Hello Paul,
Thursday, February 21, 2008, 7:52:55 PM, you wrote:
Ie, ideal for processing/serving 10+ million emails per day in an
imail/declude/snf configuration. SNF seems to generally be the big
processor hog (though the new beta has definitely made huge performance
improvements over the prior version).
One of our test platforms uses a single 2.6G processor, IMail, and SNF
and consistently handles 4.6 million messages per day. (Typ 2800 -
4500 msg/minute) Of course, that's a special appliation (pre-screening
inbound traps) but it does give a rough idea what is possible in your
chosen environment.
OK...this is a bit off-topic, but I'm looking for some feedback in how to
plan for handling this type of load (current load is between 1.3m and
1.8m/day).
Should I just throw more high performance hardware at it?
Probably not.
Scale out perhaps by dedicating a server to just the junk mail scanning.
Then have a relatively wimpy server taking care of normal Imail stuff
(recipient of the declude/snf clean and/or tagged emails).
Two key problems with the IMail platform is that it never stops taking
messages and it doesn't support any kind of dynamic connection
blocking. Fixing these problems allows IMail to scale to numbers like
that.
One way to go there would be to set up proxy gateways using eWall in
front of your IMail servers. Put SNF on eWall and use it to reject
dictionary harvest attacks and possibly even some traffic based on
SNF. Definitely use SNF truncate events to add sources to the eWall
blacklist. Generally this approach alone will kill off a LOT of
traffic that would otherwise bog down IMail/Declude without
introducing false positives. You would have many additional options
with eWall in this configuration - but you wouldn't need them
necessarily and since eWall is amazingly inexpensive you would be
getting a big bang for your buck.
Your IMail servers w/ Declude could sit behind a pair of eWall
gateways (for redundancy) and provide all of the flexibility and
additional testing you're used to -- so you wouldn't need to re-tool
your infrastructure very much.
You probably don't want to scale up using heavy hardware. Instead, use
cheaper - more generic hardware and increase your redundancy. One good
reason for this philosophy is that if you have a pair of very high -
end boxes handling *anything* and one of them dies then it is unlikely
the remaining box will be able to absorb twice as much *anything* as
it normally handles. In contrast, when one of three moderate boxes
handling *anything* the remaining two boxes are very likely to be able
to absorb 50% more traffic each.
Along that line of thought, can SNF be configured to work directly with the
MS/IIS SMTP server? This combo could work great as a spam-killing gateway.
Yes and no. IIRC, ORF uses IIS SMTP and will tie in SNF nicely.
Also - if you have some skills you could tie SNF into IIS SMTP using
our DLL (not published yet, but available and in use on a number of
proprietary systems).
Out of the box we don't have an SNF + IIS SMTP solution (yet).
Has anyone assembled this sort of configuration in a load balanced/redundant
environment?
It has been done. Most that I know of who have done this eventually
moved away from IMail/Declude as they grew beyond the numbers you're
talking about and developed their own proprietary filtering platform
(using SNF as it's core) on top of a more robust EMail platform
(Communigate for example).
Others who are comfortable with mixed environments have deployed SNF
in their gateways.
The general model for scalability is to isolate inbound gateways,
user-centered email servers (pop, imap) and outbound gateways into
separate layers with their own redundancies. It is also common for
each layer to use it's own hardware and software platforms - each best
suited to the specific task.
Hope this helps,
_M
--
Pete McNeil
Chief Scientist,
Arm Research Labs, LLC.
#
This message is sent to you because you are subscribed to
the mailing list sniffer@sortmonster.com.
To unsubscribe, E-mail to: [EMAIL PROTECTED]
To switch to the DIGEST mode, E-mail to [EMAIL PROTECTED]
To switch to the INDEX mode, E-mail to [EMAIL PROTECTED]
Send administrative queries to [EMAIL PROTECTED]
