[Mimedefang] high-load scanning with mimedefang
Mycrom
defang at mycrom.net
Sat Nov 30 14:21:01 EST 2002
>
> > Oh, most of my tests/work have been on a 2-cpu
> > solaris 5.8/sparc machine with perl-5.005 and mimedefang 2.23
>
> MD 2.27-BETA-1 and the forthcoming 2.27-FINAL may be slightly better on
> busy servers, although the difference is small.
>
Currently running 2.27-BETA-1 and seems to fixed the querks under load. When
it comes to high load servers our systems run between 200-500 messages per
minute during peak period of the day. First thing that had to go was the
MIME parsing of messages. My filters and rules all take in and handle the
headers/message as a whole. MIME parsing and mimechanges is cool but to
costly in my case. Second I do virus scan every single message. I use KAV
(AvpDaemon and AvpDaemonClient) for my virus scanning needs. Daemon seems to
be really stable and does a good job. The company also pushes out daily
updates. Need to spend time tweaking the Daemon options to get something
that does't tear apart your system. I catch about 99% of all e-mail based
viruses but do miss some ziped and tared viruses as I don't decompress
everything so the pattern must match the virus in a compressed state. My
standpoint is if one of our customers are stupid to the point where they
will manually open and run an attachment with a virus then they deserve
it.Third ramdisks are your friend. /tmp, /var/spool/MIMEDefang, and
/var/spool/mqueue are all ramdisks that are put up and taken down by the
init scripts (For /var/spool/mqueue also a seperate sync scripts that keeps
a backup of the queue for when it is taken out of memory). As my servers are
nothing more then gateway mail relays my queue is nothing more then a few
megs at a time. I have a seperate farm for handling the "Fallback" mail that
can't be delivered. Forth live in your Sendmail Bat Book and dig online for
8.12.* special config options. You can drop your load on your server in half
with many hours of learning every querk with sendmail. Fifth, make sure your
running a local dnscache on your box. Sixth, Tweak your kernel and FILE_MAX
values. Any busy server will hit the default file_max values (Between
256-1024) in about 2 seconds. All of my work has been done with RedHat as I
run some dual 1G servers and some 6 proc PIII servers. The Solaris boxes
just don't even compare unless you want to drop a hundred thousand. Gave
them a chance when I first build the system. Feed your servers with CPU and
memory. They will eat it for breakfast and love you for it.
-Matthew
More information about the MIMEDefang
mailing list