On Tuesday, September 18, 2012 06:56:59, Alan Snyder wrote: > Yeah I had postfix and dovecot setup with spam assassination and clamav. > My in box was constantly filled with spam and cpu utilization was a bit > high for the all in one vps box I was paying for. Figured for the price > its best to let someone else worry about email. I need this particular > account to 'just work'. I will still setup a box I host myself just to play > but for stuff I need to rely on I'd like to be able to take vacation and > not worry about it :)
I believe you. At the same time: - I just got back from a vacation (I went here: http://neatfair.org/ ) - Over the weekend I got a single "sort-of-spam" (fake dating) email - The CPU load on my email server remains < 0.10 (and has for years). As the above sounds unbelievable, here's some of the output of 'top': top - 07:59:09 up 195 days, 8:31, 1 user, load average: 0.05, 0.02, 0.00 Tasks: 129 total, 2 running, 127 sleeping, 0 stopped, 0 zombie Cpu(s): 8.3%us, 0.7%sy, 0.0%ni, 91.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 1023748k total, 957876k used, 65872k free, 36k buffers Swap: 2931852k total, 48168k used, 2883684k free, 589520k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 11416 spamd 20 0 58388 48m 2640 S 5.6 4.9 1:36.24 spamd 1356 greylist 20 0 11396 5480 832 R 1.3 0.5 319:59.34 greylistd 2920 bind 20 0 55304 21m 2668 S 0.3 2.1 0:00.65 named 7167 root 20 0 40356 7700 1044 S 0.3 0.8 21:38.27 spamd 1 root 20 0 2112 240 216 S 0.0 0.0 1:52.61 init 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd 3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0 4 root 20 0 0 0 0 S 0.0 0.0 0:03.63 ksoftirqd/0 5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0 6 root 20 0 0 0 0 S 0.0 0.0 2:07.94 events/0 7 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuset 8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 khelper 9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 netns 10 root 20 0 0 0 0 S 0.0 0.0 0:00.00 async/mgr When I ran SpamAssassin as the /only/ solution, I had exactly the same experience you have: high CPU utiliization, and too much spam coming through. Conclusions: 1) SA is CPU and memory expensive, 2) SA cannot be the only anti-spam solution used, 3) anti-spam solutions need to be added that are "CPU cheap", and SpamAssassin and ClamAV need to be run LAST. The "CPU cheap" solutions I'm using are (in order): - HELO checks: block HELOs that are not domain names, a forged HELO of my own server's FQDN, my server's IP address, or a raw IP address not encapsulated by []'s - RCPT TO checks: greylisting, restriction on mail bounces to a single recipient, sender callout verification, DNSRBL checks - DATA checks: reject mail without an email address in the apparent To: and From: headers, ClamAV and SpamAssassin All of these things extra things are free and are done via configuration options in the MTA. I'm using Exim4 (Debian's exim4-daemon-heavy package) but there are also equivalents for most of these things for Postfix. Here are some statistics for my server for Sept 15 - 16 (these statistics are sent daily, via a Perl script that comes with the version of Exim4 in Debian): mail rejection reasons by message count --------------------------------------- Messages Mail rejection reason 516 Rejected HELO/EHLO: syntactically invalid argument 378 Listed at <DNSBL location 1> 97 Msg rejected due to spam score 22 Rejected EHLO: non-FQDN HELO greeting 12 Rejected EHLO: raw IP address used in HELO/EHLO greeting 10 Rejected RCPT: Unrouteable address 7 Rejected EHLO: forged localhost 4 No email address in To: field 3 Listed at <DNSBL location 2> 3 Rejected RCPT: Sender verify failed mail temporary rejection reasons by message count ------------------------------------------------- Messages Mail temporary rejection reason 660 Temporarily rejected RCPT: greylisted. (1 attempts) 32 Temporarily rejected RCPT: greylisted. (2 attempts) 19 Temporarily rejected RCPT: greylisted. (3 attempts) 15 Temporarily rejected RCPT: greylisted. (4 attempts) 13 Temporarily rejected RCPT: greylisted. (5 attempts) 9 Temporarily rejected RCPT: greylisted. (6 attempts) 8 Temporarily rejected RCPT: greylisted. (7 attempts) 4 Temporarily rejected RCPT: Could not complete sender verify 4 Temporarily rejected RCPT: greylisted. (8 attempts) 2 Temporarily rejected RCPT: greylisted. (9 attempts) 1 Temporarily rejected RCPT: greylisted. (10 attempts) The big thing to note in the statistics is that the HELO/EHLO tests really do matter. -- Chris -- Chris Knadle [email protected] _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College Oct 3 - Mobile Web Development Nov 7 - Typography: Physical Art to Digital Art Dec 5 - Sysadmin Panel
