On Thu, 2002-01-17 at 10:51, brad wrote:
Problem: CPU usage with procmail to high, MTA stops accepting email
because of load average / Sendmail 8.11 has problems with SA and
unexpected or long error codes.
Potential Resolutions and what I have learned thus far please feel free to
adjust:
Don't run your smtp server / pop3 server and SA on the same machine on
heavily loaded server. SA takes 5-7 seconds per message and can leave
hundreds of procmail processes running.
Do you also see hundreds of spamc processes? If not, the problem is procmail (maybe it's waiting on a lock?), not spamassassin. I would recommend (if you don't need it) taking procmail out of the loop by getting sendmail to invoke spamc (or call out to spamd itself somehow, milter?); or at the very least take a good look at your procmail recipes. Also, if those spamc processes are hanging around for a long time, and it's not just procmail, then you might want to do this anyway, since procmail is a much bigger process than spamc.
Perhaps this is the best way.
Case 1
******
3 or more machines:
2 running your MTA / SA / and procmail for delivery via NFS to your "main
mail server"
Generally I try to avoid setups where there's a lot of NFS writing going on. It's just asking for trouble in my experience.
1 "main mail server" running pop3 / IMAP agents and providing the services
to your customers and supporting local file delivery via NFS from your
front end machines
I am thinking postfix for the front ends and then using courier pop/imap
on the main server
Not sure why lots of people seem to think "courier" when they think IMAP. Cyrus is so way much better in my experience, and the design seems like it should be much faster, more scaleable, and more recoverable. But don't necessarily take this as solid advice, I've never really whaled on Cyrus, just used it in fairly low-volume setups.
Case 2
******
1 or more head machine running a "multi threaded spam proxy" with SA which
then processes the mail and sends it to "main mail server" running no SA just
MTA / LDA / pop3 / IMAP
keep existing sendmail config + qpopper / imap
Case 3
******
1 or more head machine running with SA which connects to a SPAMD machine
to do the scanning and then then processes the mail and sends it to "main mail server"
running no SA just MTA / LDA / pop3 / IMAP
keep existing config + popper / imap
I would suggest this, under the KISS principle.
