From owner-freebsd-isp Mon Feb 26 15:43:38 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailsrv.amplex.net (mailsrv.amplex.net [209.57.124.54]) by hub.freebsd.org (Postfix) with ESMTP id 18BAB37B401 for ; Mon, 26 Feb 2001 15:43:32 -0800 (PST) (envelope-from mark@amplex.net) Received: from marklaptop (dhcp58.amplex.net [209.57.124.58]) (authenticated) by mailsrv.amplex.net (8.11.2/8.11.2) with ESMTP id f1QNhTe60613 for ; Mon, 26 Feb 2001 18:43:29 -0500 (EST) From: "Mark Radabaugh" To: Subject: RE: Dedicated smtp relay box Date: Mon, 26 Feb 2001 18:43:29 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20010227095750.A51539@corey.datafast.net.au> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Since your running Q-Mail this isn't going to help you much but someone else might be interested... I prefer this hack: http://www.decros.cz/~reho/check_virus/ to the avpkeeper supplied by Kapersky for Sendmail. Mark > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Corey Ralph > Sent: Monday, February 26, 2001 5:58 PM > To: Len Conrad > Cc: freebsd-isp@FreeBSD.ORG > Subject: Re: Dedicated smtp relay box > > > Looking over the server, I think I have figured out what is going on. > > It isn't that it can't handle the load, it is just that there seems to > be a bug in the AVP replacement for qmail-queue which is leaving zombie > qmail-que (the original qmail-queue) processes. So that is what is > consuming the RAM and causing the processes to stay around longer. I > have set up a cron job to kill old the old processes until I can resolve > it with Kapersky, this has taken the load back down, it is now peaking > at about 150 smtp's. > > I am still contemplating seperating these, so it will scale better as > load increases, and also to be able to offer the antivirus as a bill > option. > > Thanks for all your help, I think I will get back to you some time soon > about this. > > Cheers, > Corey > > > On Mon, Feb 26, 2001 at 11:52:08AM +0100, Len Conrad wrote: > > > > >Is that with the antivirus? > > > > no, just smtp/smptd processes > > > > >It is also running the remotes, as well as many pop3, imap, apache > > >for web mail etc. > > > > > > > postfix is fast and easy to set up. I can send you my config files > > > > and the sysctl params you need to open up FreeBSD to handle 200+ > > > > SMPT/D processes. Wietse has also updated the postfix FAQ with my > > > > sysctl tuning info. > > > > > >Again, is that with the antivirus there slowing it down? > > > > no, strictly an SMTP border/relay-only hub > > > > >Looking at my hardware on hand, I could put together a box as large as > > >1 or 2 p3 800's, and 512MB or 1GB of RAM. How much do you think would > > >be necessary? > > > > For SMTP relay, P500 / 512 megs as SMTP relay-only can handle maybe > > 30K - 50K msgs/hour (FreeBSD + postfix + anti-abuse settings). > > > > For an AV box, it's a whole 'nother ballgame, much more intensive, > > can't say what it would take, depends on your volume. > > > > >Have you ever had any problems with that filtering spam? > > > > I would say all the IMGate machines are running all three databases > > at mail-abuse.org, plus up to several dozen expressions in > > header_checks and body_checks (straight RegEx string matching, no > > decompression or MIME decoding) on incoming, plus delivering all outgoing. > > > > >Sounds great, but here's where I am stuck: all our users already point > > >their mail clients to mail.datafast.net.au > > > > but the mail clients do an A record lookup for that, not an MX lookup. > > > > >(and others), for smtp/pop3/imap. > > > > To provide for flexibility in the future for splitting various mail > > functions off from the initial do-it-all mail machine, I strongly > > recommend that mail-related hostnames be defined for every zone, > > something like: > > > > @ mx 10 mx1.domain.com. > > mx1 mx 10 mx1.domain.com. > > > > smtp A ip.ad.re.ss ; mail client sends outbound here, maybe > > with SMTP AUTH or POP B4 SMTP > > mail A ip.ad.re.ss ; this is wht your client use now, no > > need to change it > > pop A ip.ad.re.ss ; read pop boxes here > > webmail A ip.ad.re.ss ; do http webmail here > > mx1 A ip.ad.re.ss ; internet severs send mail here > > > > As you grow, your users keep their well-known hostnames, but you can > > change the ip addresses "underneath" as you add specialized boxes. > > > > >I can't change that. So I am going to need to do it with port redirection > > >on the firewall, or something like that. Changing the MX's is fine, but > > >I will need the redirection to force all of our customer's mail through > > >the antivirus. > > > > Well, another way would be like we do: mail hub fowards incoming, > > per-domain (AV is payable option per-domain), to AV box which > > forwards to mailbox server. mailbox server outgoing forwarded to AV > > box that forwards to mail hub for delivery to Internet. downstream > > mailservers (on leased lines, dial-ups, ETRN stuff) forward their > > outbound to AV box. > > > > no ip routing involved, only SMTP routing in postfix's relay_domains > > and transport tables. > > > > >I am thinking of setting up one box to do 1 & 2. If the load grows too > > >large, I will add more boxes and load balance, as somebody on the list > > >suggested to me last week. > > > > > >So, in summary, I would like to do this, how much hardware should I > > >throw at it? It is delivering about 2.5GB a day, running AVP. > > > > If you're scanning 2.5 gb of mail now with AVP, you have a much > > better feel than I do. We have an old P300 with 64 megs doing AVP > > scanning with AvpFreeBSDDaemon under Amavis PERL 10 but only 3k msgs, > > a few 100 megs/day. > > > > Len > > > > > > http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K > > http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message