Re: running spamd on firewall ord on the mailsystem

2017-09-25 Thread Boudewijn Dijkstra 
Op Tue, 19 Sep 2017 09:35:04 +0200 schreef Peter N. M. Hansteen  
:

On 09/19/17 09:10, rosjat wrote:


I like to get some opinions on where to use the spamd daemon. Is it
better to do the heavy stuff on the firewall or let it all pass to the
mailsystem and do the filtering there?


OpenBSD's spamd is not in any way a 'heavy' service.


Indeed.  On my site, with 12k messages tarpitted last week, spamd (with  
-v) took about the same cpu time as ntpd.  Spamlogd even less.  Together  
about 7.5M resident memory.



It's entirely
possible to run it on the actual mail server, but I tend to recommend
stopping unwanted traffic early and set up on the directly
internet-facing host (aka the firewall).


Note that the spamd(8) manual page assumes it's the same machine, so using  
different machines is a less trivial pf.conf setup.  IIRC it requires  
route-to in stead of divert-to for your whitelist(s), or a divert-to with  
a relayd/nc relay.




--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Re: running spamd on firewall ord on the mailsystem

2017-09-19 Thread Peter N. M. Hansteen 
On 09/19/17 09:10, rosjat wrote:

> I like to get some opinions on where to use the spamd daemon. Is it
> better to do the heavy stuff on the firewall or let it all pass to the
> mailsystem and do the filtering there?

OpenBSD's spamd is not in any way a 'heavy' service. It's entirely
possible to run it on the actual mail server, but I tend to recommend
stopping unwanted traffic early and set up on the directly
internet-facing host (aka the firewall).

Whichever way you do it, after enabling spamd you will see the load on
the content filtering machines drop considerably. There will be a lot
less of the heavy computation tasks involved in content filtering that
need to be performed.

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

running spamd on firewall ord on the mailsystem

2017-09-19 Thread rosjat 

Hi there,

I like to get some opinions on where to use the spamd daemon. Is it 
better to do the heavy stuff on the firewall or let it all pass to the 
mailsystem and do the filtering there?


regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT