At 12:44 PM 8/31/2007, Justin Kim wrote: >Hello, >I would like to show my main.cf and master.cf first. > >master.cf >-------------------------------------------------------- >smtp inet n - n - 150 smtpd > >amavis unix - - n - 12 smtp > -o smtp_data_done_timeout=1200 > -o smtp_send_xforward_command=yes > -o disable_dns_lookups=yes > >127.0.0.1:10025 inet n - n - - smtpd > -o smtpd_authorized_xforward_hosts=127.0.0.0/8 > -o content_filter= > -o local_recipient_maps= > -o relay_recipient_maps= > -o smtpd_restriction_classes= > -o smtpd_client_restrictions= > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o mynetworks=127.0.0.0/8 > -o strict_rfc821_envelopes=yes > -o >receive_override_options=no_unknown_recipient_checks,no_header_body_checks >---------------------------------------------------------------------------- >-------------- > > >main.cf (smtpd shown only) >---------------------------------------------------------- >content_filter = amavis:[127.0.0.1]:10024 >receive_override_options = no_address_mappings > >smtpd_client_recipient_rate_limit = 50 >smtpd_data_restrictions = reject_unauth_pipelining >smtpd_error_sleep_time = 1s >smtpd_hard_error_limit = 20 >smtpd_helo_required = yes >smtpd_recipient_limit = 1000 >smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated >reject_unauth_destination reject_unknown_sender_domain >smtpd_reject_unlisted_sender = yes >smtpd_sasl_auth_enable = yes >smtpd_sasl_local_domain = $myhostname >smtpd_sasl_security_options = noanonymous >smtpd_sender_restrictions = permit_sasl_authenticated >------------------------------------------------------------------ > >So I setup postfix with amavisd-new to scan spam only. >And I wanted to enable in main.cf >smtpd_recipient_restrictions = > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > reject_unknown_sender_domain > reject_rbl_client zen.spamhaus.org > >I have 150 smtp process and 12 amavis process working okay. >But when I try to put rbl check, my smtp process cannot handle the load and >times out. >Am I missing something? If I enable that reject_rbl on master.cf what is >going to happen? >Our server is really busy handling 500,000 messages per day and a lot of >them are spams. :( >I just wanted to cut more spammers from connecting and trying to send. >How can I do it? >Please help.
The best you can do in amavisd-new is mark the mail as spam and then either tag/quarantine/discard it. Mail that has already been accepted and later rejected will cause a bounce, making your problems worse. You need to raise the process limit for smtpd in master.cf until the problem goes away. Try 300 to start. You may need to go much higher. and probably also set: smptd_hard_error_limit to a smaller value, try 5. smtpd_error_sleep_time = 0 smtpd_timeout = 60 (or lower if you keep a close watch on your logs) Consider using something like fail2ban to firewall repeating and persistent offenders. -- Noel Jones ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
