Im currently running 3 mailhubs into our uni which scan all mail.
I have two dual-opteron boxes running spamd 3.1 w/ DCC, razor, pyzor,
caching bind w/rbldnsd server for SURBL, {AWL,BAYES (running off
seperate MySQL DB)} and various rules from SARE.
The hubs scan the messags then route them to various hosts/domains.
the boxes are in failover atm and im loathed to simply round robin the
scanning to them as if one goes then were screwed, if no one is around
During busy periods of the day the mailhubs start refusing new
connections as the Spamd machine churns away on the existing emails and
cant keep up with the rate.
This is down purely to the network tests, becuase if I enable -L then
the mails simply flood in.
Im sure there are others out there who have had to draw the line between
what options they can include in their scanning to get the best stable
system vs performance.
What I had in mind is this:
At the MX level I simply run local tests only (we dont reject on
spamscore. we simply tag) and route the message as normal to our hosts.
Now on the hosts we could then run a version of SA without any of the
rules but simply a 'network only' version ie SURBL,razor,pyzor etc and
add whatever score is here to the headers in the message before
deliveing to the local users mailbox. As at this stage we are no longer
holding up any connections etc and the users can wait 10-20 extra
seconds for their message before the network tests finsih/timeout...
What modifications would be needed to SA to accomplish this or is this
an MTA issue to rewrite the headers on the hosts?
We run EXIM on all MTAs and hosts here so it shouldn't be too much of an
issue at that level.
What do you think?
Ronan
--
Ronan McGlue
Analyst / Programmer
CMC Systems Group
Queens University Belfast
