----- Original Message ----- From: "Eddie Javier" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, October 02, 2002 11:17 AM Subject: Re: [plug] Re: Amavis performance
> Hello, > > If it's possible, avoid using Amavis. It's a memory hog (at least the last > one I used). You mentioned that in every message that comes in, Amavis > spawns the virus scanner. Imagine if you have thousands of email coming in. > > Don't use virus scanning daemons as well. If the virus scanner dies or leaks Yes, I agree with that and heres a link where you can test if your mailserver is vulnerable. http://www.gfi.com/emailsecuritytest/ > , you have to have another program watching it whenever that happens. Also, > if your mail servers gets attacked via the "Zip of Death", your virus > scanner may crash. > > A more sophisticated solution is to use a system that scans messages by > batch rather than one by one. It works like this: > > 1. Spawn sendmail and store messages on an alternate folder, say mqueue.in > > /usr/sbin/sendmail -bd -ODeliveryMode=queueonly > -OQueueDirectory=/var/spool/mqueue.in > /usr/sbin/sendmail -q15m The mailscanner works fine specially if you wrap it with spamassassin and sophos, since sophos working great for me. You also can change the value -q15m to -q5m or whatever you wish if you encountered slow in proccesing mail. > 2. Have the AV scanner scan the incoming queue. Move to /var/spool/mqueue if > clean, quarantine if not > > A program that does this is mailscanner (http://www.mailscanner.info). > What's cool is that it can also filter spam if you want to. What's even > cooler is that cross-check mails with open relay databases. What's even > "spankingly cool" is that it can use SpamAssassin to filter more spam. > -- glynn > Cheers, > Ed > > Federico Sevilla III mumbled: > > Hi Marga, > > (cc PLUG) > > > > On Tue, Oct 01, 2002 at 03:26:14PM -0400, Marga Adan wrote: > >> I hope you can help me. > > > > Sure, but I prefer that message like this be routed through either PLUG > > or the PH Linux Newbie list, instead. Aside from my personal > > preference, you also have the wider audience there, which normally > > means more input from the community. > > > >> I've been following the PLUG on referral by persons I've met , and > >> appreciate very much if you can provide some insight on below: > >> > >> I found the Linux mail server posted that the amavis process was > >> killed due to low memory resources. Fortunately, amavis re-activates > >> itself if the process was killed. When checking memory usage, I found > >> out that vscan was hogging much of the cpu state and the memory state. > >> > >> I have not much experience on linux, but would you know how the > >> performance of AMAVIS (degrades/ remains ok)is when used with a > >> virus scanner? > > > >>From personal experience I've found the killer is not as much AMaViS > >>per > > se, as it is the virus scanner that AMaViS spawns for each and every > > message that passes through the mail server. I am using McAfee uvscan > > and have noticed that on top of the standard overhead involved in > > loading a new process, it does an unexplainable modprobe, scanning all > > available modules that takes quite awhile. > > > > Other than that the load is still bearable with a server like ours[1]. > > For MTAs that handle a lot of traffic you may be interested in skipping > > the middle-layer of AMaViS entirely, though. You can opt to use a virus > > scanner that runs as a daemon and interfaces directly with the MTA. An > > example of this is Kaspersky Labs AV. Unfortunately those are > > significantly more expensive than your standard "file-sweeping" type > > anti-virus which AMaViS (and the like) "glue" to your MTA. > > > > [1] To see our MTA load graphs see > > (http://mrtg.leathercollection.ph/mailgraph.cgi) > > > > > > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED] > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
