On Thu, 24 Oct 2002 [EMAIL PROTECTED] wrote: > Hello all, > > My goal today is to get this filtering working on my 4 mail servers. > Just a summary of my situation. I dont know if anyone is using this is a heavy > production environment ( I assume so ) but I am running 4 Quad Xeon servers (1 > Gig RAM) and Spamassassin (spamd) and routing mail that has a score of 10 or > higher to dev/null. > > This is working very well. We are a heavily spammed organization with a bit > over 70,000 users. > > Without spamassassin on, my loads are normaly .5 - 2 (pop gets a bit slugish and > stops responding after 4 or 5 ) > With SA running the load is around 1.5 which is fine. > > I am running SA 2.43 from an RPM in totly stock config ( except for changing > limit from 5 to 10 ) > > Now the problem: > > I am seeing huge CPU spikes over time. > I can run for a few minutes to almost an hour and then the CPU will load up to > 30.00 or more. Obviously this is killing the machine. So them I have to shut > SA off and let it catch up. > > I see in the log files that during this time the spamd takes upwards of 30 > seconds to flag a message. So that must be part of the problem. Or probably a > symptom. In this environment ( 6000 - 15000 messages and hour ) should I be > running the stock config or taking some of the checks out? Are some hanging or > taking too long? > > I need to know what to check and how to determine the problem. I hope that I > can give some feedback for this product in a high volume environment but also > need to get this working so that it does not kill the machines.....
My best guess is that the delays are being caused by you DNS blacklist lookups. Try scoring all of them zero and let SA run again. If it doesn't crash then you should probably make some DNS changes. It's also likely that Razor is bringing you down. Set it's score to 0 to disable it too. Personally I *only* use DNSBLs that I can get a zone transfer of and we're not that big. Never mind the recommendations on minimum number of messages/day before setting up zone transfers. If you want you mail system to operate independant of the conditions outside your network (where ever the master for a zone happens to be), use zone transfers. We bought zone transfer abilities for the RSS and DUL. I use 7 DNSBLs total, all from zone transfers. If relays.osirusoft.com had major problems and I was querying it directly, any possible network bobble or DoS attack on the ORSS could make my mail system hang. I recently expanded the relays.osirusoft.com lookup to query each sub-domain individually for stats gathering. That brings the total number of queries per message on my system to around 20. If you think you existing DNS system might have problems keeping up, build a new one for the task. Your server farm should probably have a dedicated DNS system that users can't directly query. In fact you server farm should be the only subnets allowed to query it. Those DNS boxes shouldn't be NS records in your zone files. Make them slaves of your zones though. Make sure your MTAs have high speed access to the DNS system. I'm fond of installing a 2nd set of nics in your servers and having a private network on the backside for high speed "dedicated" access to server farm resources such as NFS servers, NTP server, NIS server, syslog servers, other servers in general, etc... That brings me to another question. Are you letting syslog write locally or are you directing it elsewhere? Do the latter. Drops I/O and ultimately load significantly. You mentioned POP above and how the load was affecting the users. Are you running POP daemons on these 4 boxes too? If so, have you considered moving POP to a different box or set of boxes? What daemon are you using? Have you looked into the resource-saving features of Qpopper? Do you let users store mail on the server? Where are you user spools stored? Mounted over NFS? maildir? 70,000 users but how many messages/day? One of my installs has only 3,000 users @ about 45,000 messages/day. If that compares to you then we're talking about 1,050,000/day or so for you. J ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
