On 9/28/06, Chad M Stewart <[EMAIL PROTECTED]> wrote:
On Sep 28, 2006, at 5:04 PM, Eric Merkel wrote: > Would it make more sense to have one system acting as the firewalling > bridge in front of the email servers or should I use two bridges? My > gut instinct says it would be easier to have one bridge so that I > wouldn't have to keep the spamdb synced between multiple boxes but I > want to get other's opinions. I haven't tested this myself yet. While I know that the PF states can be kept in sync between the two, keeping the tuple information sync'd is what I have not figured out yet. I would vote for 3+ machines, owing to service availability. I'm guessing your user base is at least 100K probably closer to 200K. In which case having four/ five 9s of service availability might be important. 2 machines is nice, but 3 would be better, IMO. Then you could take one out for maintenance and the other two could still process the load and defend against an attack that might happen while the 3rd is being serviced.
It's actually closer to 20,000 mailboxes.
> > Also, I have no idea what size server I am going to need for the > bridge/spamd machine. We're currently doing between 1.5 & 2 million > emails a day. Can anyone else share what type of hardware/memory etc > they are using for greylisting this many emails? Does 2M represent legit and junk? Assuming that its both, figure that 80% of that comes in during 10 hours of the day, that would be about 44 msgs/sec. Of course this is talking normal MTA type transactions, of which spamd is not an MTA.
Unfortunately, I would say 95% of this mail is spam. Most of this mail is either getting blocked outright or SpamAssassin is tagging and then it is getting filtered in the users mailbox. I like the spam/virus appliance we're using, but I would really love to lower the overall volume of messages because there are times when our MX's get backed up and mail is delayed. Since our current system doesn't support greylisting. I am wanting to try OpenBSD for this purpose.
I've never done any size/perf testing with spamd. I suspect any modern day machine would handle the load very nicely.
Unfortuntely, I don't have any "new" hardware laying around. I have some old Sparc's but was thinking of using a decomissioned PIII 700Mhz machine with 512M-1G memory. Should that handle the load or should I buy something a little beefier? I could probably use a couple switches and spanning tree, preference the bridge as primary and if the machine ever died use a secondary path between switches. -Eric -Eric
