Ed Russell wrote:
User validation is going to be tough or all but impossible. This box
forwards off the mail to an NT box running SL Mail. There is no easy way to
get a userlist out of this product. In addition the users change daily and
some even use multi-drops.
You don't need to get a user list, you just need to ask the destination
server if the user exists before accepting the message. This is what
milter-ahead does on my MailScanner servers. I process and forward to
servers running qmail(my toasters) and Exchange, GroupMail, Groupwise,
Sendmail(my clients servers). All respond correctly to milter-ahead. I
do not know of a way to duplicate milter-ahead in qmail without
requiring something like vpopmail or LDAP.
Did you look at using dnscache? That might buy you enough breathing room
to shop around for a solution to user verification.
DAve
Ed
---------------------------------------------------
Talk is cheap since supply always exceeds demand.
---------------------------------------------------
-----Original Message-----
From: DAve [mailto:[EMAIL PROTECTED]
Sent: Friday, February 10, 2006 12:39 PM
To: users@spamassassin.apache.org
Subject: Re: General assistance
Ed Russell wrote:
[EMAIL PROTECTED] smtpd]# spamassassin --version
SpamAssassin version 3.1.0
running on Perl version 5.8.7
Spamd running with:
OPTIONS="-L -x -d -u nobody -m 45"
No user verification or RBL at the MTA level.
Absolutely do user verification. I can throw out from 20% to 80% of my
traffic depending on the current level of dictionary and Joe-Job
attacks. Since you are processing ahead of your clients Exchange boxes
I'm not sure how you can do that with qmail. I do it on my gateways
running MailScanner via milter-ahead, and on my toasters via checkuser
in vpopmail.
There might be a way to get qmail to check with an Exchange box to
validate a user without running vpopmail, but I won't know it.
DAve
12:20pm up 4:05, 1 user, load average: 9.49, 9.23, 9.23
313 processes: 300 sleeping, 12 running, 1 zombie, 0 stopped
CPU states: 18.9% user, 16.6% system, 0.0% nice, 64.4% idle
Mem: 2009856K av, 711560K used, 1298296K free, 353776K shrd, 129268K
buff
Swap: 2097136K av, 0K used, 2097136K free 225380K
cached
As you can see I have loads of head room as far as memory goes. I was
looking into integrating RBL into Qmail, but with the very high volume I
am
quite concerned that this will introduce a slowdown. If I increase the
inbound concurrent rate I eventually run into qmail-scanner problems with
reformime. Is there anything else I need consider?
Ed
---------------------------------------------------
Talk is cheap since supply always exceeds demand.
---------------------------------------------------
-----Original Message-----
From: Kristopher Austin [mailto:[EMAIL PROTECTED]
Sent: Friday, February 10, 2006 12:06 PM
To: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: RE: General assistance
-----Original Message-----
From: Ed Russell [mailto:[EMAIL PROTECTED]
Sent: Friday, February 10, 2006 10:51 AM
To: users@spamassassin.apache.org
Subject: General assistance
Am I completely off base in the way I have this all setup? I have
went
with
a higher speed HD to increase the threshold on file I/O. Can I tune
the
performance of razor etc while maintaining delivery time? Is there
anything
else I should be considering? If I have not explained things well or
more
information is needed I will certainly provide anything.
A few questions I have:
What SA version are you running? spamassassin --version
What do you have --max-children set to?
How much memory do you have free when the box is fully loaded?
I'm trying to see if you have any headroom left to have more spamd
children running. It sounds like your problem is with waiting on DNS
returns. This should mean that you have plenty of processing power
remaining just not enough children to handle the requests.
Other things to consider:
Do you use RBLs at the MTA level?
Do you have user verification at the MTA level?
Look for messages your MTA can drop before sending to SA.
Kris
