On Wed, Feb 21, 2007 at 11:39:14AM -0500, stuartv wrote:
> I have FINALLY been allowed to schedule time to replace the
> aging mail server. Currently, it is running OpenBSD 3.7,
> with sendmail, smtp-vilter, and clamav. This is our internal
> mail server and it uses fetchmail to get our email off of
> the public server and sends our email out using a smart relay
> host provided by our ISP. When I originally set this server
> up I was also running spamassassin but had to remove it
> because it was causing the system to time out and stop getting
> mail for some reason that I never figured out. The boss where
> I work has NO sense of humor about not getting her email, and
> doesn't seem to get enough spam that it bothered her so I
> did the "better part of valor" thing and just axed the
> spamassassin. Lately, we have been receiving emails with
> larger and larger attachments which has been causing the
> clamav to take to long scanning them and thus a time-out and
> again, no more email until I get it straitened out.
>
> So now to my question. What software works really well for
> an internal mail server? I would like some spam protection
> and I NEED Anti-virus, and I need it all to work even when
> a customer sends an email with a 50M file attachment because
> they sometimes do.
>
> I don't mind doing the research and figuring out how to make
> it all work (although a point in the right direction would
> be appreciated). I just would like to know what people are
> using that really works for them.
You've already received some very good replies, so I'll try to not
repeat them too much.
The first thought I had, and which was not pointed out explicitly, is
that I've never had this problem. After a moment's thought, and assuming
my understanding of your problem is correct, I decided that the
important difference is that you run sendmail.
I use postfix, and postfix does the heavyweight filtering *after*
accepting the mail. You can give SpamAssassin, ClamAV, and other CPU
hogs as much time as they need to finish it, and if you run a couple of
instances in parallel it won't even hurt average delivery times much.
I'm sure this is not just a sendmail/postfix thing (i.e. you don't have
to run postfix to get this done; in fact, clever (ab)use of
procmail/maildrop will almost certainly allow the same approach), and I
*do* feel I need to point out that postfix' approach has the obvious
issue of how to let someone know that you consigned their mail to
/dev/null (mostly, you don't). However, unless I am mistaken as to the
problem at hand, it would help in your case.
There's also the option of switching to a lighter spam filter (there's
no real alternative for ClamAV, to the best of my knowledge); I've heard
good things about dspam, but have kept off actually implementing them
for a very long time already. While spamd is not really a spam filter in
the sense that SA is, it *is* very lightweight and handles large mail
well. As an alternative, beefier hardware may have the same effect.
I also seem to recall that both ClamAV and SA had options not to process
mail above a certain size; this would also be a near-complete solution,
albeit one with obvious downsides, particularly in the case of ClamAV.
Joachim
