On 14 Apr 2016, at 15:49, David Mehler wrote:
Lastly, related to antispam, currently I'm running MailScanner,
So you don't really care about your email?
There's a warning about the inherently risky and unsupported mechanism
MailScanner uses to get mail from Postfix at
http://www.postfix.org/addon.html#content and I am directly familiar
with cases of that central design flaw causing actual loss of mail in
the Postfix ~2.7 era. Lots of people use it without trouble, or at least
not that they notice, but it depends on Postfix not changing the
internal details of queue file management, which it may well have done
between 2.11 and 3.1.
but to
be honest I'm really liking it, it did the job, but it was slow. An
example, sent a single message, postfix got it, passed it to
MailScanner, which then took 3 to 5 minutes
Minutes? Did you mean to write seconds?
to process it, and send it
back to postfix, which then picked it up and sent it on to dovecot for
normal delivery. I've also used Amavisd-new in the past and noted the
same slowness, wondering if this is a Spamassassin thing?
I've managed many types of Internet-facing mail servers using
SpamAssassin for over a decade and have never seen a case of ANY SA
interface for ANY MTA typically taking *minutes* to scan a message. The
only ways I can imagine to cause such slowness would be gross memory
starvation combined with a pathologically misconfigured DNS environment,
intentional queue bottlenecking through the filtering interface, or
severe CPU overload.
Examples: I have one system with a 2006 2GHz Core Duo which scans every
piece of mail that it delivers through SA 3.4.1 via MIMEDefang with an
extensive set of local rules and no shortcircuiting. 90% of the messages
it has handled in the past 34 days have taken less than 3 seconds TOTAL
delay including the time Postfix itself uses. On a beefier VM where I
have a different tool stack using spamc/spamd for filtering, spamd's
logging shows 95% of messages this week taking less than a second to
scan, nothing over 1.5.
Something is badly broken if SA is taking minutes to scan messages. I'd
be concerned by a system where 3-5 seconds was normal, but that should
be easy to reach just by using non-local DNS and easy to fix by bringing
up a local caching recursive resolver. If you want to try to fix
whatever's broken there instead of jumping into the unknown, you might
want to look for help on the SpamAssassin list.
So, I'm
thinking about going to rspamd and if anyone is using this i'd
appreciate some pro conn feedback.
I've not used it and can't speak to its speed or accuracy. I'm a bit
concerned about how they claim to have tested its speed vs. SA, which
seems more like a demo of the astounding fact that testing with a larger
ruleset by running SA's rules via their plugin makes rspamd much slower.
On the other hand, I expect it is less risky than MailScanner.
