Chris Turan wrote:
Hey All,
I'm having an issue with backscatter emails and implementing a
before-queue spam and virus scanner. My current mail server uses a
after-queue amavisd-new scanner with spamassassin and clamav. In the
last two weeks, my system has started *sending* a significant number
of backscatter messages.
I need to silence these messages in a safe and reliable way. Here are
my criteria:
1) Reject the message before the end of the smtp transaction.
2) Scan for both spam and viruses.
3) Never discard. MTA must deliver-and-tag or reject-and-notify.
4) Scan both incoming and outgoing messages.
5) Scanner is fast, runs as a daemon, and is preferably written in a
faster language like C.
Despite my best research, I have not yet found a way to do all five of
these. Can anyone recommend a way to run amavis as before-queue
scanner, or to recommend a different scanner better than amavisd-new.
To eliminate *sending* backscatter, all you need to do is not accept
mail you won't be able to deliver:
http://www.postfix.org/BACKSCATTER_README.html
amavisd-new with spamassassin and clamav will handle #2 #3 and #4 and
maybe #5 depending on what you think "fast" is.
Unfortunately, there's still no such thing as a "free lunch" and both
the virus and spam scanning are not exactly speedy, regardless of how
fast amavis is. The trick is to reject everything possible using other
means (blacklists, regular expressions, other tests) before finally
sending the message to the scanners.
That said, it depends very much on your mail volume and how much is spam
and how much is ham. I have a small (2 processor, 512M/RAM) mail server
that runs anywhere from 30K-60K connections/day, rejects way over 90% of
the attempts and still only runs at less than 2% utilization until the
spam/AV scanners are started, at which point it runs around 50% for a
few seconds, then goes back to 0.
Unless you're running a really big site or a really old server, it's
unlikely that the performance issues you're worried about will actually
be a problem.
Postfix is extremely efficient, and the cost of rejecting unwanted
connections is really low.
Back to your actual problem, if you can post the output from postconf
-n, someone can probably tell you what's wrong.
Terry
