[Mimedefang] SMTP error return after DATA?

Michael Sims michaels at crye-leike.com
Fri May 9 11:45:01 EDT 2003 

Quoting John Rowan Littell <littejo at earlham.edu>:

> I know you said you didn't want to hear about hardware upgrades, but
> here's a thought (if you're not already doing it): run the MIMEDefang
> spool directory on a memory filesystem (TMPFS, or whatever your OS
> calls it).  This could help with the speed of scanning quite a bit.

The only reason that I haven't bothered with that on the main mail exchanger is 
that it doesn't seem that disk I/O is the main source of the problem.  For 
kicks I tried removing the SA check, and when I did this the load problems all 
but disappeared.  But MIMEDefang still has to process the message in the spool 
even without SA, so this lead me to believe that the speed of the spooling 
process wasn't the major factor.

With that said, I have already setup TMPFS on the server that will eventually 
become my dedicated MD/SA machine.  I suppose I could give TMPFS a shot on the 
primary server just to see...

> Are you running only Sendmail on this box, or do you have mail access
> (POP/IMAP) as well?  Do you have a webmail system on it?

Unfortunately I have POP/IMAP and webmail both on this same server.  Our old 
server was a canned Windoze product that combined SMTP, POP, and webmail.  It 
didn't do any content filtering at all, and was very feature limited, so a 
single machine was sufficient.  Now that we've went through the upgrade we're 
experiencing a good bit of growing pains due to all of these services being on 
the same box.

I am going to be moving the webmail interface (Horde/IMP) to a dedicated server 
soon, so that should help.
 
> The other option I can think of is trying to run SpamAssassin checks
> through spamd.  I know it's been discussed here before, but I can't
> recall what the upshot was.

I'm no expert on spamd, but I don't think it's really necessary with MIMEDefang 
since MD already handles the daemonizing/forking/etc.

> You could try, if you're willing to sacrifice some spam detection,
> using a sliding scale for whether you're going to run the message
> through SpamAssassin within MIMEDefang: if load average is above a
> threshold, don't run SA checks.  Or somehow negatively correlate the
> maximum message size you're willing to run through SA with the load
> average.

That's a thought, but it would give spammers as gauranteed method to bypass my 
filters...all they have to do is flood my servers and they've bypassed 
SpamAssassin.

Thanks for all of the suggestions, you've given me some good food for thought 
here...

___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648  Pager: (901)769-3722
___________________________________________

More information about the MIMEDefang mailing list