-> -> I was very happy using SpamAssassin at my email server (Xeon 2.8GHz, -> 1.5 GB memory, Dual Ultra SCSI HD 73.4GB in RAID 1, Linux 2.4.33) -> -> The last few weeks I have noted (angry users calling me by phone) -> that the server is really slow. The loadav goes from 1.5 to 12.5; -> normally is about 3.00. -> -> There are only 2500 email boxes at the server. The server is running: -> Sendmail, SpamAssassin 3.1.5 (using milter-spamc), ClamAV (using -> clamav-milter), Apache 1.3.x, SquirrelMail, pop3, etc. -> -> I have seeing some king of bursts of incoming emails (spam mostly), -> that it is producing a DoS effect. -> -> The server shows a table of ~1700 processes and about ~800 tcp -> sessions (sendmail and milter-spamc most) during this bursts. This -> seems to prevent other users from connecting to the server in order -> to use pop3 or smtp services. -> -> I have increased the child processes of spamd, but I was -> unsuccessfully to reduce this effect(I have seing in the logs a -> message about the need of increase the spamd childs). Also I tweak -> the sendmail.cf to easy the connection, but the problem persist. -> -> Looks to me that SpamAssassin is taking to long to process the -> incoming emails, and as result, it is slowing down the server, and -> finally causing the DoS. -> -> Can anyone help me with some ideas to solve this? or to see were -> exactly is the problem? Do I need to improve my hardware? -> -> Thanks. -> -> BR, -> Matias.
The first thing to do is relieve some of the load. To do this we need better mail gate keeping. Find and run the proper and right greylisting function for your server. That will swat away some of the bursty sp*mmers. Then the next thing to do is implement a function we call validrcptto which, rejects emails to nonexistent email addresses at the smtp level. Those two things alone will help a lot. If you do not do those two things, start there. Increasing the amount of spamd child processes may not be the correct initial answer... that can eat up the RAM and put you into heavy swap. Ummmmm if you are in a position to, add a bunch more RAM to the server. Then later, when you are ready and if it will accept it, add a second proper mate of a processor and go DUAL. Don't forget to check all your logs, you will get other valuable hints to help deal with issues. Let us know how it turns out. - rh -- Robert - Abba Communications Computer & Internet Services (509) 624-7159 - www.abbacomm.net
