running spamd on firewall ord on the mailsystem
Hi there, I like to get some opinions on where to use the spamd daemon. Is it better to do the heavy stuff on the firewall or let it all pass to the mailsystem and do the filtering there? regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: running spamd on firewall ord on the mailsystem
On 09/19/17 09:10, rosjat wrote: > I like to get some opinions on where to use the spamd daemon. Is it > better to do the heavy stuff on the firewall or let it all pass to the > mailsystem and do the filtering there? OpenBSD's spamd is not in any way a 'heavy' service. It's entirely possible to run it on the actual mail server, but I tend to recommend stopping unwanted traffic early and set up on the directly internet-facing host (aka the firewall). Whichever way you do it, after enabling spamd you will see the load on the content filtering machines drop considerably. There will be a lot less of the heavy computation tasks involved in content filtering that need to be performed. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: running spamd on firewall ord on the mailsystem
Op Tue, 19 Sep 2017 09:35:04 +0200 schreef Peter N. M. Hansteen : On 09/19/17 09:10, rosjat wrote: I like to get some opinions on where to use the spamd daemon. Is it better to do the heavy stuff on the firewall or let it all pass to the mailsystem and do the filtering there? OpenBSD's spamd is not in any way a 'heavy' service. Indeed. On my site, with 12k messages tarpitted last week, spamd (with -v) took about the same cpu time as ntpd. Spamlogd even less. Together about 7.5M resident memory. It's entirely possible to run it on the actual mail server, but I tend to recommend stopping unwanted traffic early and set up on the directly internet-facing host (aka the firewall). Note that the spamd(8) manual page assumes it's the same machine, so using different machines is a less trivial pf.conf setup. IIRC it requires route-to in stead of divert-to for your whitelist(s), or a divert-to with a relayd/nc relay. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/