Run top on the machines running spamd. If load is high, but there are
regular amounts of CPU idling, then network tests are slowing the
processes down and your servers aren't working to their potential. In
which case, have more spamd children ready to handle more simultaneous
activity, which may require more ram. Load is just the number jobs in
the run queue, not the slowness of the server, some of the jobs could be
awaiting network traffic. Dual CPU machines handle higher load better
then single CPU machines. if CPU is always fully tied up with user
processes, then you need more CPU, or fewer tests.
At the mx level, reject mail that fails sbl-xbl tests, doesn't have
valid HELO/EHLO, and isn't for valid users. That will drastically reduce
the volume your SA servers have to process. Make them as picky as you
can without getting tarred and feathered by your end users.
On Wed, Feb 08, 2006 at 04:33:44PM +, Ronan wrote:
Im currently running 3 mailhubs into our uni which scan all mail.
I have two dual-opteron boxes running spamd 3.1 w/ DCC, razor, pyzor,
caching bind w/rbldnsd server for SURBL, {AWL,BAYES (running off
seperate MySQL DB)} and various rules from SARE.
The hubs scan the messags then route them to various hosts/domains.
the boxes are in failover atm and im loathed to simply round robin the
scanning to them as if one goes then were screwed, if no one is around
During busy periods of the day the mailhubs start refusing new
connections as the Spamd machine churns away on the existing emails and
cant keep up with the rate.
This is down purely to the network tests, becuase if I enable -L then
the mails simply flood in.
Im sure there are others out there who have had to draw the line between
what options they can include in their scanning to get the best stable
system vs performance.
What I had in mind is this:
At the MX level I simply run local tests only (we dont reject on
spamscore. we simply tag) and route the message as normal to our hosts.
Now on the hosts we could then run a version of SA without any of the
rules but simply a 'network only' version ie SURBL,razor,pyzor etc and
add whatever score is here to the headers in the message before
deliveing to the local users mailbox. As at this stage we are no longer
holding up any connections etc and the users can wait 10-20 extra
seconds for their message before the network tests finsih/timeout...
What modifications would be needed to SA to accomplish this or is this
an MTA issue to rewrite the headers on the hosts?
We run EXIM on all MTAs and hosts here so it shouldn't be too much of an
issue at that level.
What do you think?
Ronan
--
Ronan McGlue
Analyst / Programmer
CMC Systems Group
Queens University Belfast
--
/*
Jason Philbrook | Midcoast Internet Solutions - Internet Access,
KB1IOJ| Hosting, and TCP-IP Networks for Midcoast Maine
http://f64.nu/ | http://www.midcoast.com/
*/