[Mimedefang] Semi OT: Best configuration for two servers to handle > 20,000 msgs/day
Shayne Hardesty
lists at sh.birmingham.al.us
Mon May 3 16:30:36 EDT 2004
We currently handle mail for about 1200 users, which generally
results in a volume of 12,000 to 14,000 messages per day (incoming and
outgoing), sometimes peaking to 25,000 in a day. We currently have just
one server, an aging VA Linux 2231 (upgraded to dual PIII 1Ghz's and 2GB
RAM) to handle mail. We currently use the latest sendmail, and
mimedefang in multiplexor mode to scan incoming messages.. Our filter
does some heavy message content checking/filtering, and also calls
uvscan. We do use spamassassin in a limited capacity (only enabled for
about 70 users while we are testing) via procmail. The same server runs
UW-IMAP and IMP (webmail) for mail pickup.
Our current server can no longer keep up with the volume of mail - it
spends most of its time > 1.00 load avg defanging and uvscaning
messages... This is just with SpamAssassin enabled on about 70 of the
accounts - we want to deploy it on all accounts. We have a new Dell PE
1750 to help offset the load from our primary server and I'm going back
and forth on the best way to integrate it. Here are the two options I'm
considering:
1) New server becomes primary MX, has sendmail, mimedefang,
spamassassin, and uvscan. Any incoming email gets scanned by new server
then handed off to current server (via SMTP) for storage.
Pros: Easy configuration/setup/management, somewhat scalable (just
add more primary servers)
Cons: Does not scan user to user (inter-company) email. Does not
scan outbound email, unless current mail server is reconfigured to pass
email to new server, or user clients are reconfigured to use new server
as outgoing smtp server. Does not handle unknown users in SMTP session
unless virtusertable is maintained from SQL database via perl scripts,
or LDAP. Hard to use graphdefang - must collect stats from two
different maillogs.
2) New server becomes primary MX, runs sendmail, mimedefang and
spamassassin. Current server runs imap/pop-3 and exports mail spool via
NFS (or NFS-like protocol) to new server.. New server stores email on
NFS mounted mail spool after scanning/processing.
Pros: all bouncing/unknown user problems handled in SMTP session.
Scalable - just drop new servers in a primary MX's.
sendmail/Spamassassin/mimedefang only run on primary server(s), not on
mail store server.
Cons: setup/management is difficult. Must overcome NFS
security/locking issues. Is 100baseT too slow for NFS access to mail
spool? Does new server have to have user accounts in /etc/passwd to
bounce unknown users? Users' outbound smtp server must be changed to
new server name, or old server must run minimal sendmail configured to
pass mail to new server.
I think we are leaning towards scenario two, but I've heard horror
stories about NFS. Is the setup recommended, or is it as troublesome as
I've always heard? Both servers will be RH Linux 9, and I am
comfortable compiling kernels and daemons from scratch, so if a custom
NFS (v3 maybe) install would get around problems with older NFS's, I can
do that.
Thanks in advance for any advice. If anyone is interested I'd be
glad to write up a whitepaper on these options and documentation on
which scenario we choose once we have it implemented. Advice on any
other scenario's would be appreciated, just keep in mind my primary
goals are: a) not to have to reconfigure 1200 clients and b) to handle
bounces/failures in the SMTP session so I don't have to deal with
double-bounces flying all over the place.
Shayne
More information about the MIMEDefang
mailing list