Date: Wed, 7 Dec 2005 15:21:29 -0800 From: "jdow" <jdow@earthlink.net> To: "Vahric MUHTARYAN" <vahric@doruk.net.tr>, <freebsd-questions@freebsd.org> Subject: Re: hardening FreeBSD for Spamassassin Message-ID: <040501c5fb84$f4907590$1225a8c0@kittycat> References: <20051207222314.00AB543D76@mx1.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Vahric MUHTARYAN" <vahric@doruk.net.tr>
> Hi Everybody ,
>
> I think too many people know too many appliance choosing freebsd
> for OS, also they are hardening FreeBSD and specialize for they works .
> Anybody know or Did this like hardening on FreeBSD for getting better
> performans, I'm using FreeBSD closer 2 year I didn't see any problem about
> performans but is there any hint for hardening FreeBSD , I know some tuning
> paramters have but I talking about different thing . You know spam programs
> CPU intersive , I searched on google and I saw many hardening title but
> their point is security not performans .
I think you are referring to tuning rather than hardening. A rough
interpretation of "hardening" with respect to "speed" would mean
making the machine work more. That would make it run slower. {^_-}
If you mean tuning to get more performance out of SpamAssassin I'd
need to get some basics handled first. What version of SpamAssassin
are you running? How are you using it? (Are you using spamc/spamd?
Are you using one of the milters that daemonizes spamassassin itself
without using spamc and spamd?) If you are using spamc and spamd
what are the parameters you use for each and what tool calls spamc?
(I use procmail on that "other 'x OS" at the moment, for example.)
Are you using per user preferences, rules, and Bayes or are you using
system wide via SQL? And so forth. If you are using spamc/spamd then
tuning is direct via the commands to spamd as you daemonize it. For
this the spamassassin user's mailing list is quite helpful. It is
the user's list at spamassassin.apache.org. If you are using some
other tool or milter you might need to deal with that tool's support
groups for the best help.
If you have DNS tests available make sure these tests are not
blocked and are not timing out. "spamassassin -t -D < <testfile>"
with some handy email test file can give an informative readout
in this regard.
Be aware that spamassassin can use a lot of memory. And it is a bit of
a resource hog if you run a lot of the SpamAssassin Rules Emporium
rule sets. (Search for "SARE" or the full name. Their rule sets are
VERY useful.) Of course, you get into a tradeoff situation between
resource usage and the quality of the spam detection. I'm silly enough
to run about 40 or so rule sets with per user rules, per user Bayes,
and all that, a pretty much worst case setup on a "2 GHz" Athlon with
1 gigabyte of memory. It takes about 3.4 clock seconds to run a single
test using spamc/spamd. Using spamassassin itself adds the overhead of
starting perl and all that. This takes about 5.3 seconds total. Since
the machine is otherwise very lightly loaded this is no big deal for
about 1300 emails processed per day on about 6 user accounts.
And to wrap up this rather long message I'll note that very often the
easiest SpamAssassin tuneup for speed involves adding more memory. If
SpamAssassin finds itself swapping for any reason it gets REALLY slow.
And I do note I am not quite running stock out of the box SpamAssassin.
I do not use automatic anything with it. Loren and I have carefully
trained SpamAssassin manually and get excellent results. And since Loren
is one of the SARE ninjas he needed some special tweaks inside SA that
really should not affect its performance except out at the fifth
decimal place. I mention this in the interests of truth in advertising
as it were.
So if you are not stuck within AmavisD or something like that the SA
user's list may be a big help. Otherwise speak with the AmavisD folks.
And do make sure you have plenty of ram and reasonable expectations for
your particular machine speeds. SA needs memory and CPU cycles.
{^_^} Joanne
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?040501c5fb84$f4907590$1225a8c0>