At 08/09/04 20:42 (), you wrote:
On Sep 7, 2004, at 11:54 PM, Devendra Singh wrote:c) what Anti-Virus and Anti-Spam tools are you using
AntiVirus is clamav-0.75.1 and AntiSpam is SpamAssassin-2.63 with patched version of qmail-scanner "Qmail-Scanner-1.23st (st patch)" from http://xoomer.virgilio.it/j.toribio/qmail-scanner/. This patched version of qmail-scanner has been used to selectively enable only 20% of the domains to have AntiVirus/AntiSpam enabled. I am also using the "--sa-reject" option to have spam messages with a score higher than sa-delete (score of 16 in my case) to be rejected before the smtp session is closed.
I'd probably point the finger at qmail-scanner. It's a major resource hog and starts a perl instance every time a message comes in.
I do agree, in fact I knew. Weighing Options.
I use clamav and SpamAssassin as well, but use qscanq (google for it) and qmail-spamc (included with SpamAssassin) to block viruses and score spam on messages at the qmail-queue stage. Unfortunately, without patching, you won't be able to selectively enable it per domain or have an sa-reject option.
I would look at qscanq as well as QMVC suggested by Dr Erwin. I would also look for any other options if possible. But, I need to enable / disable AntiVirus & AntiSpam for Selective email-addresses (and domains). Also, Clients requirements have forced me to quarantine Spam above certain level and should be intimated to the sender (just in case its's a real sender). If we bounce the spam it will result into a double bounce mostly. Hence rejection is required.
You could look at some of the patches Ken Jones of Inter7 has put together to add SpamAssassin integration to vdelivermail. This would offload the spam processing from qmail-smptd, and can be enabled on a per-domain basis. You could then replace qmail-scanner with qscanq to block viruses (for all domains) at the smtpd level.
Where can I find those patches by Ken? Any URL please (I tried searching the archives).
- It might me worthwilhe to reduce the incoming-concurrency. Drop it to 30.
Any figures less than 80 would cause lot many Servers not to get smtp connect to our Server during peak time of 0100 to 0500 hrs EDT.
Maybe not. You need to determine whether a lower concurrency will reduce the amount of time spent on each message and ultimately allow more connections per hour. Once you start hitting virtual memory, all of the current connections will get bogged down.
Take a look at how many messages are processed per hour at 100, and then at 80. If the queue is growing and messages aren't getting delivered, there's not much benefit to queueing the message instead of just not accepting the connection.
I am experimenting on it.
However, I have got sigh of relief (probably for the time being), by adding sbl-xbl.spamhaus.org to rblsmtpd (I was already using bl.spamcop.net). This has reduced the SMTPD threads a bit.
May I request Dr Erwin to get reply on my reply to his reply in this thread. I have already tried the newanalyse package on a development (Fedora) Server. It works, great. The qmFind did not compile.
One more question Dr Erwin, The SMTP log is more informative after your SpamControl Patch but it lacks the IP addresses in front of the entries. Have I missed something or its like that only. Here is a sample.
@4000000041416592147f8924 Accept::SNDR::Relay_Client: MailFrom: <[EMAIL PROTECTED]> RcptTo: <[EMAIL PROTECTED]>
@40000000414165921589e0bc tcpserver: deny 3214 xxxxx.xxxxxxxxx.xxx:111.222.333.444:25 :126.96.36.199::63771 MAXCONNIP:5
@400000004141659217e0a9cc Accept::ORIG::Local_Sender: MailFrom: <[EMAIL PROTECTED]> RcptTo: <[EMAIL PROTECTED]>
@40000000414165921e41b07c Accept::ORIG::Local_Sender: MailFrom: <[EMAIL PROTECTED]> RcptTo: <[EMAIL PROTECTED]>
@40000000414165cb2f16d51c tcpserver: status: 69/80
@40000000414165cc0cfb055c Accept::RCPT::Rcpthosts_Rcptto: MailFrom: <[EMAIL PROTECTED]> RcptTo: <[EMAIL PROTECTED]>
@40000000414165cc181127dc tcpserver: status: 70/80
@40000000414165f0227f90dc tcpserver: ok 5737 xxxxx.xxxxxxxxx.xxx:111.222.333.444:25 :188.8.131.52::2812
@40000000414165f025019c24 tcpserver: ok 5736 xxxxx.xxxxxxxxx.xxx:111.222.333.444:25 :184.108.40.206:dvromafh:2447
@40000000414165f026fdc5fc Reject::SNDR::Invalid_Relay: MailFrom: <[EMAIL PROTECTED]> RcptTo: <[EMAIL PROTECTED]>
@40000000414165f02792fd34 tcpserver: ok 5174 xxxxx.xxxxxxxxx.xxx:111.222.333.444:25 :220.127.116.11::1854
@40000000414166381540b25c Reject::ORIG::No_DNSMX: MailFrom: <[EMAIL PROTECTED]> RcptTo: <[EMAIL PROTECTED]>