Here is summary of all the responses. Thanks to all who resonded, your
suggestions have been very helpful.
We will
- reduce the number of SA max-children
- look at ratelimit in exim
- only spam scan messages under a certain size
Aaron Wolfe
We reduce the messages bound fo
> -Original Message-
> From: Paul Griffith [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 10, 2007 12:48 PM
> To: users@spamassassin.apache.org
> Subject: Handling Spam Surges
>
>
> Greetings,
>
> How do you handle Spam surges/DoS attacks? We just h
On Mon, 10 Sep 2007, Paul Griffith wrote:
> Greetings,
>
> How do you handle Spam surges/DoS attacks? We just had a Spam surge/DoS
> and are looking at ways to better withstand (as best as we can) another
> surge
>
>
> Here is how we start SA:
>
> -c -d -r $PIDFILE -s /var/log/spamd --socketpath=$
; after killing itself
> Fri Sep 7 16:30:41 2007 [26914] warn: prefork: killing failed child 24687
> fd=undefined at
> /xsys/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/SpamdForkScaling.pm line
> 171.
> Fri Sep 7 16:30:41 2007 [26914] warn: prefork: killed child 24687
>
>
>
26914] warn: prefork: killed child 24687
Looking at the swap usage, I was thinking I would be better if I reduced
the number of children processes and let thing queue up. I know I will
also have to look at exim and it's ratelimit command. Any other idea's on
handling spam surges/DoS?
Thanks
Paul
