[Mimedefang] Semi OT: Best configuration for two servers to handle > 20,000 msgs/day

Shayne Hardesty lists at sh.birmingham.al.us
Mon May 3 16:30:36 EDT 2004 

   We currently handle mail for about 1200 users, which generally 
results in a volume of 12,000 to 14,000 messages per day (incoming and 
outgoing), sometimes peaking to 25,000 in a day.  We currently have just 
one server, an aging VA Linux 2231 (upgraded to dual PIII 1Ghz's and 2GB 
RAM) to handle mail.  We currently use the latest sendmail, and 
mimedefang in multiplexor mode to scan incoming messages..  Our filter 
does some heavy message content checking/filtering, and also calls 
uvscan.  We do use spamassassin in a limited capacity (only enabled for 
about 70 users while we are testing) via procmail.  The same server runs 
UW-IMAP and IMP (webmail) for mail pickup.

   Our current server can no longer keep up with the volume of mail - it 
spends most of its time > 1.00 load avg defanging and uvscaning 
messages...  This is just with SpamAssassin enabled on about 70 of the 
accounts - we want to deploy it on all accounts.  We have a new Dell PE 
1750 to help offset the load from our primary server and I'm going back 
and forth on the best way to integrate it.  Here are the two options I'm 
considering:

   1) New server becomes primary MX, has sendmail, mimedefang, 
spamassassin, and uvscan.  Any incoming email gets scanned by new server 
then handed off to current server (via SMTP) for storage.
   Pros: Easy configuration/setup/management, somewhat scalable (just 
add more primary servers)
   Cons: Does not scan user to user (inter-company) email.  Does not 
scan outbound email, unless current mail server is reconfigured to pass 
email to new server, or user clients are reconfigured to use new server 
as outgoing smtp server.  Does not handle unknown users in SMTP session 
unless virtusertable is maintained from SQL database via perl scripts, 
or LDAP.  Hard to use graphdefang - must collect stats from two 
different maillogs.

   2) New server becomes primary MX, runs sendmail, mimedefang and 
spamassassin.  Current server runs imap/pop-3 and exports mail spool via 
NFS (or NFS-like protocol) to new server..  New server stores email on 
NFS mounted mail spool after scanning/processing.
   Pros: all bouncing/unknown user problems handled in SMTP session. 
Scalable - just drop new servers in a primary MX's. 
sendmail/Spamassassin/mimedefang only run on primary server(s), not on 
mail store server.
   Cons: setup/management is difficult.  Must overcome NFS 
security/locking issues.  Is 100baseT too slow for NFS access to mail 
spool?  Does new server have to have user accounts in /etc/passwd to 
bounce unknown users?  Users' outbound smtp server must be changed to 
new server name, or old server must run minimal sendmail configured to 
pass mail to new server.


   I think we are leaning towards scenario two, but I've heard horror 
stories about NFS.  Is the setup recommended, or is it as troublesome as 
I've always heard?  Both servers will be RH Linux 9, and I am 
comfortable compiling kernels and daemons from scratch, so if a custom 
NFS (v3 maybe) install would get around problems with older NFS's, I can 
do that.

   Thanks in advance for any advice.  If anyone is interested I'd be 
glad to write up a whitepaper on these options and documentation on 
which scenario we choose once we have it implemented.  Advice on any 
other scenario's would be appreciated, just keep in mind my primary 
goals are: a) not to have to reconfigure 1200 clients and b) to handle 
bounces/failures in the SMTP session so I don't have to deal with 
double-bounces flying all over the place.

Shayne

More information about the MIMEDefang mailing list