From owner-freebsd-isp@FreeBSD.ORG Sun Nov 18 11:41:14 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A26D916A419 for ; Sun, 18 Nov 2007 11:41:14 +0000 (UTC) (envelope-from digonto.dhk@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.242]) by mx1.freebsd.org (Postfix) with ESMTP id 3DBF113C4E7 for ; Sun, 18 Nov 2007 11:41:13 +0000 (UTC) (envelope-from digonto.dhk@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so291009anc for ; Sun, 18 Nov 2007 03:41:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=tvSNuIvWswETFTJYz1VrQSWhRMd9S1IVfikDk5QoA/s=; b=Sa/NC2pojj6aiDnRMaF3gZ480DNj25Hh1Kmfeb0YBP05JxyoCBYtjj1xQJ242rJYtmwFpRxoa7Gw9xBoKo6LL0/8KEIjtRW/48GT6Fr0cWpf0ejl3jGEKC3E+0puPtmmaSlWG9r6qpwnJ9sXn0Y9O2Ml8txlaPmiVbRFR+/1+/I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=EwC0FI0szj+3AN51FkwICPux53Gtw2qktvgwgC+XYgnDcIqkzzrRDS2+dNOSkzRYpbLnroije3UIKWrEPwPeRsOBdg1dRSVuieik5jYxDxew90wiBTiHnOaA5vl8XLeq3M1MdxlOv5YfgQBXasWGqZ5gCxNdlUWihM6psNOHwQ8= Received: by 10.150.199.21 with SMTP id w21mr469922ybf.1195384320657; Sun, 18 Nov 2007 03:12:00 -0800 (PST) Received: by 10.150.181.10 with HTTP; Sun, 18 Nov 2007 03:12:00 -0800 (PST) Message-ID: <93298b460711180312h15997532sf7805bfabef6a701@mail.gmail.com> Date: Sun, 18 Nov 2007 17:12:00 +0600 From: "digonto digonto" To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: can't remove squid from the system. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2007 11:41:14 -0000 Hi! I installed Squid version 3.0.PRE6. The system return me the message that there is no squid installed when i try to uninstall squid. But actually squid is running in my system and usable. Any idea how to remove squid in this situation? Regards, Digo From owner-freebsd-isp@FreeBSD.ORG Sun Nov 18 12:15:25 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 869EB16A417 for ; Sun, 18 Nov 2007 12:15:25 +0000 (UTC) (envelope-from eculp@encontacto.net) Received: from ns2.bafirst.com (72-12-2-19.wan.networktel.net [72.12.2.19]) by mx1.freebsd.org (Postfix) with ESMTP id 296DD13C481 for ; Sun, 18 Nov 2007 12:15:25 +0000 (UTC) (envelope-from eculp@encontacto.net) Received: from HOME.encontacto.net ([189.129.13.230]) by ns2.bafirst.com with esmtp; Sun, 18 Nov 2007 06:04:30 -0600 id 000D4C51.47402A4F.00014EEC Received: from localhost (localhost [127.0.0.1]) (uid 80) by HOME.encontacto.net with local; Sun, 18 Nov 2007 06:04:19 -0600 id 0004AC0C.47402A43.000033E6 Received: from dsl-189-129-13-230.prod-infinitum.com.mx (dsl-189-129-13-230.prod-infinitum.com.mx [189.129.13.230]) by intranet.encontacto.net (Horde Framework) with HTTP; Sun, 18 Nov 2007 06:04:19 -0600 Message-ID: <20071118060419.1475146m31ztcqio@intranet.encontacto.net> Date: Sun, 18 Nov 2007 06:04:19 -0600 From: eculp To: freebsd-isp@freebsd.org References: <93298b460711180312h15997532sf7805bfabef6a701@mail.gmail.com> In-Reply-To: <93298b460711180312h15997532sf7805bfabef6a701@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.2-cvs) Subject: Re: can't remove squid from the system. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2007 12:15:25 -0000 Quoting digonto digonto : > Hi! > > I installed Squid version 3.0.PRE6. The system return me the message that > there is no squid installed when i try to uninstall squid. But actually > squid is running in my system and usable. If you installed it from ports www/squid30 just go back there and do =20 make deinstall may be the simplest way. You might want to check =20 because if you installed in in ports you should see something like: # ls -ld /var/db/pkg/squid* drwxr-xr-x 2 root wheel 512 Nov 14 09:59 /var/db/pkg/squid-3.0.r1.2007100= 1 in var/db/pkg/ at least I do ;) Good luck, ed > > Any idea how to remove squid in this situation? > > Regards, > > Digo > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > "If anything characterizes the 21st century, it's our inability to restrain ourselves for the benefit of other people," James Katz/Rutgers University From owner-freebsd-isp@FreeBSD.ORG Wed Nov 21 14:43:22 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D5B7616A4EC for ; Wed, 21 Nov 2007 14:43:22 +0000 (UTC) (envelope-from ljupco.vangelski@gmail.com) Received: from neomail.neotel.com.mk (mail.neotel.com.mk [80.77.144.15]) by mx1.freebsd.org (Postfix) with ESMTP id EEAE313C481 for ; Wed, 21 Nov 2007 14:43:21 +0000 (UTC) (envelope-from ljupco.vangelski@gmail.com) Received: from [80.77.144.1] (account ljupco.vangelski@neotel.com.mk HELO [192.168.1.4]) by neomail.neotel.com.mk (CommuniGate Pro SMTP 5.0.6) with ESMTPSA id 1808871 for freebsd-isp@freebsd.org; Wed, 21 Nov 2007 14:43:18 +0100 Message-ID: <474435EE.4010704@gmail.com> Date: Wed, 21 Nov 2007 14:43:10 +0100 From: Ljupco Vangelski User-Agent: Thunderbird 1.5.0.14pre (X11/20071023) MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Problems with FreeBSD PPPOE server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2007 14:43:22 -0000 Hi, first I want to apologize for the size of this mail, but I want to explain the situtation better. I'm using a FreeBSD PPPoE server and freeRadius RADIUS server for providing dsl services to clients. My configuratino is as follows: - FreeBSD 6.0 - user PPP for PPPoE server - freeRadius 1.1.6 for RADIUS server I have multiple vlan's on one network interface, and I have different PPPoE severs listening on each one: /usr/libexec/pppoed -d -P /var/run/pppoed-1.pid -a PPPoE-Service-1 -l ppppe-1 vlan1 /usr/libexec/pppoed -d -P /var/run/pppoed-2.pid -a PPPoE-Service-3 -l ppppe-2 vlan2 /usr/libexec/pppoed -d -P /var/run/pppoed-3.pid -a PPPoE-Service-3 -l ppppe-3 vlan3 My ppp.conf looks like this: pppoe-1: set log Chat Command Phase Alert Error TUN enable pap allow mode direct disable ipv6cp set mru 1492 set mtu 1492 set timeout 0 enable lqr echo set lqrperiod 30 set ifaddr 10.0.1.1 10.0.1.2-10.0.1.255 set radius /etc/ppp/radius.conf set rad_alive 60 set dns {ip-ns1} {ip-ns2} accept dns pppoe-2: set log Chat Command Phase Alert Error TUN enable pap allow mode direct disable ipv6cp set mru 1492 set mtu 1492 set timeout 0 enable lqr echo set lqrperiod 30 set ifaddr 10.0.2.1 10.0.2.2-10.0.2.255 set radius /etc/ppp/radius.conf set rad_alive 60 set dns {ip-ns1} {ip-ns2} accept dns pppoe-3: set log Chat Command Phase Alert Error TUN enable pap allow mode direct disable ipv6cp set mru 1492 set mtu 1492 set timeout 0 enable lqr echo set lqrperiod 30 set ifaddr 10.0.3.1 10.0.3.2-10.0.3.255 set radius /etc/ppp/radius.conf set rad_alive 60 set dns {ip-ns1} {ip-ns2} accept dns I have few problems which I cannot solve: * 1) First is a problem with a Linksys SPA3102 Voice Gateway with Router**** which is making an PPPoE connection to my server and responds with lqr packets with unexpected length. I've tried with the newest firmware from Linksys, but the same happens. After 5 LQR Echo packets are lost, the PPP session is terminated and the Linksys must reestablish it. This has something to do with the Linksys, but is there any workaround, can I tell the PPPoE server to accept LQR packets with length 6? In man ppp I only see parametars about lcq frequency. set openmode passive doesn't help as well. Here is the log from my server: pppoed ppp[22886]: tun99: LCP: deflink: SendEchoRequest(2) state = Opened pppoed ppp[22886]: tun99: LCP: deflink: RecvEchoReply(2) state = Opened pppoed ppp[22886]: tun99: Warning: lqr_RecvEcho: Got packet size 6, expecting 12 ! * 2) Sometimes when a client gets disconnected, the ppp process stays alive, keeping the tun interface up and the public IP address active. So, the freeRadius assigns that IP address to another client, and scince the stalled connection is active, the gateway for that IP address is the first tun interface and not the on on which the latter client which gets connected. And the latter client doesn't have any service, because previous ppp connection stays up instead of terminating when the client is disconnected (even though the client is disconnected at the RADIUS server, the ppp.linkdown script is executed). Here is a log from the ppp.log file concerning this connection. == Establishing connection == Nov 17 08:46:50 pppoed ppp[95701]: Phase: Using interface: tun56 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: enable pap Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: disable ipv6cp Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: set mru 1492 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: set mtu 1492 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: set timeout 0 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: enable lqr echo Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: set lqrperiod 30 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: set ifaddr 10.0.2.1 10.0.2.2-10.0.2.255 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: set radius /etc/ppp/radius.conf Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: set rad_alive 60 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: set dns 80.77.144.10 80.77.144.11 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: pppoe-2: accept dns Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: PPP Started (direct mode). Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: bundle: Establish Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: deflink: closed -> opening Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: deflink: Link is a netgraph node Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: deflink: Connected! Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: deflink: opening -> carrier Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: deflink: carrier -> lcp Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: bundle: Authenticate Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: deflink: his = none, mine = PAP Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: Pap Input: REQUEST (almqwr14h) Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: Radius: Request sent Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: Radius(auth): ACCEPT received Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: Session-Timeout 43200 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: IP 88.85.109.31 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: Netmask 255.255.255.255 Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: Pap Output: SUCCESS Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: deflink: lcp -> open Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: bundle: Network Nov 17 08:46:50 pppoed ppp[95701]: tun56: Phase: Radius(acct): START data sent Nov 17 08:46:50 pppoed ppp[95701]: tun56: Command: breezeaccess-vodno: bg /etc/ppp/addClient.sh USER connect HISADDR INTERFACE PPPoE-Service-2 PROCESSID Nov 17 08:46:50 pppoed ppp[95701]: tun56: Warning: ff02:45::/32: Change route failed: errno: Network is unreachable == Terminating connection == Nov 17 08:50:50 pppoed ppp[95701]: tun56: Phase: deflink: open -> lcp Nov 17 08:50:50 pppoed ppp[95701]: tun56: Warning: ff02:45::/32: Change route failed: errno: Network is unreachable Nov 17 08:50:50 pppoed ppp[95701]: tun56: Phase: Radius(acct): STOP data sent Nov 17 08:50:50 pppoed ppp[95701]: tun56: Command: pppoe-2: bg /etc/ppp/removeClient.sh USER connect HISADDR INTERFACE PPPoE-Service-2 PROCESSID Nov 17 08:50:51 pppoed ppp[95701]: tun56: Phase: bundle: Terminate But, the process holding the interface tun56 stays up and still holds the IP 88.85.109.31 * 3) I have ppp processes which keep tun interfaces up, but aren't associated with any RADIUS user. For example tun44: flags=8051 mtu 1500 inet 10.0.2.1 --> 10.0.2.63 netmask 0xffffffff Opened by PID 8455 tun45: flags=8051 mtu 1500 inet 10.0.2.1 --> 10.0.2.188 netmask 0xffffffff Opened by PID 51922 Information about the process: [root@pppoed ~]# ps -auwx | grep 8455 root 8455 0.0 0.2 3252 1900 ?? Ss 13Nov07 0:22.31 /usr/sbin/ppp -direct pppoe-2 First the MTU is 1500 (not specified anywhere in my /etc/ppp/ppp.conf) and the addresses are not from the ippool of the freeradius. Why do these connections stay up and don't terminate? Can this cause a DoS attack on my router? For example a client starts establishing may ppp connections. Is there a way to limit the number of pppoe connections (total or per MAC address)? If I set the timeout value, I guess that the connections will terminate after that amount of seconds, but can I add priority to the Session-Timeout attribute of the RADIUS server, because the set timeout is set for all clients. * 4) Though I think that this is purely freeRadius issue, I would appreciate any suggestions, scince I can't solve this annoyng problem. The freeRadius assigns duplicate IP addresses to different clients, even though the requests come from the same NAS and different PORT type. I use freeRadius 1.1.6 with ippool. The feature works great, but once in week or so - this happens. It can be resolved only by terminating both of the processes, restarting the radius and clearing the Here is an extraction from my radiusd.conf concerning pools. ippool soho-1 { range-start = 88.85.109.1 range-stop = 88.85.109.128 netmask = 255.255.255.255 cache-size = 0 session-db = ${raddbdir}/nov-pool-soho-1 ip-index = ${raddbdir}/nov-pool-index-1 override = yes maximum-timeout = 0 } ippool soho-2 { range-start = 88.85.109.129 range-stop = 88.85.109.192 netmask = 255.255.255.255 cache-size = 0 session-db = ${raddbdir}/nov-pool-soho-2 ip-index = ${raddbdir}/nov-pool-index-2 override = yes maximum-timeout = 0 } ippool soho-3 { range-start = 88.85.109.193 range-stop = 88.85.109.255 netmask = 255.255.255.255 cache-size = 0 session-db = ${raddbdir}/pool-soho-3 ip-index = ${raddbdir}/pool-index-3 override = yes maximum-timeout = 0 } I also have them in the accounting and post-auth sections: accounting { ... soho-1 soho-2 soho-3 ... } post-auth { ... soho-1 soho-2 soho-3 ... } Thank You very much for Your time, -- Ljupco From owner-freebsd-isp@FreeBSD.ORG Wed Nov 21 16:16:42 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF0BF16A494 for ; Wed, 21 Nov 2007 16:16:42 +0000 (UTC) (envelope-from test@ns1.gakki.ne.jp) Received: from ns1.gakki.ne.jp (ns1.gakki.ne.jp [211.18.219.66]) by mx1.freebsd.org (Postfix) with ESMTP id 566A313C4DD for ; Wed, 21 Nov 2007 16:16:42 +0000 (UTC) (envelope-from test@ns1.gakki.ne.jp) Received: from ns1.gakki.ne.jp (ns1.gakki.ne.jp [127.0.0.1]) by ns1.gakki.ne.jp (Postfix) with ESMTP id 9493E2863F for ; Thu, 22 Nov 2007 01:08:04 +0900 (JST) Received: (from test@localhost) by ns1.gakki.ne.jp (8.13.4/8.13.4/Submit) id lALG84aO028951; Thu, 22 Nov 2007 01:08:04 +0900 Date: Thu, 22 Nov 2007 01:08:04 +0900 Message-Id: <200711211608.lALG84aO028951@ns1.gakki.ne.jp> To: freebsd-isp@freebsd.org From: TotalMP3Converter.Offerts@ns1.gakki.ne.jp MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: New OFFERT X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2007 16:16:42 -0000 TOTAL MP3 CONVERTER... THIS WEEK FOR FREE!!! The best just got better. Now you can appreciate our new product at its true value! MP3 Converter is a high quality product. Those who ever tried any other tool from Softplicity know that. Program features and advantages in comparison with similar programs: * Source formats are MP3, RA, APL, MPC, MP+, M4A, MP4, TTA, OFR, SPX, WAV, OGG, WMA, FLAC, CDA, AAC, APE, MPP, WV, XM, IT, S3M, MOD, MTM, UMX. This one could help me feel like normal user, not a fool!!! The only drawback is that its a trial version. But i think its definitely worth the money , This Program makes the best TOP QUALITY. Mp3's from wav's better than highly publicized. It just works :) Copyright © 1998-2007 [1]Total MP3 Converter. All rights reserved. [all-to-mp3.png] [2]FREE Download References 1. mailto:support@TotalConverter.com 2. http://h1.ripway.com/totaldownloads/TotalMP3Converter.exe From owner-freebsd-isp@FreeBSD.ORG Thu Nov 22 09:52:35 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E3D2516A477 for ; Thu, 22 Nov 2007 09:52:34 +0000 (UTC) (envelope-from mjsotn@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.177]) by mx1.freebsd.org (Postfix) with ESMTP id B113213C4F0 for ; Thu, 22 Nov 2007 09:52:33 +0000 (UTC) (envelope-from mjsotn@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so3267766waf for ; Thu, 22 Nov 2007 01:52:24 -0800 (PST) Received: by 10.114.168.1 with SMTP id q1mr1992864wae.1195707504221; Wed, 21 Nov 2007 20:58:24 -0800 (PST) Received: from mjspcbook ( [203.13.70.60]) by mx.google.com with ESMTPS id k23sm657190waf.2007.11.21.20.58.21 (version=SSLv3 cipher=RC4-MD5); Wed, 21 Nov 2007 20:58:23 -0800 (PST) Message-ID: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> From: "Mitchell Smith" To: Date: Thu, 22 Nov 2007 14:58:37 +1000 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Spam Filter Efficiency X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2007 09:52:35 -0000 Greetings List, I apologize if this topic has already been raised, however I would like = some feedback on how people are managing spam in high volume email = environments. To give you a little background, our organization currently has three = reasonably powerful boxes (dual XEON with 4GB ram), processing about = 800000 messages a day (total) and are seriously struggling under the load. Our configuration consists of Postfix with a couple of RBL checks, GLD = greylisting (central MySQL db), which falls through to MailScanner which = filters with SpamAssassin / Clamav. >From the mail scanners, the emails are the forwarded (via an LDAP = lookup) to a specific Cyrus mail store. We have turned off DCC checks in SpamAssassin which has improved = performance quite a bit, however we are still doing Razor checks. We have investigated a couple of commercial solutions which clamed to be = able to handle more than our quantity of mail on one box, however the = spectacular pricetags associated with such solutions suggest we won't be moving = forward with these any time soon. We are also looking at other open source solutions such as amavis / = dspam to see if we can try and improve the throughput on our current = hardware. What I would like some feedback on is if anyone has already gone down = this path and found one solution that performs better than another, or = if anyone is using a similar setup to ours and has found better ways to optimise it. I would very much appreciate some feedback either on or off list please, = as to how other people might be tackling this same problem. Cheers From owner-freebsd-isp@FreeBSD.ORG Thu Nov 22 15:03:13 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 61A3716A41A for ; Thu, 22 Nov 2007 15:03:13 +0000 (UTC) (envelope-from chris@arnold.se) Received: from mailstore.infotropic.com (mailstore.infotropic.com [213.136.34.3]) by mx1.freebsd.org (Postfix) with ESMTP id 9421413C45B for ; Thu, 22 Nov 2007 15:03:12 +0000 (UTC) (envelope-from chris@arnold.se) Received: (qmail 24664 invoked by uid 89); 22 Nov 2007 14:36:25 -0000 Received: by simscan 1.2.0 ppid: 24659, pid: 24661, t: 0.1103s scanners: attach: 1.2.0 clamav: 0.90/m:42 Received: from unknown (HELO ?192.168.123.123?) (chris@arnold.se@82.182.86.134) by mailstore.infotropic.com with ESMTPA; 22 Nov 2007 14:36:24 -0000 Date: Thu, 22 Nov 2007 15:36:24 +0100 (CET) From: Christopher Arnold X-X-Sender: chris@chrishome.localnet To: Mitchell Smith In-Reply-To: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> Message-ID: <20071122153345.U22408@chrishome.localnet> References: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> X-message-flag: =?ISO-8859-1?Q?Outlook_isn=B4t_compliant_with_current_standards?= =?ISO-8859-1?Q?_please_install_another_mail_client!?= MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-isp@freebsd.org Subject: Re: Spam Filter Efficiency X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2007 15:03:13 -0000 On Thu, 22 Nov 2007, Mitchell Smith wrote: > To give you a little background, our organization currently has three > reasonably powerful boxes (dual XEON with 4GB ram), processing about > 800000 messages a day (total) and are seriously struggling under the > load. > What FreeBSD version are you running? And what kind of disk do you have? Also is the problem CPU or IO? /Chris From owner-freebsd-isp@FreeBSD.ORG Thu Nov 22 20:22:09 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C27BE16A477 for ; Thu, 22 Nov 2007 20:22:09 +0000 (UTC) (envelope-from jrhett@svcolo.com) Received: from kininvie.sv.svcolo.com (kininvie.sv.svcolo.com [64.13.135.12]) by mx1.freebsd.org (Postfix) with ESMTP id CBABD13C4DD for ; Thu, 22 Nov 2007 20:22:09 +0000 (UTC) (envelope-from jrhett@svcolo.com) Received: from [192.168.1.5] (mmds-216-19-35-214.twm.az.commspeed.net [216.19.35.214]) (authenticated bits=0) by kininvie.sv.svcolo.com (8.14.1/8.14.1) with ESMTP id lAMJtTnJ002380; Thu, 22 Nov 2007 11:55:29 -0800 (PST) (envelope-from jrhett@svcolo.com) In-Reply-To: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> References: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> Mime-Version: 1.0 (Apple Message framework v752.2) X-Priority: 3 Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <877FBC7C-FFA0-4089-B6A9-385E10477AB9@svcolo.com> Content-Transfer-Encoding: 7bit From: Jo Rhett Date: Thu, 22 Nov 2007 12:55:21 -0700 To: Mitchell Smith X-Mailer: Apple Mail (2.752.2) X-Spam-Score: undef - jrhett@svcolo.com is whitelisted. X-CanItPRO-Stream: default X-Canit-Stats-ID: 190848 - 867b8094df85 X-Scanned-By: CanIt (www . roaringpenguin . com) on 64.13.135.12 Cc: freebsd-isp@freebsd.org Subject: Re: Spam Filter Efficiency X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Nov 2007 20:22:09 -0000 On Nov 21, 2007, at 9:58 PM, Mitchell Smith wrote: > We are also looking at other open source solutions such as amavis Amavisd can be very high performance if you run it and clamav/ whatever virus checker using temporary storage on a ramdisk. We're quite happy with it. If you need more per-user/stream options then check out CanIt. If you run it on your own hardware the pricing model is pretty easy on the wallet. -- Jo Rhett senior geek Silicon Valley Colocation Support Phone: 408-400-0550 From owner-freebsd-isp@FreeBSD.ORG Fri Nov 23 03:11:48 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 68B1516A420 for ; Fri, 23 Nov 2007 03:11:48 +0000 (UTC) (envelope-from qingran.xia@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.191]) by mx1.freebsd.org (Postfix) with ESMTP id 0EF5B13C457 for ; Fri, 23 Nov 2007 03:11:47 +0000 (UTC) (envelope-from qingran.xia@gmail.com) Received: by mu-out-0910.google.com with SMTP id i10so3636053mue for ; Thu, 22 Nov 2007 19:11:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=3QvEYtoxYrFaRb72XawuJyIyuV7WH+QKyGDfMOwm0bE=; b=IKTubVvM9crhiniZzjA5kjCgx9zygCiPkrwYRgR2LOhEqCOKtDEZuSaTbF8huCEjN8AuHe5S7z9u2iZ57kjItATlBILCh9T/6XUt6rfNqsbiphKzgjepsTz6dwD0dI4mtNO0a6E6vnXmnogwJGM8TW3xNhOnRmiKuf+SigCR/fU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=bXTfz675n4E2gh64EPlGOjq7k/KSjLv48ZYGOOeYTJeDEwsRbF73RUSxxmJrcMqez6DLCgOJg4e1zOMoL+zEptXUMRDXgsH2RUROtA2FVDnTIdk/lnkTP+gtMYaB4IT51JENeI3SdKbyKlwYoD7eb3Gykou5otR3MdGj6hQfaEA= Received: by 10.82.173.19 with SMTP id v19mr3392573bue.1195786042453; Thu, 22 Nov 2007 18:47:22 -0800 (PST) Received: by 10.82.160.12 with HTTP; Thu, 22 Nov 2007 18:47:22 -0800 (PST) Message-ID: Date: Fri, 23 Nov 2007 10:47:22 +0800 From: "Qingran Xia" To: "Mitchell Smith" In-Reply-To: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> Cc: freebsd-isp@freebsd.org Subject: Re: Spam Filter Efficiency X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2007 03:11:48 -0000 I strongly recommend you to take use of amavisd-new to run SpamAssassin and Clamav. Because all the things about spam and virus checks are loaded and run in the amavisd-new daemon's process. In my website, a Dual Xeon with 4GB ram box can check more than 500,000 messages per day. And I turn on the RBL, Razor, pyzor and URIBL checks of SpamAssassin. On Nov 22, 2007 12:58 PM, Mitchell Smith wrote: > Greetings List, > > I apologize if this topic has already been raised, however I would like some feedback on how people are managing spam in high volume email environments. > > To give you a little background, our organization currently has three reasonably powerful boxes (dual XEON with 4GB ram), processing about 800000 messages > a day (total) and are seriously struggling under the load. > > Our configuration consists of Postfix with a couple of RBL checks, GLD greylisting (central MySQL db), which falls through to MailScanner which filters > with SpamAssassin / Clamav. > > >From the mail scanners, the emails are the forwarded (via an LDAP lookup) to a specific Cyrus mail store. > > We have turned off DCC checks in SpamAssassin which has improved performance quite a bit, however we are still doing Razor checks. > > We have investigated a couple of commercial solutions which clamed to be able to handle more than our quantity of mail on one box, however the spectacular > pricetags associated with such solutions suggest we won't be moving forward with these any time soon. > > We are also looking at other open source solutions such as amavis / dspam to see if we can try and improve the throughput on our current hardware. > > What I would like some feedback on is if anyone has already gone down this path and found one solution that performs better than another, or if anyone is > using a similar setup to ours and has found better ways to optimise it. > > I would very much appreciate some feedback either on or off list please, as to how other people might be tackling this same problem. > > Cheers > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Fri Nov 23 04:26:05 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2277216A418 for ; Fri, 23 Nov 2007 04:26:05 +0000 (UTC) (envelope-from mlevans@blacksburg.net) Received: from smtp.blacksburg.net (vulcan.blacksburg.net [72.236.213.35]) by mx1.freebsd.org (Postfix) with ESMTP id ADDBB13C457 for ; Fri, 23 Nov 2007 04:26:04 +0000 (UTC) (envelope-from mlevans@blacksburg.net) X-Envelope-From: mlevans@blacksburg.net Received: from p0ts1.blacksburg.net (pluto.blacksburg.net [72.236.213.5]) by smtp.blacksburg.net (8.13.1/8.13.1) with ESMTP id lAN3s4df092585; Thu, 22 Nov 2007 22:54:04 -0500 (EST) (envelope-from mlevans@blacksburg.net) Message-Id: <6.2.5.6.0.20071122220012.0573e490@blacksburg.net> X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6 Date: Thu, 22 Nov 2007 22:53:57 -0500 To: "Mitchell Smith" , freebsd-isp@freebsd.org From: Lyle Evans In-Reply-To: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> References: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0b1 (smtp.blacksburg.net [72.236.213.35]); Thu, 22 Nov 2007 22:54:04 -0500 (EST) X-Virus-Scanned: ClamAV 0.91/4872/Wed Nov 21 03:36:49 2007 on vulcan.blacksburg.net X-Virus-Status: Clean Cc: Subject: Re: Spam Filter Efficiency X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2007 04:26:05 -0000 At 11:58 PM 11/21/2007, you wrote: >Greetings List, > >I apologize if this topic has already been raised, however I would >like some feedback on how people are managing spam in high volume >email environments. > >To give you a little background, our organization currently has >three reasonably powerful boxes (dual XEON with 4GB ram), processing >about 800000 messages >a day (total) and are seriously struggling under the load. > >Our configuration consists of Postfix with a couple of RBL checks, >GLD greylisting (central MySQL db), which falls through to >MailScanner which filters >with SpamAssassin / Clamav. > > >From the mail scanners, the emails are the forwarded (via an LDAP > lookup) to a specific Cyrus mail store. > >We have turned off DCC checks in SpamAssassin which has improved >performance quite a bit, however we are still doing Razor checks. > >We have investigated a couple of commercial solutions which clamed >to be able to handle more than our quantity of mail on one box, >however the spectacular >pricetags associated with such solutions suggest we won't be moving >forward with these any time soon. > >We are also looking at other open source solutions such as amavis / >dspam to see if we can try and improve the throughput on our current hardware. > >What I would like some feedback on is if anyone has already gone >down this path and found one solution that performs better than >another, or if anyone is >using a similar setup to ours and has found better ways to optimise it. > >I would very much appreciate some feedback either on or off list >please, as to how other people might be tackling this same problem. You are perhaps not on the best list for asking this question, not that its off topic here just you might get a lot more useful responses the Spamassassin and/or Mailscanner lists. You need to give a lot more information in order for people to help you. To start with the software versions you are using. For example there have been a number of performance improvements in Spamassassin 3.2.x that may make a great deal of difference. (short circuiting of definite ham and spam, and sa-compile that allows rules to be compiled). How many Mailscanner processes are running at single time? Is your machine thrashing i. e. hitting the swap? (If you are swapping try lowering Mailscanner's Maxchildren until it stops swapping. You probably want it just below the swapping point. ) Do you have a local caching DNS server on each Mailscanner box? If you are bottle necked on CPU and not swapping then you need to take a careful look at your SA rule sets and make sure you don't have excessively large ones, try sa-compile in 3.2.x and short circuiting etc. Also try to determine what is using CPU. (Make sure your are up to date with sa-update.) If you are bottle necked on I/O on a disk then ... etc. In other words you probably need to give considerable performance statistics etc. before people can you give useful suggestions. Its quite possible that significant performance enhancements can be made in mailscanner and/or Spamassassin with careful tuning. Regards, Lyle Evans Blacksburg.Net From owner-freebsd-isp@FreeBSD.ORG Fri Nov 23 22:17:29 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF43216A41A for ; Fri, 23 Nov 2007 22:17:29 +0000 (UTC) (envelope-from max@neuropunks.org) Received: from finn.neuropunks.org (finn.neuropunks.org [69.31.43.10]) by mx1.freebsd.org (Postfix) with ESMTP id 95A0213C45D for ; Fri, 23 Nov 2007 22:17:29 +0000 (UTC) (envelope-from max@neuropunks.org) Received: from localhost (unknown [127.0.0.1]) by finn.neuropunks.org (Postfix) with ESMTP id F3A1728495 for ; Fri, 23 Nov 2007 16:48:14 -0500 (EST) X-Virus-Scanned: amavisd-new at neuropunks.org Received: from finn.neuropunks.org ([127.0.0.1]) by localhost (finn.neuropunks.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f1bmhlZEP+N1 for ; Fri, 23 Nov 2007 16:48:12 -0500 (EST) Received: from [10.0.1.102] (johnnyfive [207.38.192.19]) by finn.neuropunks.org (Postfix) with ESMTP id A949A28489 for ; Fri, 23 Nov 2007 16:48:12 -0500 (EST) Message-ID: <47474A9B.7050902@neuropunks.org> Date: Fri, 23 Nov 2007 16:48:11 -0500 From: Max Gribov User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> <877FBC7C-FFA0-4089-B6A9-385E10477AB9@svcolo.com> In-Reply-To: <877FBC7C-FFA0-4089-B6A9-385E10477AB9@svcolo.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: Spam Filter Efficiency X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2007 22:17:29 -0000 Jo Rhett wrote: > On Nov 21, 2007, at 9:58 PM, Mitchell Smith wrote: >> We are also looking at other open source solutions such as amavis This may cause a flamewar, but we found greylisting to work pretty well to generally reduce amount of spam being processed. We use policyd/mysql with postfix, and there are qmail and sendmail implementations, and others without using a db. Id say after setting up greylisting, spam really did go down by 60% or so. Everything else gets caught by amavis/spamassin/clamav To complete flamewar bait : ), there is also SPF/DomainKeys which do reduce some types of spam, sometimes, before it hits your filters http://www.openspf.org/ http://domainkeys.sourceforge.net/ Also, within spamassassin itself, you can specify various block lists to check, and assign them preference which will influence the ultimate spam decision. ex: cat /usr/local/etc/mail/spamassassin/local.cf # Five Ten block list header __RCVD_IN_FIVETENSRC eval:check_rbl('blackholes', 'blackholes.five-ten-sg.com.') describe __RCVD_IN_FIVETENSRC Received via a relay in Five Ten block list tflags __RCVD_IN_FIVETENSRC net header RCVD_IN_FIVETENSRC eval:check_rbl_sub('blackholes', '127.0.0.2') describe RCVD_IN_FIVETENSRC Received via a relay in Five Ten block list tflags RCVD_IN_FIVETENSRC net #### score RCVD_IN_FIVETENSRC 0.5 if you google for spam block lists, you can find others which publish their blocklist as a dns zone. Another thing you can do is use pf tarpits with spamd on free/openbsd: http://www.benzedrine.cx/relaydb.html This method will also allow you to build your own blacklist over time. > > Amavisd can be very high performance if you run it and clamav/whatever > virus checker using temporary storage on a ramdisk. We're quite happy > with it. > > If you need more per-user/stream options then check out CanIt. If you > run it on your own hardware the pricing model is pretty easy on the > wallet. > From owner-freebsd-isp@FreeBSD.ORG Sat Nov 24 10:18:01 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4844B16A41A for ; Sat, 24 Nov 2007 10:18:01 +0000 (UTC) (envelope-from andpet@telia.com) Received: from pne-smtpout1-sn1.fre.skanova.net (pne-smtpout1-sn1.fre.skanova.net [81.228.11.98]) by mx1.freebsd.org (Postfix) with ESMTP id 16B4413C465 for ; Sat, 24 Nov 2007 10:18:01 +0000 (UTC) (envelope-from andpet@telia.com) Received: from [192.168.1.20] (81.233.14.209) by pne-smtpout1-sn1.fre.skanova.net (7.3.129) (authenticated as u30405151) id 471DFA9D008FF5D7; Sat, 24 Nov 2007 10:08:22 +0100 Message-ID: <4747E99C.3090109@telia.com> Date: Sat, 24 Nov 2007 10:06:36 +0100 From: Andreas Pettersson User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Mitchell Smith References: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> In-Reply-To: <00c401c82cc4$5bcd6a20$580116ac@mjspcbook> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Spam Filter Efficiency X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Nov 2007 10:18:01 -0000 Mitchell Smith wrote: > ... > What I would like some feedback on is if anyone has already gone down this path and found one solution that performs better than another, or if anyone is > using a similar setup to ours and has found better ways to optimise it. > If I'm not mistaken SpamAssassin now has a short-circuit feature, enabling you to specify rules that should stop further rule checking immediately and flag it as spam. Could be useful if you see some certain patterns that you know for sure is spam. -- Andreas