enable spamassassin? - Printable Version +- ispCP - Board - Support (http://www.isp-control.net/forum) +-- Forum: ispCP Omega Support Area (/forum-30.html) +--- Forum: System Setup & Installation (/forum-32.html) +--- Thread: enable spamassassin? (/thread-5789.html) |
RE: enable spamassassin? - kilburn - 03-07-2009 03:02 AM Quote:This is how I would enable spamassassin, along with amavis and clamav. Unlike the amavis configuration with maia or the one that partially comes with ispcp, this method uses amavis as pre-queue filter. That makes it possible to reject spam mails instead of only tagging them... Warning: pre-queue filtering is a double-sided weapon, allowing you to reject spam... and easing DoS attacks a LOT. It's your choice, but be warned RE: enable spamassassin? - rbtux - 03-07-2009 03:48 AM why would you think that? IMHO it's just the oposite in fact: with pre-queue filter postfix stops accepting mails when the amavis proxies can't handle the load. (It returns a 4xx error). So the mails can be processed by your second mta. With post-queue filter it fills your queue until the spool directory quota is reached (or some restrictions are raised). Mails are delivered FIFO. When all your mx are under attack you have a problem anyway... and it would rather have no mails accepted as a queue containing tousands of mails... RE: enable spamassassin? - kilburn - 03-10-2009 02:25 AM Do not trust my word, trust postfix docs... RE: enable spamassassin? - rbtux - 03-10-2009 02:39 AM yeah I read that several times... And I said excatly what is standing there... But I don't force my opinion on anyone... RE: enable spamassassin? - kilburn - 03-10-2009 09:06 AM Maybe I'm wrong, but AFAIK by looking to your config it seems that only 5 non-aol clients (or outside servers) can be sending an e-mail at the same time (the 6th one has to wait 'till the others finish). This may cause some problems on servers with a lot of mail accounts... By the way, I also don't want to enforce my opinion on anyone, I just wanted to raise the point so people don't get bad susprises RE: enable spamassassin? - rbtux - 03-10-2009 09:46 AM you are completely right... My assumption is that on a ispcp server there is no high mail load (5 amavis processes means in the worst scenario (assuming each client needs 300s for completing amavis) your mailsystem would still be able to process approx 1500 Mails per day.) The system will be able to receive 100 mails parallel but only 5 mails are simultanously processed by amavis. Postfix tries to keep the session open until the amavis process is free or until the smtpd timeout (default: 300s). When you under ddos you may want to configure postfix to use stressdependend configuration values (f.e. smtpd_hard_error_limit = ${stress?2}${stress:20}, smtpd_timeout = ${stress?10}${stress:300}, stress dependend configuration is available above v.2.5 and configured per default above v.2.6). This will make your smtpd process being blocked a for shorter times... But don't do configurations like this when you don't understand the concept! When assuming each mails needs 10 seconds (on my servers overall avarage is about 1s) on amavis, you would be able to process 30 Mails per Minute. (Remember with appropriate filtering 80% of the mails are filtered out before amavis. Autowhitlisted constellations need a much lower processing time). This leads to the following conclusion: A default installation configured as stated in this small howto is able to process about 100-150 mails per minute that reaches client mailboxes... On our dedicated Mailrelays (4gig ram and xeon quadcore) we use about 15 processes (amavis on mem disk). This constellation is able to process over 1 million mails per day (according to our lab test with 5kb mail each). I recommand every person which want to test this by himself to take a small machine (p4 with 2gig ram should be enough) install postfix configure amavis like I stated above and use smtp-source to stress the system. You will be suprised where the problems start. Mail is not as trivial as the "SIMPLE" in SMTP would let assume. You have to deal with I/O, DNS load (when using blacklists), problems with to small process count (smtpd, amavis, clamd etc...). When you come to imap you will have to keep an eye on your memory usage and on disk i/o. (f.e Pop3 with server stored mails is a i/o killer par excellence) This is why I personally never would handle mails on a webserver... But as we both agree everyone has to find his own "perfect" solution. This post should just underline that 5 processes is not just a value from my imagination, this is a value based on experience in running different sized mail systems (including high load servers) and a compromise which reach out for most of the users here... (03-05-2009 10:49 AM)meph137 Wrote: Hi - is there any way to test if this is working? I have checked my mail headers on a received mail and dont see any spam headers, I though spamassassin always added them. if not, is there a way to check spamassassin is working? well it seems I missed to write something in the config (I hate this debian config splitting.. Arghhh ;-)) amavis/spamassassin tags mails only if they are in local_domains... so we have to tell them our virtual domains are local_domains: in /etc/amavis/conf.d/50-user add: Code: @local_domains_maps = ( [".$mydomain"], read_hash("/etc/postfix/ispcp/domains") ); if you like to enable site-wide bayes add the following to spamassassins local.cf (if you have multiple relays you might want to store it in sql instead of local file): Code: use_bayes 1 remember to train sa with at least 200 spammails to enable bayes... RE: enable spamassassin? - meph137 - 03-10-2009 07:06 PM (03-10-2009 09:46 AM)rbtux Wrote: well it seems I missed to write something in the config (I hate this debian config splitting.. Arghhh ;-)) Thanks for this, I did see these config options and thought they looked odd but don't quite have the confidence yet in postfix related issues to go fiddling. Thanks for sorting this RE: enable spamassassin? - alecksievici - 03-21-2009 09:36 PM i tried your howto and everything works fine. you should put this in the docu/howto's section as it is very useful . thanx! RE: enable spamassassin? - womd - 03-25-2009 03:20 AM i had the same wish and itegradet it like described here: http://www.akadia.com/services/postfix_spamassassin.html i had to adjust some pathes ... but generally it worked. RE: enable spamassassin? - rbtux - 03-25-2009 04:09 AM this thread prefers the pre-queue method... But anything you like... |