Current time: 11-27-2024, 08:10 PM Hello There, Guest! (LoginRegister)


Post Reply 
enable spamassassin?
Author Message
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #21
RE: enable spamassassin?
Quote:This is how I would enable spamassassin, along with amavis and clamav. Unlike the amavis configuration with maia or the one that partially comes with ispcp, this method uses amavis as pre-queue filter. That makes it possible to reject spam mails instead of only tagging them...

Warning: pre-queue filtering is a double-sided weapon, allowing you to reject spam... and easing DoS attacks a LOT. It's your choice, but be warned Wink
03-07-2009 03:02 AM
Visit this user's website Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #22
RE: enable spamassassin?
why would you think that? IMHO it's just the oposite in fact:

with pre-queue filter postfix stops accepting mails when the amavis proxies can't handle the load. (It returns a 4xx error). So the mails can be processed by your second mta. With post-queue filter it fills your queue until the spool directory quota is reached (or some restrictions are raised). Mails are delivered FIFO.

When all your mx are under attack you have a problem anyway... and it would rather have no mails accepted as a queue containing tousands of mails...
03-07-2009 03:48 AM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #23
RE: enable spamassassin?
Do not trust my word, trust postfix docs...
03-10-2009 02:25 AM
Visit this user's website Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #24
RE: enable spamassassin?
yeah I read that several times... And I said excatly what is standing there...

But I don't force my opinion on anyone...
03-10-2009 02:39 AM
Visit this user's website Find all posts by this user Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #25
RE: enable spamassassin?
Maybe I'm wrong, but AFAIK by looking to your config it seems that only 5 non-aol clients (or outside servers) can be sending an e-mail at the same time (the 6th one has to wait 'till the others finish). This may cause some problems on servers with a lot of mail accounts...

By the way, I also don't want to enforce my opinion on anyone, I just wanted to raise the point so people don't get bad susprises Smile
03-10-2009 09:06 AM
Visit this user's website Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #26
RE: enable spamassassin?
you are completely right...

My assumption is that on a ispcp server there is no high mail load (5 amavis processes means in the worst scenario (assuming each client needs 300s for completing amavis) your mailsystem would still be able to process approx 1500 Mails per day.)

The system will be able to receive 100 mails parallel but only 5 mails are simultanously processed by amavis. Postfix tries to keep the session open until the amavis process is free or until the smtpd timeout (default: 300s). When you under ddos you may want to configure postfix to use stressdependend configuration values (f.e. smtpd_hard_error_limit = ${stress?2}${stress:20}, smtpd_timeout = ${stress?10}${stress:300}, stress dependend configuration is available above v.2.5 and configured per default above v.2.6). This will make your smtpd process being blocked a for shorter times... But don't do configurations like this when you don't understand the concept!

When assuming each mails needs 10 seconds (on my servers overall avarage is about 1s) on amavis, you would be able to process 30 Mails per Minute. (Remember with appropriate filtering 80% of the mails are filtered out before amavis. Autowhitlisted constellations need a much lower processing time).

This leads to the following conclusion: A default installation configured as stated in this small howto is able to process about 100-150 mails per minute that reaches client mailboxes...

On our dedicated Mailrelays (4gig ram and xeon quadcore) we use about 15 processes (amavis on mem disk). This constellation is able to process over 1 million mails per day (according to our lab test with 5kb mail each).

I recommand every person which want to test this by himself to take a small machine (p4 with 2gig ram should be enough) install postfix configure amavis like I stated above and use smtp-source to stress the system. You will be suprised where the problems start. Mail is not as trivial as the "SIMPLE" in SMTP would let assume. You have to deal with I/O, DNS load (when using blacklists), problems with to small process count (smtpd, amavis, clamd etc...). When you come to imap you will have to keep an eye on your memory usage and on disk i/o. (f.e Pop3 with server stored mails is a i/o killer par excellence) This is why I personally never would handle mails on a webserver...


But as we both agree everyone has to find his own "perfect" solution. This post should just underline that 5 processes is not just a value from my imagination, this is a value based on experience in running different sized mail systems (including high load servers) and a compromise which reach out for most of the users here...
(03-05-2009 10:49 AM)meph137 Wrote:  Hi - is there any way to test if this is working? I have checked my mail headers on a received mail and dont see any spam headers, I though spamassassin always added them. if not, is there a way to check spamassassin is working?

thanks for the helpful setup Smile

well it seems I missed to write something in the config (I hate this debian config splitting.. Arghhh ;-))

amavis/spamassassin tags mails only if they are in local_domains... so we have to tell them our virtual domains are local_domains:

in /etc/amavis/conf.d/50-user

add:
Code:
@local_domains_maps = ( [".$mydomain"], read_hash("/etc/postfix/ispcp/domains") );

if you like to enable site-wide bayes add the following to spamassassins local.cf (if you have multiple relays you might want to store it in sql instead of local file):
Code:
use_bayes 1
use_bayes_rules 1

bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam 1
bayes_auto_learn_threshold_spam 7.5

bayes_path /var/spamassassin/bayes/bayes
bayes_file_mode 0777

remember to train sa with at least 200 spammails to enable bayes...
(This post was last modified: 03-10-2009 10:59 AM by rbtux.)
03-10-2009 09:46 AM
Visit this user's website Find all posts by this user Quote this message in a reply
meph137 Offline
Junior Member
*

Posts: 16
Joined: Feb 2009
Reputation: 0
Post: #27
RE: enable spamassassin?
(03-10-2009 09:46 AM)rbtux Wrote:  well it seems I missed to write something in the config (I hate this debian config splitting.. Arghhh ;-))

amavis/spamassassin tags mails only if they are in local_domains... so we have to tell them our virtual domains are local_domains:

in /etc/amavis/conf.d/50-user

add:
Code:
@local_domains_maps = ( [".$mydomain"], read_hash("/etc/postfix/ispcp/domains") );

Thanks for this, I did see these config options and thought they looked odd but don't quite have the confidence yet in postfix related issues to go fiddling. Thanks for sorting this Smile
03-10-2009 07:06 PM
Find all posts by this user Quote this message in a reply
alecksievici Offline
Junior Member
*
Beta Team

Posts: 112
Joined: May 2008
Reputation: 0
Post: #28
RE: enable spamassassin?
i tried your howto and everything works fine. you should put this in the docu/howto's section as it is very useful Smile. thanx!
03-21-2009 09:36 PM
Visit this user's website Find all posts by this user Quote this message in a reply
womd Offline
Junior Member
*

Posts: 13
Joined: Mar 2009
Reputation: 0
Post: #29
RE: enable spamassassin?
i had the same wish and itegradet it like described here:

http://www.akadia.com/services/postfix_s...assin.html

i had to adjust some pathes ... but generally it worked.
03-25-2009 03:20 AM
Find all posts by this user Quote this message in a reply
rbtux Offline
Moderator
*****
Moderators

Posts: 1,847
Joined: Feb 2007
Reputation: 33
Post: #30
RE: enable spamassassin?
this thread prefers the pre-queue method...

But anything you like...
03-25-2009 04:09 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 4 Guest(s)