-----Original Message-----
From: amavis-user-bounces lists.sourceforge.net
[mailto:amavis-user-bounceslists.sourceforge.net] On
Behalf Of Gary V
Sent: Thursday, March 20, 2008 10:22 PM
To: amavis-userlists.sourceforge.net
Subject: Re: [AMaViS-user] Advice on specs accroding to the
amount of mail I
recieve per month
On 3/20/08, Ilo Lorusso wrote:
>
> Hi,
>
> I would like some input from the experts if possible ;)
I recieve on
estimate about 23 million mails a month
>
Or about 18 messages per second on average.
> can someone advice what would be the best approuch to
setting up
amavisd-new as my spam solution.
>
It's hard to answer your question, and even though I'm not
an expert,
I will give my 2 cents anyway, even if it's possibly bad
advice.
> - How many servers would recommend ?
Let's see, dual Zeons with 4 gigs ram and fast hard drives.
Let's go
with 20 $max_servers each and assume it takes between 2 and
5 seconds
per message. If we need 20 messages per second, that comes
out to 2 to
5 of these boxes. Possibly start with two, add domains one
at a time
until the servers croak, then start on the third box if
needed, and so
on. Maybe just start with one in order to first measure real
life
throughput and experiment with tuning. Add one domain at a
time, when
it reaches the croaking point, and you are desperate to get
the mail
delivered, turn off spam scanning (or possibly just network
tests)
until the queue clears.
> - Would you recommend I use a MySQL database for Bayes
?
Yes, but it needs to be tuned for performance and I
recommend
including a timestamp field in the awl and bayes_seen tables
and then
purging records out of these tables that are more than a
couple weeks
old on a daily basis (these tables grow forever by
default).
Run a cron job to go thru and clear out messages older than
X amount of
days. I think Bayes for MySQL has a self prune
option......But, don't quote
me on that. If you run CRM114; then you can nix Bayes.
> - Would you recommend I use RBLs on postfix aswell to
cut down on the load
for Amavisd-new?
Yes, but only one or two or three I think. The most often
recommended
one (zen.spamhaus.org) will deny you access after a short
while
(because of your volume of mail) unless you pay for the
service, so
you would need to pay.
With that volume, would it be better to just rsync those
BLs' down to your
DNS? I just use up to 7 dnsbl in SA. Look at using the
Shortcircuit plugin
in SA 3.2.x, too.
Which AV are you planning on using? We use ClamAV with the
sanesecurity
signatures. Catches and scores a lot of messages.
> - Would you recommend using DSPAM option within
amavis?
No.
Agrees with Gary on this. CRM114 works well with it. You can
even control
CRM114 based on reached scores, too.
> - Would you recommend using a ramdisc for when
processing amavis files?
Not really. It's not cool when it's full.
> - What else would one recommed to a 95% spam capture
rate?
Learn how everything that can affect the spamassassin score
works, or
anything that can reject mail works. Assuming these are
relay servers,
you MUST reject mail to unknown users. This means any server
you build
must either have a list of every recipient for each of the
domains you
are responsible for (a relay_recipients map), or the
downstream
servers MUST immediately reject mail to unknown recipients
so you can
take advantage of Postfix' recipient verification
(reject_unverified_recipient). A big hammer that is easy to
implement
is greylisting (selective greylisting is preferred), but
there are
real issues with delayed mail and occasional false positives
that make
it potentially unsuitable for large installations. In
smaller
installations you can simply whitelist problematic servers,
but that
may not be practical in a larger implementation. Knowing the
system is
your best weapon.
Doing mta based checks for bad MX hosts and misconfigured
DNS (yes! We get a
lot of those. Seems they forget to update the reverse zone
file.)
> - How can I obtain an even balance of mail between my
mx servers ? even
though they are set to equal prefernces
>
Assuming you are working with a number of domains, for each
of the
busiest domains, you could try listing the servers in a
different
(rotating) order. If you only have one domain, then I don't
have a
clue. My guess is not all name servers dish up round robin,
or maybe
intermediate servers cache only one record, and hence the
imbalance,
but I'm guessing here.
You can balance this using a central MX record that balances
the load
between two additional MX records (hosts).
>
> Thanks?
>
>
> Ilo
--
Gary V
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|
