Date: Sun, 1 May 2005 11:08:37 -0500 (CDT) From: Chuck Rock <carock@epconline.com> To: Henry Blackman <h.blackman@chester.ac.uk> Cc: freebsd-ipfw@freebsd.org Subject: Re: Problem with high load on Xeon server... Message-ID: <20050501110206.A18734@kira.epconline.net> In-Reply-To: <BA9E5617-98D2-43E0-98ED-719C921E09E5@chester.ac.uk> References: <20050501093740.C38031@kira.epconline.net> <BA9E5617-98D2-43E0-98ED-719C921E09E5@chester.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Actually we are already doing that, MailScanner and spamassasin. being an ISP though, I can't tighten those down too tight. I have 2000 customers needs to address with my mail system. The idea is to allieviate the load on those applications because they never receive the message to begin with. I have a cluster of 4 p3 server running MailScanner and ClamAV as a front end. Round robin DNS keeps them pretty well averaged between them. They still relay approximately 60k messages each per 24 hours. The dual Xeon box is the final destination for much mail, but it's also backup MX for at least a 1000 domains, and gets hit with a lot of spam too. It also has the responsibility of running SpamAssassin for individual user mailboxes, and hosts about 1500 mailboxes. The load isn't bad on any of the boxes, I just wanted to make them last longer/handle less spam, etc. by packet filtering known bad relays before they reach the applications like Sendmail, ClamAV, MailScanner. Each of them take their toll on the resources of the machine, and there isn't much upgrading to do on a Xeon 2.8G. Chuck On Sun, 1 May 2005, Henry Blackman wrote: > There are better ways of achieving what you're trying to do. Using > black lists (spamcop.net etc) is more efficient, but of course is > resource intensive for busy servers - it is however dramatically > better than doing what you're doing, which probably isn't sustainable > in the longer term. > > I'd take a look at SpamAssassin, or you can simply use blacklists > bl.spamcop.net and others, in sendmail. SpamAssassin can also do > other things, than simply block IP addresses... > > Henry > > On 1 May 2005, at 15:47, Chuck Rock wrote: > > > I'm running FreeBSD release 5.2.1 > > > > I would like to add 61,000+ rules to ipfw. When I get to about 10,000 > > rules, the box's load gets real high, and stays there until I > > delete the > > rules. > > > > Has anyone actually used the 60,000+ rule numbers available. I've > > tried > > this on two different servers with similar results. > > > > One server is Dual Xeon 2.8Gig. Average load is between 1 and 2 with 7 > > rules in ipfw. Load goes between 17 and 28 with around 12,000 rules. > > > > The other server is dual P3-1Gig with avg. load of 1 with 7 rules. > > With > > about 9,000 rules, the load goes to 8. With 20,000 rules, the box > > overloaded and locked up, no kernel panic, just no keyboard,mouse,ip > > traffic, console screen froze, etc. > > > > Both boxes showed no excessive memory usage. > > > > Why 60,000 IP's you ask... These boxes ar ehigh traffic mail > > servers, and > > I've got an extensive sendmail access file. I wanted to keep the > > servers > > from handling so much spam by blocking the IP's of relays that > > failed the > > access list relay check. > > > > Over about one week, I have 60,000+ unique IP addresses from my logs. > > > > On one server when I was able to get about 21,000 rules in, the > > rate of > > spam dropped from 90% to about 50%, so I could really tell it was > > working. > > > > I just need to figure out how to drop those packets. > > > > I was also thinking of building a bridge firewall so the server wasn't > > doing anything but filtering packets, but after seeing that ipfw > > couldn't > > even handle half of the 65,000 rules available, I'm having second > > thoughts. > > > > Anyone have any ideas? > > > > Thanks, > > Chuck > > _______________________________________________ > > freebsd-ipfw@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > To unsubscribe, send any mail to "freebsd-ipfw- > > unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050501110206.A18734>