On Sep 28, 2006, at 5:04 PM, Eric Merkel wrote:
Would it make more sense to have one system acting as the firewalling bridge in front of the email servers or should I use two bridges? My gut instinct says it would be easier to have one bridge so that I wouldn't have to keep the spamdb synced between multiple boxes but I want to get other's opinions.
I haven't tested this myself yet. While I know that the PF states can be kept in sync between the two, keeping the tuple information sync'd is what I have not figured out yet. I would vote for 3+ machines, owing to service availability. I'm guessing your user base is at least 100K probably closer to 200K. In which case having four/ five 9s of service availability might be important. 2 machines is nice, but 3 would be better, IMO. Then you could take one out for maintenance and the other two could still process the load and defend against an attack that might happen while the 3rd is being serviced.
Also, I have no idea what size server I am going to need for the bridge/spamd machine. We're currently doing between 1.5 & 2 million emails a day. Can anyone else share what type of hardware/memory etc they are using for greylisting this many emails?
Does 2M represent legit and junk? Assuming that its both, figure that 80% of that comes in during 10 hours of the day, that would be about 44 msgs/sec. Of course this is talking normal MTA type transactions, of which spamd is not an MTA.
I've never done any size/perf testing with spamd. I suspect any modern day machine would handle the load very nicely.
-Chad
