Quoting Gil Freund, from the post of Tue, 09 May: > 1. Are you scanning everything? I don't scan anything over 256K, and > amavis docs suggest 64K. > 2. The more RAM the merrier (isn't it always....) > 3. graylisting. > 4. Do you check for recipients existence before scanning? > 5. more daemons? I use 4 daemons for 20 users (but this is only a mail > relay). > 6. Scan for virii before scanning for spam.
the setup is qmail running simscan on the way to qmail-queue: http://inter7.com/?page=simscan Since the tests are taking place DURING the smtp session, the spammers get a rejection of their mail on the spot (first test that fails), rather than a bounce that probably never gets to them. Basicly this is the list of tests, by order: 1. RBL test on TCP connect against 3 RBLs 2. "badmailto" and "badmailfrom" blacklists on senders and recipients 3. bad attachment suffixes are killed on the spot (like exe, bat, pif, etc) 4. clamav, which defaults the ClamukoMaxFileSize parameter to 5M (not 64k) 5. spamc and spamd with a short list of whitelisted domains, and about 15 rulesets from SARE updated nightly. 6. if all of the above passed OK, the sender gets his "250 OK" and the message goes to the internal queue for further sorting and delivery. and yet, the spamd is still very heavily loaded. To answer GSM - the server serves more people than just myself, so I'm not really able to put tighter rules other than whitelist a few domains. 3 spamd procs seems to be the limit before spamd breaks loose, and starts slowing the system down to a halt. the main players here are apache2, spamd and mysql. I have 1.5 gig of ram and a P4/2.8. I have no idea why it should be this heavy. -- The secret password: Ira Abramov http://ira.abramov.org/email/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
