[Mimedefang] RE: Large attachment timeouts
David F. Skoll
dfs at roaringpenguin.com
Tue Jul 23 11:33:00 EDT 2002
On Tue, 23 Jul 2002 Dale_Whiteaker-Lewis at dell.com wrote:
> David, can you expand on what you mean when you say it's risky? I am
> considering making the same configuration change, due to a high number of
> 451 tempfail messages.
Well, if you're scanning for viruses and for whatever reason the scanner
takes too long, then the un-scanned message will be accepted.
If you're getting lots of tempfails, the things to try in order are:
1) Put the spool directory on a RAMDisk.
2) Get more memory.
3) Get a faster server.
4) Have your external MX records point to a dedicated box which simply
relays messages to the MIMEDefang box or boxes. You'll still see
tempfails, but the original sender won't, and having both boxes under
your control lets you play with settings to smooth out the load. The
downside is that the sending relay info obtained by MIMEDefang will be
useless.
5) Increase the timeouts (both in MIMEDefang and the Sendmail config file)
But beware: The sending relay may have its own timeouts. RFC 2281
recommends a timeout of 10 minutes after the DATA termination. But
RFC 1047 cautions against excessive processing after DATA termination,
so watch out...
6) Modify your filter to omit certain steps for large messages. Maybe it
doesn't make sense to scan large messages with SpamAssassin. Maybe
you should not invoke a virus scanner on JPEG images. You'd have to
come up with your own set of rules which balance efficiency with safety.
Regards,
David.
More information about the MIMEDefang
mailing list