From owner-freebsd-isp Mon Feb 26 14:57:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from corey.datafast.net.au (corey.datafast.net.au [203.123.67.4]) by hub.freebsd.org (Postfix) with SMTP id E892E37B491 for ; Mon, 26 Feb 2001 14:57:51 -0800 (PST) (envelope-from corey.ralph@datafast.net.au) Received: (qmail 21654 invoked by uid 1000); 26 Feb 2001 22:57:50 -0000 From: "Corey Ralph" Date: Tue, 27 Feb 2001 09:57:50 +1100 To: Len Conrad Cc: freebsd-isp@freebsd.org Subject: Re: Dedicated smtp relay box Message-ID: <20010227095750.A51539@corey.datafast.net.au> References: <5.0.0.25.0.20010225114033.027eca50@mail.Go2France.com> <20010220133048.A91585@corey.datafast.net.au> <5.0.0.25.0.20010225114033.027eca50@mail.Go2France.com> <20010226110043.A31259@corey.datafast.net.au> <5.0.0.25.0.20010226080009.03f2ea70@mail.Go2France.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.0.0.25.0.20010226080009.03f2ea70@mail.Go2France.com>; from LConrad@Go2France.com on Mon, Feb 26, 2001 at 11:52:08AM +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Looking over the server, I think I have figured out what is going on. It isn't that it can't handle the load, it is just that there seems to be a bug in the AVP replacement for qmail-queue which is leaving zombie qmail-que (the original qmail-queue) processes. So that is what is consuming the RAM and causing the processes to stay around longer. I have set up a cron job to kill old the old processes until I can resolve it with Kapersky, this has taken the load back down, it is now peaking at about 150 smtp's. I am still contemplating seperating these, so it will scale better as load increases, and also to be able to offer the antivirus as a bill option. Thanks for all your help, I think I will get back to you some time soon about this. Cheers, Corey On Mon, Feb 26, 2001 at 11:52:08AM +0100, Len Conrad wrote: > > >Is that with the antivirus? > > no, just smtp/smptd processes > > >It is also running the remotes, as well as many pop3, imap, apache > >for web mail etc. > > > > > postfix is fast and easy to set up. I can send you my config files > > > and the sysctl params you need to open up FreeBSD to handle 200+ > > > SMPT/D processes. Wietse has also updated the postfix FAQ with my > > > sysctl tuning info. > > > >Again, is that with the antivirus there slowing it down? > > no, strictly an SMTP border/relay-only hub > > >Looking at my hardware on hand, I could put together a box as large as > >1 or 2 p3 800's, and 512MB or 1GB of RAM. How much do you think would > >be necessary? > > For SMTP relay, P500 / 512 megs as SMTP relay-only can handle maybe > 30K - 50K msgs/hour (FreeBSD + postfix + anti-abuse settings). > > For an AV box, it's a whole 'nother ballgame, much more intensive, > can't say what it would take, depends on your volume. > > >Have you ever had any problems with that filtering spam? > > I would say all the IMGate machines are running all three databases > at mail-abuse.org, plus up to several dozen expressions in > header_checks and body_checks (straight RegEx string matching, no > decompression or MIME decoding) on incoming, plus delivering all outgoing. > > >Sounds great, but here's where I am stuck: all our users already point > >their mail clients to mail.datafast.net.au > > but the mail clients do an A record lookup for that, not an MX lookup. > > >(and others), for smtp/pop3/imap. > > To provide for flexibility in the future for splitting various mail > functions off from the initial do-it-all mail machine, I strongly > recommend that mail-related hostnames be defined for every zone, > something like: > > @ mx 10 mx1.domain.com. > mx1 mx 10 mx1.domain.com. > > smtp A ip.ad.re.ss ; mail client sends outbound here, maybe > with SMTP AUTH or POP B4 SMTP > mail A ip.ad.re.ss ; this is wht your client use now, no > need to change it > pop A ip.ad.re.ss ; read pop boxes here > webmail A ip.ad.re.ss ; do http webmail here > mx1 A ip.ad.re.ss ; internet severs send mail here > > As you grow, your users keep their well-known hostnames, but you can > change the ip addresses "underneath" as you add specialized boxes. > > >I can't change that. So I am going to need to do it with port redirection > >on the firewall, or something like that. Changing the MX's is fine, but > >I will need the redirection to force all of our customer's mail through > >the antivirus. > > Well, another way would be like we do: mail hub fowards incoming, > per-domain (AV is payable option per-domain), to AV box which > forwards to mailbox server. mailbox server outgoing forwarded to AV > box that forwards to mail hub for delivery to Internet. downstream > mailservers (on leased lines, dial-ups, ETRN stuff) forward their > outbound to AV box. > > no ip routing involved, only SMTP routing in postfix's relay_domains > and transport tables. > > >I am thinking of setting up one box to do 1 & 2. If the load grows too > >large, I will add more boxes and load balance, as somebody on the list > >suggested to me last week. > > > >So, in summary, I would like to do this, how much hardware should I > >throw at it? It is delivering about 2.5GB a day, running AVP. > > If you're scanning 2.5 gb of mail now with AVP, you have a much > better feel than I do. We have an old P300 with 64 megs doing AVP > scanning with AvpFreeBSDDaemon under Amavis PERL 10 but only 3k msgs, > a few 100 megs/day. > > Len > > > http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K > http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message