On 2007-02-01 09:28:10 -0500, John Peacock wrote: > Bryan Scott wrote: > >Forkserver maxes at 30 on the 2 filters and 15 on the primary (which is > >mostly answering to machines using stale DNS records, i.e. dynamic > >zombie hosts). > > That is almost precisely our current configuration (except that the > inbound servers are ~450MHz Pentium-equivalent!). I actually refuse any > non-AUTH traffic on the primary server, since it has never been an MX > record. I can't use greylisting because too many people here get all > freaked out if a message doesn't appear instantly in their inbox. :(
When some of our users got freaked out because of this (three years
ago), I added the means to enable greylisting on a per-recipient basis,
turned it off for all users and reenabled it only for those that wanted
it. I think most of those who get a lot of spam asked it to be reenabled
within a few days, so greylisting is quite effective although it is
enabled for only a relatively small percentage of the addresses.
Most of the time when forkserver maxes out the problem isn't CPU
usage[0], it's clients which simply connect and hang around doing
nothing until the timeout kills them. Greylisting doesn't help there, of
course.
hp
[0] Our MXs are 2.4 GHz Pentiums, though, so that's hardly surprising.
--
_ | Peter J. Holzer | I know I'd be respectful of a pirate
|_|_) | Sysadmin WSR | with an emu on his shoulder.
| | | [EMAIL PROTECTED] |
__/ | http://www.hjp.at/ | -- Sam in "Freefall"
signature.asc
Description: Digital signature
