Andrew Kaplan said: > I plan to setup a single box running FreeBSD, postfix, spamassassin, > amavisd and clam. What kind of box should I get. Currently I have two > boxes the first one is an Athlon running postfix and the second is RH with > amavisD and F-sesure it's a dual PIII the loads is between 3 and 4 during > the day. > > I would like to see what other people with similiar volume are doing > > Thanks, > > Andrew >
I have 5 mail servers. One of them is configured as a fallback host meaning it deals with difficult to deliver mail. It is also the anti-spam and av server, and syslog collector. They all run SendMail 8.13.3. The milter is a wonderful C program, j-chkmail, that handles the anti-spam, surbl, and behavioral situations that arise, and also calls clamd to scan attachments. That server is a Sun dual-proc E-250 with six drives running multiple queues on the various drives. 3 of the five are configured this way and any one of them can pick up the anti-spam and av role should the primary fail. The other two servers are Sun dual-proc ultra-2 systems that handle internal machine to machine and machine to external mail. Inbound mail is handed off to an MS Exchange server set via BigIP for load balancing and all outbound mail is routed via BigIP as well. These systems are trouble-free (hardware failures aside). They easily have handled 250,000 messages/hour though that is not the norm... yet. Spam volume has tripled in the last year overtaking non-spam mail by several percentage points. I don't use Perl. I prefer not to use Perl anywhere if I can help it and for the most part, I can. Except for reporting traffic, Perl is not used on any of my servers. I don't like to spend a lot of time writing regex code to whack the next big porn/medz/diploma/victimized Nigerian politico wanker's widow - j-chkmail is a great help here - it uses a compiled in PCRE regex library and is very fast. It decomposes multi-part messages and scans each part, headers, etc., as configured. Simple regex expressions, or as complex as you like, are available as a result, and in my case are terse and effective. They can be applied to the the entire message, headers, subject, or body. Surbl support is especially nice as it uses a local Berkeley db file for lookups and is refreshed hourly via differential rsync. Well known "dangerous according to Microsoft" attachments are blocked with prejudice, but additional regex file types can also be blocked. Message/attachment quarantine is an option but not used. Configurable parameters are extensive and numerous throttling schemes are available. Options also include a form of ACL if you have a need to forego scanning messages from certain domains, servers, or IP ranges. All accept/reject decisions happen in real time during the connection so I'm not responsible for handling bounces - that becomes the job of the sending system and I like it that way. Reporting is superb with graphs of connections, messages, bytes, rejections, attachments, regex hits, etc. Logging is exhaustive, and all components can use syslog (I use syslog-ng for better log handling). I've replicated this at other sites with fewer servers and with no problems. ClamAV at version 80 turned the corner for reliability and availability time. Prior versions had memory leaks that required frequent stop/start cycles but that is gone. At this time I'm using only SendMail, j-chkmail ( with internal support for surbl), ClamAV, and Milter-Ahead, and 4 dnsbl lists, and am quite pleased with the system. SAR reports reveal system loads are extremely low, and the multiple drives handle disk IO very well even with multiple dictionary runs going on (thanks in large part to milter-ahead!). dp _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
