From owner-freebsd-stable@FreeBSD.ORG Wed Jun 23 21:32:04 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EABA916A4CE for ; Wed, 23 Jun 2004 21:32:04 +0000 (GMT) Received: from jk.homeunix.net (dhcp-19-33.dsl.CSUChico.EDU [132.241.19.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69A2143D46 for ; Wed, 23 Jun 2004 21:32:04 +0000 (GMT) (envelope-from jk@jk.homeunix.net) Received: from jk.homeunix.net (localhost [127.0.0.1]) by jk.homeunix.net (8.12.11/8.12.11) with ESMTP id i5NLV7LN080508 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 23 Jun 2004 14:31:07 -0700 (PDT) Received: (from warlock@localhost) by jk.homeunix.net (8.12.11/8.12.11/Submit) id i5NLV70l080507; Wed, 23 Jun 2004 14:31:07 -0700 (PDT) Date: Wed, 23 Jun 2004 14:31:07 -0700 From: John Kennedy To: "Karl M. Joch" Message-ID: <20040623213107.GA79315@memnoch.jk.homeunix.net> References: <40D9A58E.2040703@ctseuro.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <40D9A58E.2040703@ctseuro.com> User-Agent: Mutt/1.4.2.1i X-jk-MailScanner: No infection found X-jk-MailScanner-SpamCheck: not spam, SpamAssassin (score=-4.9, required 6, autolearn=not spam, BAYES_00 -4.90) X-jk-MailScanner-From: warlock@jk.homeunix.net cc: freebsd-stable@freebsd.org Subject: Re: 5.2.1 with 40000 virus scanned mails / day on Dell hardware?(Hardware suggestions) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jun 2004 21:32:05 -0000 On Wed, Jun 23, 2004 at 05:45:18PM +0200, Karl M. Joch wrote: > I need to setup 3 servers on different locations as mail gateway with > about 40k mail per day each. the servers runs MailScanner, Clamav and > Spamassassin. The customer has Dell hardware and only buys Dell hardware. I've got a couple of 2650s (2x2.4GHz and 2x3GHz Xeons) doing that fairly well. It is front-ending ~30K email accounts. > Has anybody experience with Dell servers which runs under FreeBSD. I > think about systems with Dual Xeon 3.0, 4 GB Ram and fast SCSI Hot Plug > Raid 5 which should be strong enough to handle that amount of mails > forwarding them to a Notes server. We're running 5.2.1 (-p8 now), mostly for the bge0 support (at the time, 4.9+ wasn't recognizing the built-in Broadcom BCM5703 Gigabit Ethernet). We're also running with HT, and since it passed the initial stress testing we decided to go with it. We end up with ~100K emails per day, and we manage to keep up. When the spammers are normal, things are Ok, but every now and then one decides to totally bomb us and we'll end up with queues 40K-75K deep that'll take half a day to clear. 95% of the time that is totally fine, but 5% of the time (not real statistics) we get tied to the anvil and tossed into the deep end of the pool and we wanted the extra pony-power. We've spent a long time and have a lot of students over the years one the one machine so we get hit with a lot of email for people that aren't here anymore, which can act to increase the user-count if you're not careful. Typical CPU utilization is generally low, so we don't end up CPU bound unless we get bombed (and then the load gets up into the 6-7 range). I don't think that disk I/O ends up being a big factor, but we have 2G of RAM in those to try and keep things in cache and that certainly works pretty good for us. We tend to have ~10K of bogus unreturnable-to-sender spam backlogged and that can cause the queue-runners to pile up, and the mailscanner perl processes with clamav+spamassassin in them are huge. This is not a mail-server, it is only a MX so unless we're backlogged we're probably running out of cache on not really hitting the disk much. My $.02: Anytime you act as a MX relay, be sure you have some way of knowing what are legitimate users or not so you can give the smaller the 5xx permanent failure messages rather then 4xx (or accepting, then trying to bounce email to bogus addresses). You'll save yourself a lot of busywork that way and you're server will scale better.