[Mimedefang] Reject 451 (Please try again later) messages

Justin Shore listuser at numbnuts.net
Sat Jun 21 12:11:01 EDT 2003 

On 20 Jun 2003, Bill Randle wrote:

> Justin,
> 
> My most recent conclusion, based on some other mail log messages I
> was seeing is that the mail server box is just plain underpowered
> and can't keep up with the incoming flood of email (1000-1200/hr).
> I ended up disabling the spam filtering temporarily due to
> customer complaints of being unable to send email. (Uhg!)

This particular machine is quite ballsy for the load it's under.  It only
handles my mailing list mail, personal mail, and spamtrap mail.  The
latter can be quite overwhelming at times.  A little over a week ago I was
on the receiving end of a joe job which accounts for well over 150,000
bounces.  Nice.  Yesterday and the day before one unwary spammer spammed
every single one of my spamtraps twice (I was kind enough to seed my
addresses into his remove database for him :) ).  That's just over a
million pieces of spam. :)  Still the box really isn't loaded.  It only
seems to bog down when I bounce a thousand or two pieces of spam through
my auto-reporting scripts.

> My suspicion is that the system was becoming I/O bound, so we
> installed a fast SCSI-3 disk today just for mail and mail log
> files. (/var/spool/MIMEDefang was already tmpfs'd so should be
> fast.) I'll be reconfiguring things tomorrow and will let you
> know how it goes.

That is a possibility.  I don't think I'd ever recommend IDE for your mail 
filesystem.  It's just not worth the risks.

> A colleague with about 3x the number of customers as us apparently
> has three boxes dedicated to spam filtering. I don't know yet what
> software they're using, but the hardware platform is typically
> dual processor Sun Ultra systems running Solaris.

My first MD/SA installation was on a dual 1.26Ghz PIII RedHat box.  It 
rejects around 35,000 messages a day on average and accepts 25-35,000 
messages for delivery per day (yes, more spam than ham).  It isn't 
performing AV checks and tmpfs isn't used there.  Still it's working ok.  
SA is ancient in comparison though.  That box is still running SA 2.43.

I suspect your box could handle the load if you used SCSI and queuing 
wisely.

Last night I lowered the rbl_timeout to 5.  It didn't help my problem.  
Finally I disabled local checks altogether.  No more problem.  I'm going 
to go back through the DNSBLs I added to SA and see if one of them is 
causing the problem.  Razor or Pyzor might also be the problem.

Justin

More information about the MIMEDefang mailing list