[Mimedefang] SMTP error return after DATA?
John Rowan Littell
littejo at earlham.edu
Fri May 9 09:29:01 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Lo, Michael Sims and the coffee pot sang in unison:
[snip description of spam attack]
> The server is a dual PIII-500 with 1024 MB of RAM, and SCSI drives (no RAID
> though). Unfortunately I can't afford to beef it up any more. CPU
> utilization on both processors goes to 100% during these floods and it
> effectively kills all of the services on the machine since they can't get
> processor time.
I know you said you didn't want to hear about hardware upgrades, but
here's a thought (if you're not already doing it): run the MIMEDefang
spool directory on a memory filesystem (TMPFS, or whatever your OS
calls it). This could help with the speed of scanning quite a bit.
Are you running only Sendmail on this box, or do you have mail access
(POP/IMAP) as well? Do you have a webmail system on it? If it's just
Sendmail and possibly POP/IMAP, you could probably get away with
configuring 256MB of your RAM as TMPFS. At 500 connections with 45K
of data apiece, that still only uses around 25MB of your spool, so you
probably won't run out. And if you've got $100-$200 to spare, you can
probably double your RAM size and get a bigger TMPFS -- and make it
work even if you are running an MTA, POP/IMAP, and a webmail system.
The other option I can think of is trying to run SpamAssassin checks
through spamd. I know it's been discussed here before, but I can't
recall what the upshot was.
You could try, if you're willing to sacrifice some spam detection,
using a sliding scale for whether you're going to run the message
through SpamAssassin within MIMEDefang: if load average is above a
threshold, don't run SA checks. Or somehow negatively correlate the
maximum message size you're willing to run through SA with the load
average.
--rowan
- --
John "Rowan" Littell
Systems Administrator
Earlham College Computing Services
http://www.earlham.edu/~littejo/
2003-05-09 08:14
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: Made with pgp4pine 1.76
iQCVAwUBPrutBJdUNSJ2nf/5AQGc3QP+I5FYDVHAXMVNxjdxX7YOJkNE1KlUYHJq
lgmbSOq/0lxIbLLyL26SgMY9TGT3h9iVqjFbV36XXfsslQ6kMn4v8VRXc+XROk6G
BercghINWqas8MNuXd/kFMdKvLsJdSYAzPqkuNAXiJ2sKb343yh6INL3N804FfLS
w65FZKGu8Jg=
=2pMX
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list