Date: Tue, 27 Feb 2001 09:57:50 +1100 From: "Corey Ralph" <corey.ralph@datafast.net.au> To: Len Conrad <LConrad@Go2France.com> Cc: freebsd-isp@freebsd.org Subject: Re: Dedicated smtp relay box Message-ID: <20010227095750.A51539@corey.datafast.net.au> In-Reply-To: <5.0.0.25.0.20010226080009.03f2ea70@mail.Go2France.com>; from LConrad@Go2France.com on Mon, Feb 26, 2001 at 11:52:08AM %2B0100 References: <5.0.0.25.0.20010225114033.027eca50@mail.Go2France.com> <20010220133048.A91585@corey.datafast.net.au> <5.0.0.25.0.20010225114033.027eca50@mail.Go2France.com> <20010226110043.A31259@corey.datafast.net.au> <5.0.0.25.0.20010226080009.03f2ea70@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Looking over the server, I think I have figured out what is going on. It isn't that it can't handle the load, it is just that there seems to be a bug in the AVP replacement for qmail-queue which is leaving zombie qmail-que (the original qmail-queue) processes. So that is what is consuming the RAM and causing the processes to stay around longer. I have set up a cron job to kill old the old processes until I can resolve it with Kapersky, this has taken the load back down, it is now peaking at about 150 smtp's. I am still contemplating seperating these, so it will scale better as load increases, and also to be able to offer the antivirus as a bill option. Thanks for all your help, I think I will get back to you some time soon about this. Cheers, Corey On Mon, Feb 26, 2001 at 11:52:08AM +0100, Len Conrad wrote: > > >Is that with the antivirus? > > no, just smtp/smptd processes > > >It is also running the remotes, as well as many pop3, imap, apache > >for web mail etc. > > > > > postfix is fast and easy to set up. I can send you my config files > > > and the sysctl params you need to open up FreeBSD to handle 200+ > > > SMPT/D processes. Wietse has also updated the postfix FAQ with my > > > sysctl tuning info. > > > >Again, is that with the antivirus there slowing it down? > > no, strictly an SMTP border/relay-only hub > > >Looking at my hardware on hand, I could put together a box as large as > >1 or 2 p3 800's, and 512MB or 1GB of RAM. How much do you think would > >be necessary? > > For SMTP relay, P500 / 512 megs as SMTP relay-only can handle maybe > 30K - 50K msgs/hour (FreeBSD + postfix + anti-abuse settings). > > For an AV box, it's a whole 'nother ballgame, much more intensive, > can't say what it would take, depends on your volume. > > >Have you ever had any problems with that filtering spam? > > I would say all the IMGate machines are running all three databases > at mail-abuse.org, plus up to several dozen expressions in > header_checks and body_checks (straight RegEx string matching, no > decompression or MIME decoding) on incoming, plus delivering all outgoing. > > >Sounds great, but here's where I am stuck: all our users already point > >their mail clients to mail.datafast.net.au > > but the mail clients do an A record lookup for that, not an MX lookup. > > >(and others), for smtp/pop3/imap. > > To provide for flexibility in the future for splitting various mail > functions off from the initial do-it-all mail machine, I strongly > recommend that mail-related hostnames be defined for every zone, > something like: > > @ mx 10 mx1.domain.com. > mx1 mx 10 mx1.domain.com. > > smtp A ip.ad.re.ss ; mail client sends outbound here, maybe > with SMTP AUTH or POP B4 SMTP > mail A ip.ad.re.ss ; this is wht your client use now, no > need to change it > pop A ip.ad.re.ss ; read pop boxes here > webmail A ip.ad.re.ss ; do http webmail here > mx1 A ip.ad.re.ss ; internet severs send mail here > > As you grow, your users keep their well-known hostnames, but you can > change the ip addresses "underneath" as you add specialized boxes. > > >I can't change that. So I am going to need to do it with port redirection > >on the firewall, or something like that. Changing the MX's is fine, but > >I will need the redirection to force all of our customer's mail through > >the antivirus. > > Well, another way would be like we do: mail hub fowards incoming, > per-domain (AV is payable option per-domain), to AV box which > forwards to mailbox server. mailbox server outgoing forwarded to AV > box that forwards to mail hub for delivery to Internet. downstream > mailservers (on leased lines, dial-ups, ETRN stuff) forward their > outbound to AV box. > > no ip routing involved, only SMTP routing in postfix's relay_domains > and transport tables. > > >I am thinking of setting up one box to do 1 & 2. If the load grows too > >large, I will add more boxes and load balance, as somebody on the list > >suggested to me last week. > > > >So, in summary, I would like to do this, how much hardware should I > >throw at it? It is delivering about 2.5GB a day, running AVP. > > If you're scanning 2.5 gb of mail now with AVP, you have a much > better feel than I do. We have an old P300 with 64 megs doing AVP > scanning with AvpFreeBSDDaemon under Amavis PERL 10 but only 3k msgs, > a few 100 megs/day. > > Len > > > http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K > http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010227095750.A51539>