On Fri, 19 Jun 2009 10:08:58 +0300 Ion-Mihai Tetcu <[email protected]> wrote:
> Hi, > Hallo Ion-Mihai, >From who do you want that info? I can post my info if you like. > Can you please give me some info about the configuration you are > running dspam on (even approximate numbers): > - training mode, groups, ... > Training mode: TOE Groups: Global merged group > - DB driver > MySQL storage driver running against two MySQL 5.1.35 servers running in master/master replication mode. The database for DSPAM is using InnoDB. > - MTA/.... integration > Postfix 2.6.2 > - mailboxes number > Around 3000 > - mail processed per day > Don't know that number. Would need to calculate it first. However... over 90% of all inbound mail is blocked before getting processed (on some days only 3% to 5% of all inbound mail get's to be delivered). A big part of the messages get blocked by a modified policyd-weight service. Another big part get's blocked by the hardening rules inside Postfix. > - OS > Gentoo Linux > - hardware config > Main mail processing systems are two x86 systems with each having 4GB memory and 2 x 1TB disks running in RAID 1. I planed to use GlusterFS for distributing the mail storage between the two nodes but that turned out to be a huge mess. GlusterFS could not deliver the stability nor the performance needed so I switched the setup to store data for mail on a NFS server running on a quad x86 and having 16GB memory and a bunch of 1TB disks in RAID 10 mode. All connected with GigE NICs with jumbo frames over a HP ProCurve 24 port switch. > - accuracy > For most users above 99%. Some users have 100% accurancy. > - anything else you think it's interesting about your setup. > The global merged group was trained with a own made training script. The training script does TONE (Train On or Near Error) training and double-sided training (errors in classifying do correct the error from the class AND force a UNLEARN on the other classifying side/class). All accelerators (whitelist, DNSBL, bias, statistical sedation, etc) in DSPAM for training where TURNED OFF for the training of the global merged group. The threshold choosen for TONE was symetric and had a thickness between 40% to 80% (depending on the corpus used). For training the global merged group around 300 headers where set to be ignored. The accurancy of the global merged group are way below 90% but combined in production with normal users the global merged group boosts each user from day one to have an accurancy above 95% in the first days of processing mail with DSPAM and in less then a week the accurancy claims up to above 99% for user using the global merged group. The mail spool directory and the DSPAM data directory sits on NFS. The webserver for the DSPAM Web UI is nginx 0.8.2 running Upstream Fair Proxy Load Balancer and for the login the PAM module for nginx is used (reading login data directly from MySQL). Inside Postfix there are NO DNSL/RHSBL/etc used. All DNSBL/RHSBL/DNSWL/etc are used inside policyd-weigth. Policyd-weigth uses all the functionality normaly found in policyd-weight and it uses p0f for fingerprinting the connecting host (and giving each OS a different weight) and some other small changes in the way policyd-weight works. For greylisting two systems are used together. They are SQLGrey and GROSS. The reason why those two products are used is because they both have the possibilty to replicate/exchange the greylisting data (SQLGrey does it with MySQL replication and GROSS has it's own service for doing that). Anti-Virus checking is done with Amavisd-New and all the data (quarantine, policies, etc) are stored in MySQL (and replicated between the nodes) and managed with MailZu. User management for Postfix is done with Postfix.Admin. DSPAM runs in OPT IN mode and each new created user with Postfix.Admin will automatically be opted in for DSPAM and each deleted user will automatically have his DSPAM data purged. All of this is done with Postfix.Admin's ailbox_postcreation_script, mailbox_postedit_script, mailbox_postdeletion_script and domain_postdeletion_script hooks. Inside Postfix a bunch of restriction classes are set to prevent external mail to come from users that Postfix is managing but which are not logged in (using reject_sender_login_mismatch in a restriction class). So no one can send a mail in the name of [email protected] without being logged in. This alone prevents a huge amount of spam claiming to come from domains I manage but are not logged in. Directory attacks and other non wanted behavior on Postfix and on the IMAP server (dovecot) are handled by fail2ban. The ban time is set to 10 minutes. I have other stuff enabled in Postfix but writing them all down here in this mail would take me to much time. > Thank you, > Steve > -- > IOnut - Un^d^dregistered ;) FreeBSD "user" > "Intellectual Property" is nowhere near as valuable as "Intellect" > FreeBSD committer -> [email protected], PGP Key ID 057E9F8B493A297B > ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Dspam-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspam-user
