>>>> Assp-user@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>>>
>>>>
>>>>
>> ------------------------------------------------------------------------------
>>>> Slashdot TV.
>>>> Video for Nerds. Stuff that matters.
>>>> http://tv.slashdot.org/
>>>> _______________________________________________
>>>> Assp-user mailing list
>>>> Assp-user@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>>
>> ------------------------------------------------------------------------------
>>> Slashdot TV.
>>> Video for Nerds. Stuff that matters.
>>> http://tv.slashdot.org/
>>> _______________________________________________
>>> Assp-user mailing list
>>> Assp-user@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Slashdot TV.
>> Video for Nerds. Stuff that matters.
>> http://tv.slashdot.org/
>> _______________________________________________
>> Assp-user mailing list
>> Assp-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/assp-user
>>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds. Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
