RE: [qmailtoaster] how to filter relay
Thanks Andreas, I am testing it this way now. Does it matter if the Mdaemon sender is already authenticated in Qmail? \Sergio -Original Message- From: Andreas Galatis [mailto:[EMAIL PROTECTED] Sent: Thursday, May 22, 2008 7:48 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] how to filter relay Hi Sergio, you could put [EMAIL PROTECTED] and [EMAIL PROTECTED] into your /var/qmail/control/badmailfrom file. Andreas Am Donnerstag, 22. Mai 2008 18:36 schrieb Sergio Minini Hi list, I have a customer who has an in-house Mdaemon server and only relays through my SMTP when Mdaemon fails. Mdaemon authenticates with an account [EMAIL PROTECTED] and is allowed to relay without problems, even though the original sender is [EMAIL PROTECTED] Is there a way, with this scenario, to block relaying for mails with [EMAIL PROTECTED] and [EMAIL PROTECTED], but allowing relay for all the other users of this domain? (Always authenticating with [EMAIL PROTECTED]) Hope I made myself clear. Thanks! - -- - Sergio Minini :: NetKey Solutions :: T 4742.1101 :: http://www.netkey.com.ar P: ¿Realmente necesitás imprimir este correo electrónico? Ahorremos papel. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Spamdyke
Hello All, I am having an issue once again with high load on my mail servers. What I would like to know is there a way in spamdyke that I can block all non-us Ips? -- Thanks, Kyle Quillen - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Load balancing
All, Does anyone have any resources that I can pull from that will point me in the direction of setting up load balancing with the toaster? I want to keep using this mail server but I have to find a way to deal with the large amount of mail that I am having to process. It is mostly spam so maybe what I am looking for is a spam scanning system. Thoughts? -- Thanks, Kyle Quillen Lightspeed Wireless [EMAIL PROTECTED] 330.473.1231 ext.202 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] How to not forward messages marked as spam
If I understand simscan / simcontrol functions, you can only specify global, local domain, or specific user settings. There are many virtual domains hosted on the server, and I don't want to just specify spam dropping for any single domain - I want to be able to drop spam if any single account is set to forward its email to an external domain. In other words, for all local domains, I want to drop spam if any account is set up to forward its email to an external server. Ideally, this would also be set up for simple forwards as well. So, I need to drop spam for: Forwards (ideally, only forwards to external domains... [EMAIL PROTECTED], [EMAIL PROTECTED], etc) Standard accounts with the Forward To: radio button selected in qmailadmin. (user's .qmail file = [EMAIL PROTECTED]) You can specify only that domain in a separate record in simcontrol, with the appropriate value for spam_hits so they'll be rejected. [EMAIL PROTECTED] wrote: I would like to completely dump messages tagged as spam, but only for accounts set to forward to an external domain. Local spam should go to its normal .Spam folder. What is it you'd like to do with messages tagged as spam? If you want to reject them, simply bring down the value for spam_hits in /var/qmail/simcontrol to equal the value of required_score in /etc/mail/spamassassin/local.cf. Then anything which would have been tagged will be rejected up front. -- -Eric 'shubes' [EMAIL PROTECTED] wrote: I've been having problems with accounts which are set up to simply to external addresses. For a standard account, the /home/vpopmail/[domain]/[user]/.qmail file contains the following: |/var/qmail/bin/preline /usr/bin/maildrop -A 'Content-Filter: maildrop-toaster' /etc/mail/mailfilter This works perfectly. For a forwarded account, the .qmail file simply contains [address to forward to] While the email does get forwarded, the forwarding of tagged spam is causing gray/blacklisting problems with recipient servers. Messages are still processed via spamassassin, and the subjects rewritten with ***SPAM***, but the messages forward no matter what I try. I realize that this is by design and that these messages should be forwarded due to the possibility of false positives, but Yahoo keeps spitting out 451_Message_temporarily_deferred, we get greylisted some places, etc. The goal is to NOT forward messages tagged as spam to Yahoo, AOL, etc (along with a disclaimer published in the HTML of SquirrelMail), but I have no idea how to make this happen. Can I change the .qmail line to make it pipe through an external process which checks the spam x-header? Any help would be greatly appreciated. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Spamdyke
Kyle Quillen wrote: Hello All, I am having an issue once again with high load on my mail servers. What I would like to know is there a way in spamdyke that I can block all non-us Ips? I take it you're not using spamdyke yet. There are several rDNS filters, one of which rejects rDNS entries which contain a CC (Country Code). I'm seeing quite a few hits with this rule, and with other rDNS filters in general. Graylisting included with spamdyke is also very effective. Overall, spamdyke should reduce the load considerably, because everything it rejects (and it can reject a LOT) is rejected before the message is even entirely received (only headers are received), so there's no scanning of these. You might think of spamdyke as RBLs on steroids, at least regarding its effectiveness. ;) I highly recommend that QMT users install/use spamdyke. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Load balancing
Kyle Quillen wrote: All, Does anyone have any resources that I can pull from that will point me in the direction of setting up load balancing with the toaster? I want to keep using this mail server but I have to find a way to deal with the large amount of mail that I am having to process. It is mostly spam so maybe what I am looking for is a spam scanning system. Thoughts? Spamdyke. Do it. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] How to not forward messages marked as spam
You'd need to add a simcontrol record for each user that is forwarded externally. This would need to be done manually, and could be an administrative nightmare at an ISP level. I suppose you could modify qmailadmin to handle it automatically though. [EMAIL PROTECTED] wrote: If I understand simscan / simcontrol functions, you can only specify global, local domain, or specific user settings. There are many virtual domains hosted on the server, and I don't want to just specify spam dropping for any single domain - I want to be able to drop spam if any single account is set to forward its email to an external domain. In other words, for all local domains, I want to drop spam if any account is set up to forward its email to an external server. Ideally, this would also be set up for simple forwards as well. So, I need to drop spam for: * Forwards (ideally, only forwards to external domains... [EMAIL PROTECTED], [EMAIL PROTECTED], etc) * Standard accounts with the Forward To: radio button selected in qmailadmin. (user's .qmail file = [EMAIL PROTECTED]) You can specify only that domain in a separate record in simcontrol, with the appropriate value for spam_hits so they'll be rejected. [EMAIL PROTECTED] wrote: I would like to completely dump messages tagged as spam, but only for accounts set to forward to an external domain. Local spam should go to its normal .Spam folder. What is it you'd like to do with messages tagged as spam? If you want to reject them, simply bring down the value for spam_hits in /var/qmail/simcontrol to equal the value of required_score in /etc/mail/spamassassin/local.cf. Then anything which would have been tagged will be rejected up front. -- -Eric 'shubes' [EMAIL PROTECTED] wrote: I've been having problems with accounts which are set up to simply to external addresses. For a standard account, the /home/vpopmail/[domain]/[user]/.qmail file contains the following: |/var/qmail/bin/preline /usr/bin/maildrop -A 'Content-Filter: maildrop-toaster' /etc/mail/mailfilter This works perfectly. For a forwarded account, the .qmail file simply contains [address to forward to] While the email does get forwarded, the forwarding of tagged spam is causing gray/blacklisting problems with recipient servers. Messages are still processed via spamassassin, and the subjects rewritten with ***SPAM***, but the messages forward no matter what I try. I realize that this is by design and that these messages should be forwarded due to the possibility of false positives, but Yahoo keeps spitting out 451_Message_temporarily_deferred, we get greylisted some places, etc. The goal is to NOT forward messages tagged as spam to Yahoo, AOL, etc (along with a disclaimer published in the HTML of SquirrelMail), but I have no idea how to make this happen. Can I change the .qmail line to make it pipe through an external process which checks the spam x-header? Any help would be greatly appreciated. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Spamdyke
Kyle Quillen wrote: Hello All, I am having an issue once again with high load on my mail servers. What I would like to know is there a way in spamdyke that I can block all non-us Ips? Not being a spamdyke user myself (really need to get around to that), I'd say this task would be best handled on an iptables level. It's very easy to find IP subnet geo-locations and just block whole subnets. If you still need them to see a web page, you can always just write your iptables rule to just block non-US IP subnets for specific ports. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Load balancing
Kyle Quillen wrote: All, Does anyone have any resources that I can pull from that will point me in the direction of setting up load balancing with the toaster? I want to keep using this mail server but I have to find a way to deal with the large amount of mail that I am having to process. It is mostly spam so maybe what I am looking for is a spam scanning system. Not sure of too many resources other than a couple mailing-list posts that talk about load balancing. I've built a couple systems that utilize multiple frontends to spread the load around while tying into a shared back end. There's some commercial resources on the wiki that offer these services shameless_plug I'm one of these resources /shameless_plug. http://wiki.qmailtoaster.com/index.php/Main_Page#Additional_Resources Not knowing any metrics on your system/mail use I'd guess that you could probably get by with some RBL and spam tuning maybe coupled with some firewall magic. I've fixed a few systems like this for various clients that just needed some tuning. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Load balancing
LVS seemed to work very well for me. Pretty straight forward setup once you get the idea. Or you could set up a shared environment, one mysql server, one shared /home/vpopmail directory, simlinked users and control from the qmail directory. Then use LVS (or other software based LB) as your front end to balance between the servers. Mike - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Load balancing
Spamdyke is installed and has been for about a week It has seemed to help but my loads are still staying around 3.5-4.5 The largest problem that I have right now is that users are getting duplicate emails and I can't figure out how to stop it. Since I implemented the greylisting things seem to be calming a little bit but the dups are still coming in. I have gotten multiple copies of emails that were sent yesterday at like 1030 in the am and i did get them. Suggestions? thanks q On Fri, 2008-05-23 at 08:51 -0700, Eric Shubert wrote: Kyle Quillen wrote: All, Does anyone have any resources that I can pull from that will point me in the direction of setting up load balancing with the toaster? I want to keep using this mail server but I have to find a way to deal with the large amount of mail that I am having to process. It is mostly spam so maybe what I am looking for is a spam scanning system. Thoughts? Spamdyke. Do it. -- Thanks, Kyle Quillen Lightspeed Wireless [EMAIL PROTECTED] 330.473.1231 ext.202 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Spamdyke
Do you have an example of where I can get some of these subnets? thanks q On Fri, 2008-05-23 at 12:09 -0400, Jake Vickers wrote: Kyle Quillen wrote: Hello All, I am having an issue once again with high load on my mail servers. What I would like to know is there a way in spamdyke that I can block all non-us Ips? Not being a spamdyke user myself (really need to get around to that), I'd say this task would be best handled on an iptables level. It's very easy to find IP subnet geo-locations and just block whole subnets. If you still need them to see a web page, you can always just write your iptables rule to just block non-US IP subnets for specific ports. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks, Kyle Quillen Lightspeed Wireless [EMAIL PROTECTED] 330.473.1231 ext.202 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Load balancing
The dups are understandable. I'm guessing that the smtp sessions are timing out because the load is high and subsequently scanning is taking a long time. How long are scans taking typically? Please post your spamdyke.conf file. What toaster package versions are you running? Are you seeing clamav eating your cpu? Kyle Quillen wrote: Spamdyke is installed and has been for about a week It has seemed to help but my loads are still staying around 3.5-4.5 The largest problem that I have right now is that users are getting duplicate emails and I can't figure out how to stop it. Since I implemented the greylisting things seem to be calming a little bit but the dups are still coming in. I have gotten multiple copies of emails that were sent yesterday at like 1030 in the am and i did get them. Suggestions? thanks q On Fri, 2008-05-23 at 08:51 -0700, Eric Shubert wrote: Kyle Quillen wrote: All, Does anyone have any resources that I can pull from that will point me in the direction of setting up load balancing with the toaster? I want to keep using this mail server but I have to find a way to deal with the large amount of mail that I am having to process. It is mostly spam so maybe what I am looking for is a spam scanning system. Thoughts? Spamdyke. Do it. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Load balancing
My spamdyke.conf is below along with my package versions. Dups seem to be slowing down but then my load averages are coming down as well Spamdyke.conf check-dnsrbl=zombie.dnsbl.sorbs.net check-dnsrbl=dul.dnsbl.sorbs.net check-dnsrbl=bogons.cymru.com check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=80 greeting-delay-secs=5 idle-timeout-secs=60 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-file=/etc/spamdyke/blacklist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip local-domains-file=/var/qmail/control/rcpthosts log-level=2 log-target=0 max-recipients=25 #policy-url=http://my.policy.explanation.url/ rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients reject-empty-rdns reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns sender-blacklist-file=/etc/spamdyke/blacklist_senders tls-certificate-file=/var/qmail/control/servercert.pem qtp-whatami v0.3 DISTRO=CentOS OSVER=5 QTARCH=i686 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat This machine's OS is supported, but this version/arch has not been tested. average scan times seem to be 2.1-2.7 My packages are all current except for clamav Thanks q On Fri, 2008-05-23 at 10:20 -0700, Eric Shubert wrote: The dups are understandable. I'm guessing that the smtp sessions are timing out because the load is high and subsequently scanning is taking a long time. How long are scans taking typically? Please post your spamdyke.conf file. What toaster package versions are you running? Are you seeing clamav eating your cpu? Kyle Quillen wrote: Spamdyke is installed and has been for about a week It has seemed to help but my loads are still staying around 3.5-4.5 The largest problem that I have right now is that users are getting duplicate emails and I can't figure out how to stop it. Since I implemented the greylisting things seem to be calming a little bit but the dups are still coming in. I have gotten multiple copies of emails that were sent yesterday at like 1030 in the am and i did get them. Suggestions? thanks q On Fri, 2008-05-23 at 08:51 -0700, Eric Shubert wrote: Kyle Quillen wrote: All, Does anyone have any resources that I can pull from that will point me in the direction of setting up load balancing with the toaster? I want to keep using this mail server but I have to find a way to deal with the large amount of mail that I am having to process. It is mostly spam so maybe what I am looking for is a spam scanning system. Thoughts? Spamdyke. Do it. -- Thanks, Kyle Quillen Lightspeed Wireless [EMAIL PROTECTED] 330.473.1231 ext.202 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] How to not forward messages marked as spam
There is the following on the wiki - http://wiki.qmailtoaster.com/index.php/Simscan -Original Message- From: Eric Shubert [mailto:[EMAIL PROTECTED] Sent: Friday, May 23, 2008 11:56 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] How to not forward messages marked as spam You'd need to add a simcontrol record for each user that is forwarded externally. This would need to be done manually, and could be an administrative nightmare at an ISP level. I suppose you could modify qmailadmin to handle it automatically though. [EMAIL PROTECTED] wrote: If I understand simscan / simcontrol functions, you can only specify global, local domain, or specific user settings. There are many virtual domains hosted on the server, and I don't want to just specify spam dropping for any single domain - I want to be able to drop spam if any single account is set to forward its email to an external domain. In other words, for all local domains, I want to drop spam if any account is set up to forward its email to an external server. Ideally, this would also be set up for simple forwards as well. So, I need to drop spam for: * Forwards (ideally, only forwards to external domains... [EMAIL PROTECTED], [EMAIL PROTECTED], etc) * Standard accounts with the Forward To: radio button selected in qmailadmin. (user's .qmail file = [EMAIL PROTECTED]) -- -- You can specify only that domain in a separate record in simcontrol, with the appropriate value for spam_hits so they'll be rejected. [EMAIL PROTECTED] wrote: I would like to completely dump messages tagged as spam, but only for accounts set to forward to an external domain. Local spam should go to its normal .Spam folder. - --- What is it you'd like to do with messages tagged as spam? If you want to reject them, simply bring down the value for spam_hits in /var/qmail/simcontrol to equal the value of required_score in /etc/mail/spamassassin/local.cf. Then anything which would have been tagged will be rejected up front. -- -Eric 'shubes' - --- [EMAIL PROTECTED] wrote: I've been having problems with accounts which are set up to simply to external addresses. For a standard account, the /home/vpopmail/[domain]/[user]/.qmail file contains the following: |/var/qmail/bin/preline /usr/bin/maildrop -A 'Content-Filter: maildrop-toaster' /etc/mail/mailfilter This works perfectly. For a forwarded account, the .qmail file simply contains [address to forward to] While the email does get forwarded, the forwarding of tagged spam is causing gray/blacklisting problems with recipient servers. Messages are still processed via spamassassin, and the subjects rewritten with ***SPAM***, but the messages forward no matter what I try. I realize that this is by design and that these messages should be forwarded due to the possibility of false positives, but Yahoo keeps spitting out 451_Message_temporarily_deferred, we get greylisted some places, etc. The goal is to NOT forward messages tagged as spam to Yahoo, AOL, etc (along with a disclaimer published in the HTML of SquirrelMail), but I have no idea how to make this happen. Can I change the .qmail line to make it pipe through an external process which checks the spam x-header? Any help would be greatly appreciated. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Load balancing
Hi Kyle, We have the same issue with our toasters. The long and short of it is, try to keep your total mail users under about 1,000 (this usually works out to about 100-200 domains). Anything over that, and you should deploy another mail server. When a remote SMTP server connects to your Qmail Toaster and delivers a message, it is timing out awaiting for Qmail to send back an acknowledgement it got your message, because, for some weird reason, Qmail waits until after simscan has finished processing (which itself is waiting for clamav and spamassassin to do the actual processing) before returning such an acknowledgement. Several other things can cause duplicates too like POP3 clients leaving a copy of mail messages on the server and then losing track of what it's already downloaded (a common scenario when the client has to go through a local anti-virus application on the mail user's computer). But also, bad .qmail files in the user's vpopmail directory can cause delivery to happen two times. That's easy to fix. What's not easy is taming spamassassin and clamav. We have had to do a lot of work--a lot more than I feel we should have had to for a proported out-of-the-box solution--to keep spamassassin and clamav from killing your mail server... First of all, throttle SMTP traffic with iptables to prevent excessive connections (and resultant spamd/clamd instances) in the first place: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m recent --set -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m recent --update --seconds 60 --hitcount 12 -j DROP (works in typical CentOS/RedHat /etc/sysconfig/iptables files) Then, SERIOUSLY change how spamd starts and runs: /var/qmail/supervise/spamd/run: #!/bin/sh exec /bin/nice --adjustment=20 /usr/bin/spamd -m 4 --max-children=2 --max-conn-per-child=15 -l -L -x -u vpopmail -s stderr 21 Tweak /etc/mail/spamassassin/local.cf: ok_locales all skip_rbl_checks 0 rbl_timeout 5 required_hits 5 report_safe 0 rewrite_header Subject ***SPAM*** use_pyzor 1 # Use for any MTA servers from which you want to trust will not spam you, such as another server in your # own network. # trusted_networks 127.0.0.1/18 # If you use Postini, uncomment this line: # trusted_networks 64.18.6.10 use_auto_whitelist 0 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_expire 1 bayes_expiry_max_db_size 18750 # Inserted to ignore all mail from Postini, if you use it, and pass it on unmodified # This should lessen our overall load. bayes_ignore_header X-pstn-levels Make sure to be running THE most current version of SpamAssassin and ClamAV (SpamAssassin in particular is exceedingly buggy, and they're constantly fixing it all the time). This may require you to install or upgrade a variety of perl modules (get comfortable with using CPAN). As for ClamAV? Well, here's what we do in /etc/clamd.conf: PhishingSignatures no PhishingScanURLs no ScanHTML no MaxScanSize 1M MaxFileSize 1M Changes to spamd or clamd configuration files need a svc -d and then svc -u from the /var/qmail/supervise directory (i.e., svc -d spamd). /var/qmail/control/concurrencyincoming is set to something reasonable for a 2.4GHz P4 with 1GB of RAM, 100 - concurrencyremote is 300 and concurrencylocal is 200 We set /var/qmail/control/databytes to 20 MB (this is industry standard anyway). Changing these files will require a HUP of qmail-smtpd (service qmail restart does this). We use the following simcontrol file (so that these files, if attached to incoming e-mail, don't even get delivered, saving clamd the trouble of even having to run): :clam=yes,spam=yes,spam_hits=12,attach=.ade:.adp:.app:.asd:.asx:.bas:.ba t:.bin:.chm:.cil:.cla:.class:.cmd:.com:.cpl:.crt:.csh:.dll:.dot:.email:. eml:.exe:.fxp:.hlp:.hta:.inf:.ins:.isp:.js:.jse:.ksh:.lnk:.mda:.mdb:.mde :.mdt:.mdw:.mdz:.mpe:.msc:.msi:.msp:.mst:.nws:.ocx:.ops:.pcd:.pif:.pl:.p m:.pot:.prf:.prg:.ps:.reg:.scf:.scr:.sct:.shb:.shm:.shs:.url:.vb:.vbe:.v bs:.vxd:.wmd:.wmf:.wms:.wmz:.wsc:.wsf:.wsh:.wsz:.xsl:.xlt:.xlw Be sure to run qmailctl cdb to rehash the simcontrol.cdb file. Finally, we've decided to not allow catch-all aliases. This has been the single biggest helpful thing we have done to resolve high load issues on our mail servers. I can't tell you how badly your mail server can get beat up by a domain catch-all accepting loads of spam. (Just look at your MRTG or ISOQLOG pages, and you'll see what I mean.) So, you'll want to set catchall to BOUNCE (not delete, because it goes through the ENTIRE process of accepting an e-mail before finally realizing it should be deleted). Here's a way to do this to the entire mail server: Make a file called .qmail-default in /usr/local/etc that looks like this: | /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox Then run this command: find /home/vpopmail/domains -name .qmail-default -type f -exec /bin/cp -rp /usr/local/etc/.qmail-default {} \; I was able to
RE: [qmailtoaster] Load balancing
List, If i were to choose a couple of these RBLs, which ones should I choose? I mean a couple to avoid creating a lot of queries and adding more connection time. Thanks. -Original Message- Spamdyke.conf check-dnsrbl=zombie.dnsbl.sorbs.net check-dnsrbl=dul.dnsbl.sorbs.net check-dnsrbl=bogons.cymru.com check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Load balancing
Kyle, Maybe you could try raising the idle-timeout-secs value. \Sergio -Original Message- From: Kyle Quillen [mailto:[EMAIL PROTECTED] Sent: Friday, May 23, 2008 2:50 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Load balancing My spamdyke.conf is below along with my package versions. Dups seem to be slowing down but then my load averages are coming down as well Spamdyke.conf check-dnsrbl=zombie.dnsbl.sorbs.net check-dnsrbl=dul.dnsbl.sorbs.net check-dnsrbl=bogons.cymru.com check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=80 greeting-delay-secs=5 idle-timeout-secs=60 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-file=/etc/spamdyke/blacklist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip local-domains-file=/var/qmail/control/rcpthosts log-level=2 log-target=0 max-recipients=25 #policy-url=http://my.policy.explanation.url/ rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients reject-empty-rdns reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns sender-blacklist-file=/etc/spamdyke/blacklist_senders tls-certificate-file=/var/qmail/control/servercert.pem qtp-whatami v0.3 DISTRO=CentOS OSVER=5 QTARCH=i686 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat This machine's OS is supported, but this version/arch has not been tested. average scan times seem to be 2.1-2.7 My packages are all current except for clamav Thanks q On Fri, 2008-05-23 at 10:20 -0700, Eric Shubert wrote: The dups are understandable. I'm guessing that the smtp sessions are timing out because the load is high and subsequently scanning is taking a long time. How long are scans taking typically? Please post your spamdyke.conf file. What toaster package versions are you running? Are you seeing clamav eating your cpu? Kyle Quillen wrote: Spamdyke is installed and has been for about a week It has seemed to help but my loads are still staying around 3.5-4.5 The largest problem that I have right now is that users are getting duplicate emails and I can't figure out how to stop it. Since I implemented the greylisting things seem to be calming a little bit but the dups are still coming in. I have gotten multiple copies of emails that were sent yesterday at like 1030 in the am and i did get them. Suggestions? thanks q On Fri, 2008-05-23 at 08:51 -0700, Eric Shubert wrote: Kyle Quillen wrote: All, Does anyone have any resources that I can pull from that will point me in the direction of setting up load balancing with the toaster? I want to keep using this mail server but I have to find a way to deal with the large amount of mail that I am having to process. It is mostly spam so maybe what I am looking for is a spam scanning system. Thoughts? Spamdyke. Do it. -- Thanks, Kyle Quillen Lightspeed Wireless [EMAIL PROTECTED] 330.473.1231 ext.202 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Load balancing
What would you suggest moving this setting to? thanks q On Fri, 2008-05-23 at 15:11 -0300, Sergio Minini {NETKEY} wrote: Kyle, Maybe you could try raising the idle-timeout-secs value. \Sergio -Original Message- From: Kyle Quillen [mailto:[EMAIL PROTECTED] Sent: Friday, May 23, 2008 2:50 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Load balancing My spamdyke.conf is below along with my package versions. Dups seem to be slowing down but then my load averages are coming down as well Spamdyke.conf check-dnsrbl=zombie.dnsbl.sorbs.net check-dnsrbl=dul.dnsbl.sorbs.net check-dnsrbl=bogons.cymru.com check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=80 greeting-delay-secs=5 idle-timeout-secs=60 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-file=/etc/spamdyke/blacklist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip local-domains-file=/var/qmail/control/rcpthosts log-level=2 log-target=0 max-recipients=25 #policy-url=http://my.policy.explanation.url/ rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients reject-empty-rdns reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns sender-blacklist-file=/etc/spamdyke/blacklist_senders tls-certificate-file=/var/qmail/control/servercert.pem qtp-whatami v0.3 DISTRO=CentOS OSVER=5 QTARCH=i686 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat This machine's OS is supported, but this version/arch has not been tested. average scan times seem to be 2.1-2.7 My packages are all current except for clamav Thanks q On Fri, 2008-05-23 at 10:20 -0700, Eric Shubert wrote: The dups are understandable. I'm guessing that the smtp sessions are timing out because the load is high and subsequently scanning is taking a long time. How long are scans taking typically? Please post your spamdyke.conf file. What toaster package versions are you running? Are you seeing clamav eating your cpu? Kyle Quillen wrote: Spamdyke is installed and has been for about a week It has seemed to help but my loads are still staying around 3.5-4.5 The largest problem that I have right now is that users are getting duplicate emails and I can't figure out how to stop it. Since I implemented the greylisting things seem to be calming a little bit but the dups are still coming in. I have gotten multiple copies of emails that were sent yesterday at like 1030 in the am and i did get them. Suggestions? thanks q On Fri, 2008-05-23 at 08:51 -0700, Eric Shubert wrote: Kyle Quillen wrote: All, Does anyone have any resources that I can pull from that will point me in the direction of setting up load balancing with the toaster? I want to keep using this mail server but I have to find a way to deal with the large amount of mail that I am having to process. It is mostly spam so maybe what I am looking for is a spam scanning system. Thoughts? Spamdyke. Do it. -- Thanks, Kyle Quillen Lightspeed Wireless [EMAIL PROTECTED] 330.473.1231 ext.202 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks, Kyle Quillen Lightspeed Wireless [EMAIL PROTECTED] 330.473.1231 ext.202 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Load balancing
After a trial-error approach, I set mine to 400. Maybe in better hardware is too high, but's been working fine in my old server. I found out this helped when I got dups with large attachments. Sergio -Original Message- From: Kyle Quillen [mailto:[EMAIL PROTECTED] Sent: Friday, May 23, 2008 3:33 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Load balancing What would you suggest moving this setting to? thanks q On Fri, 2008-05-23 at 15:11 -0300, Sergio Minini {NETKEY} wrote: Kyle, Maybe you could try raising the idle-timeout-secs value. \Sergio -Original Message- From: Kyle Quillen [mailto:[EMAIL PROTECTED] Sent: Friday, May 23, 2008 2:50 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Load balancing My spamdyke.conf is below along with my package versions. Dups seem to be slowing down but then my load averages are coming down as well Spamdyke.conf check-dnsrbl=zombie.dnsbl.sorbs.net check-dnsrbl=dul.dnsbl.sorbs.net check-dnsrbl=bogons.cymru.com check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=80 greeting-delay-secs=5 idle-timeout-secs=60 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-file=/etc/spamdyke/blacklist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip local-domains-file=/var/qmail/control/rcpthosts log-level=2 log-target=0 max-recipients=25 #policy-url=http://my.policy.explanation.url/ rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients reject-empty-rdns reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns sender-blacklist-file=/etc/spamdyke/blacklist_senders tls-certificate-file=/var/qmail/control/servercert.pem qtp-whatami v0.3 DISTRO=CentOS OSVER=5 QTARCH=i686 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat This machine's OS is supported, but this version/arch has not been tested. average scan times seem to be 2.1-2.7 My packages are all current except for clamav Thanks q On Fri, 2008-05-23 at 10:20 -0700, Eric Shubert wrote: The dups are understandable. I'm guessing that the smtp sessions are timing out because the load is high and subsequently scanning is taking a long time. How long are scans taking typically? Please post your spamdyke.conf file. What toaster package versions are you running? Are you seeing clamav eating your cpu? Kyle Quillen wrote: Spamdyke is installed and has been for about a week It has seemed to help but my loads are still staying around 3.5-4.5 The largest problem that I have right now is that users are getting duplicate emails and I can't figure out how to stop it. Since I implemented the greylisting things seem to be calming a little bit but the dups are still coming in. I have gotten multiple copies of emails that were sent yesterday at like 1030 in the am and i did get them. Suggestions? thanks q On Fri, 2008-05-23 at 08:51 -0700, Eric Shubert wrote: Kyle Quillen wrote: All, Does anyone have any resources that I can pull from that will point me in the direction of setting up load balancing with the toaster? I want to keep using this mail server but I have to find a way to deal with the large amount of mail that I am having to process. It is mostly spam so maybe what I am looking for is a spam scanning system. Thoughts? Spamdyke. Do it. -- Thanks, Kyle Quillen Lightspeed Wireless [EMAIL PROTECTED] 330.473.1231 ext.202 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks, Kyle Quillen Lightspeed Wireless [EMAIL PROTECTED] 330.473.1231 ext.202 - QmailToaster hosted by: VR Hosted http://www.vr.org
Re: [qmailtoaster] Load balancing
Thanks for sharing your pointers, Dairenn. The only thing I'd like to add is regarding SA's autoexpire. That can take a good bit of time and really doesn't need to be done during an smtp session (which is what happens when it's turned on). I would turn that off and set up a cron job to run bayes expirations: #!/bin/sh # written 11/17/06 by Eric 'shubes' [EMAIL PROTECTED] # force journal sync and expiration of spamassassin bayes database # sa-learn -u vpopmail --force-expire chown vpopmail:vchkpw /home/vpopmail/.spamassassin/bayes_toks Dairenn Lombard wrote: Hi Kyle, We have the same issue with our toasters. The long and short of it is, try to keep your total mail users under about 1,000 (this usually works out to about 100-200 domains). Anything over that, and you should deploy another mail server. When a remote SMTP server connects to your Qmail Toaster and delivers a message, it is timing out awaiting for Qmail to send back an acknowledgement it got your message, because, for some weird reason, Qmail waits until after simscan has finished processing (which itself is waiting for clamav and spamassassin to do the actual processing) before returning such an acknowledgement. Several other things can cause duplicates too like POP3 clients leaving a copy of mail messages on the server and then losing track of what it's already downloaded (a common scenario when the client has to go through a local anti-virus application on the mail user's computer). But also, bad .qmail files in the user's vpopmail directory can cause delivery to happen two times. That's easy to fix. What's not easy is taming spamassassin and clamav. We have had to do a lot of work--a lot more than I feel we should have had to for a proported out-of-the-box solution--to keep spamassassin and clamav from killing your mail server... First of all, throttle SMTP traffic with iptables to prevent excessive connections (and resultant spamd/clamd instances) in the first place: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m recent --set -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m recent --update --seconds 60 --hitcount 12 -j DROP (works in typical CentOS/RedHat /etc/sysconfig/iptables files) Then, SERIOUSLY change how spamd starts and runs: /var/qmail/supervise/spamd/run: #!/bin/sh exec /bin/nice --adjustment=20 /usr/bin/spamd -m 4 --max-children=2 --max-conn-per-child=15 -l -L -x -u vpopmail -s stderr 21 Tweak /etc/mail/spamassassin/local.cf: ok_locales all skip_rbl_checks 0 rbl_timeout 5 required_hits 5 report_safe 0 rewrite_header Subject ***SPAM*** use_pyzor 1 # Use for any MTA servers from which you want to trust will not spam you, such as another server in your # own network. # trusted_networks 127.0.0.1/18 # If you use Postini, uncomment this line: # trusted_networks 64.18.6.10 use_auto_whitelist 0 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_expire 1 bayes_expiry_max_db_size 18750 # Inserted to ignore all mail from Postini, if you use it, and pass it on unmodified # This should lessen our overall load. bayes_ignore_header X-pstn-levels Make sure to be running THE most current version of SpamAssassin and ClamAV (SpamAssassin in particular is exceedingly buggy, and they're constantly fixing it all the time). This may require you to install or upgrade a variety of perl modules (get comfortable with using CPAN). As for ClamAV? Well, here's what we do in /etc/clamd.conf: PhishingSignatures no PhishingScanURLs no ScanHTML no MaxScanSize 1M MaxFileSize 1M Changes to spamd or clamd configuration files need a svc -d and then svc -u from the /var/qmail/supervise directory (i.e., svc -d spamd). /var/qmail/control/concurrencyincoming is set to something reasonable for a 2.4GHz P4 with 1GB of RAM, 100 - concurrencyremote is 300 and concurrencylocal is 200 We set /var/qmail/control/databytes to 20 MB (this is industry standard anyway). Changing these files will require a HUP of qmail-smtpd (service qmail restart does this). We use the following simcontrol file (so that these files, if attached to incoming e-mail, don't even get delivered, saving clamd the trouble of even having to run): :clam=yes,spam=yes,spam_hits=12,attach=.ade:.adp:.app:.asd:.asx:.bas:.ba t:.bin:.chm:.cil:.cla:.class:.cmd:.com:.cpl:.crt:.csh:.dll:.dot:.email:. eml:.exe:.fxp:.hlp:.hta:.inf:.ins:.isp:.js:.jse:.ksh:.lnk:.mda:.mdb:.mde :.mdt:.mdw:.mdz:.mpe:.msc:.msi:.msp:.mst:.nws:.ocx:.ops:.pcd:.pif:.pl:.p m:.pot:.prf:.prg:.ps:.reg:.scf:.scr:.sct:.shb:.shm:.shs:.url:.vb:.vbe:.v bs:.vxd:.wmd:.wmf:.wms:.wmz:.wsc:.wsf:.wsh:.wsz:.xsl:.xlt:.xlw Be sure to run qmailctl cdb to rehash the simcontrol.cdb file. Finally, we've decided to not allow catch-all aliases. This has been the single biggest helpful thing we have done to resolve high load issues on our mail
Re: [qmailtoaster] Load balancing
That's a good question, Sergio. It's possible that one or more of these is part of Kyle's problem. .) Put the heavy hitters first (such as spamhaus). With spamhaus first, you might not get many hits with some of the others, making them pretty much useless. .) dsbl.org is no longer active FWIW, I presently use only: check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net Sergio Minini {NETKEY} wrote: List, If i were to choose a couple of these RBLs, which ones should I choose? I mean a couple to avoid creating a lot of queries and adding more connection time. Thanks. -Original Message- Spamdyke.conf check-dnsrbl=zombie.dnsbl.sorbs.net check-dnsrbl=dul.dnsbl.sorbs.net check-dnsrbl=bogons.cymru.com check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [qmailtoaster] Load balancing
Well all, After doing everything in here except the firewall rules and with the reordering of the RBL's server loads are 1.14, 1.37, 1.46. They seem to be staying that way consistently only time will tell though. If things kick up a little I will drop the Firewall rules in. I want to say thanks to everyone for the help. The Dups seem to have stopped as well. This is my server Intel xeon Dual cpu 3.2ghz 6 gigs of ram with 500 gig scsi drives. I have almost 2000 email accounts on 3 domains and this box also does mail cleaning for a fourth. Thank you very much Kyle On Fri, 2008-05-23 at 10:50 -0700, Dairenn Lombard wrote: Hi Kyle, We have the same issue with our toasters. The long and short of it is, try to keep your total mail users under about 1,000 (this usually works out to about 100-200 domains). Anything over that, and you should deploy another mail server. When a remote SMTP server connects to your Qmail Toaster and delivers a message, it is timing out awaiting for Qmail to send back an acknowledgement it got your message, because, for some weird reason, Qmail waits until after simscan has finished processing (which itself is waiting for clamav and spamassassin to do the actual processing) before returning such an acknowledgement. Several other things can cause duplicates too like POP3 clients leaving a copy of mail messages on the server and then losing track of what it's already downloaded (a common scenario when the client has to go through a local anti-virus application on the mail user's computer). But also, bad .qmail files in the user's vpopmail directory can cause delivery to happen two times. That's easy to fix. What's not easy is taming spamassassin and clamav. We have had to do a lot of work--a lot more than I feel we should have had to for a proported out-of-the-box solution--to keep spamassassin and clamav from killing your mail server... First of all, throttle SMTP traffic with iptables to prevent excessive connections (and resultant spamd/clamd instances) in the first place: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m recent --set -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m recent --update --seconds 60 --hitcount 12 -j DROP (works in typical CentOS/RedHat /etc/sysconfig/iptables files) Then, SERIOUSLY change how spamd starts and runs: /var/qmail/supervise/spamd/run: #!/bin/sh exec /bin/nice --adjustment=20 /usr/bin/spamd -m 4 --max-children=2 --max-conn-per-child=15 -l -L -x -u vpopmail -s stderr 21 Tweak /etc/mail/spamassassin/local.cf: ok_locales all skip_rbl_checks 0 rbl_timeout 5 required_hits 5 report_safe 0 rewrite_header Subject ***SPAM*** use_pyzor 1 # Use for any MTA servers from which you want to trust will not spam you, such as another server in your # own network. # trusted_networks 127.0.0.1/18 # If you use Postini, uncomment this line: # trusted_networks 64.18.6.10 use_auto_whitelist 0 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_expire 1 bayes_expiry_max_db_size 18750 # Inserted to ignore all mail from Postini, if you use it, and pass it on unmodified # This should lessen our overall load. bayes_ignore_header X-pstn-levels Make sure to be running THE most current version of SpamAssassin and ClamAV (SpamAssassin in particular is exceedingly buggy, and they're constantly fixing it all the time). This may require you to install or upgrade a variety of perl modules (get comfortable with using CPAN). As for ClamAV? Well, here's what we do in /etc/clamd.conf: PhishingSignatures no PhishingScanURLs no ScanHTML no MaxScanSize 1M MaxFileSize 1M Changes to spamd or clamd configuration files need a svc -d and then svc -u from the /var/qmail/supervise directory (i.e., svc -d spamd). /var/qmail/control/concurrencyincoming is set to something reasonable for a 2.4GHz P4 with 1GB of RAM, 100 - concurrencyremote is 300 and concurrencylocal is 200 We set /var/qmail/control/databytes to 20 MB (this is industry standard anyway). Changing these files will require a HUP of qmail-smtpd (service qmail restart does this). We use the following simcontrol file (so that these files, if attached to incoming e-mail, don't even get delivered, saving clamd the trouble of even having to run): :clam=yes,spam=yes,spam_hits=12,attach=.ade:.adp:.app:.asd:.asx:.bas:.ba t:.bin:.chm:.cil:.cla:.class:.cmd:.com:.cpl:.crt:.csh:.dll:.dot:.email:. eml:.exe:.fxp:.hlp:.hta:.inf:.ins:.isp:.js:.jse:.ksh:.lnk:.mda:.mdb:.mde :.mdt:.mdw:.mdz:.mpe:.msc:.msi:.msp:.mst:.nws:.ocx:.ops:.pcd:.pif:.pl:.p m:.pot:.prf:.prg:.ps:.reg:.scf:.scr:.sct:.shb:.shm:.shs:.url:.vb:.vbe:.v bs:.vxd:.wmd:.wmf:.wms:.wmz:.wsc:.wsf:.wsh:.wsz:.xsl:.xlt:.xlw Be sure to run qmailctl cdb to rehash the simcontrol.cdb file. Finally, we've decided to not allow catch-all aliases. This has been the single
RE: [qmailtoaster] Load balancing
Hi Kyle, It's probably going to take a while for Qmail to hammer through its queue, and deal with everything that simscan still has to handle. You probably wont notice a difference for a few hours, or even tomorrow. regards, Dairenn Lombard Linux Engineer, Systems Administration Department BroadSpire, Inc. - Hosting | Colocation | Design -Original Message- From: Kyle Quillen [mailto:[EMAIL PROTECTED] Sent: Friday, May 23, 2008 1:01 PM To: qmailtoaster-list@qmailtoaster.com Subject: RE: [qmailtoaster] Load balancing Well all, After doing everything in here except the firewall rules and with the reordering of the RBL's server loads are 1.14, 1.37, 1.46. They seem to be staying that way consistently only time will tell though. If things kick up a little I will drop the Firewall rules in. I want to say thanks to everyone for the help. The Dups seem to have stopped as well. This is my server Intel xeon Dual cpu 3.2ghz 6 gigs of ram with 500 gig scsi drives. I have almost 2000 email accounts on 3 domains and this box also does mail cleaning for a fourth. Thank you very much Kyle On Fri, 2008-05-23 at 10:50 -0700, Dairenn Lombard wrote: Hi Kyle, We have the same issue with our toasters. The long and short of it is, try to keep your total mail users under about 1,000 (this usually works out to about 100-200 domains). Anything over that, and you should deploy another mail server. When a remote SMTP server connects to your Qmail Toaster and delivers a message, it is timing out awaiting for Qmail to send back an acknowledgement it got your message, because, for some weird reason, Qmail waits until after simscan has finished processing (which itself is waiting for clamav and spamassassin to do the actual processing) before returning such an acknowledgement. Several other things can cause duplicates too like POP3 clients leaving a copy of mail messages on the server and then losing track of what it's already downloaded (a common scenario when the client has to go through a local anti-virus application on the mail user's computer). But also, bad .qmail files in the user's vpopmail directory can cause delivery to happen two times. That's easy to fix. What's not easy is taming spamassassin and clamav. We have had to do a lot of work--a lot more than I feel we should have had to for a proported out-of-the-box solution--to keep spamassassin and clamav from killing your mail server... First of all, throttle SMTP traffic with iptables to prevent excessive connections (and resultant spamd/clamd instances) in the first place: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m recent --set -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -m recent --update --seconds 60 --hitcount 12 -j DROP (works in typical CentOS/RedHat /etc/sysconfig/iptables files) Then, SERIOUSLY change how spamd starts and runs: /var/qmail/supervise/spamd/run: #!/bin/sh exec /bin/nice --adjustment=20 /usr/bin/spamd -m 4 --max-children=2 --max-conn-per-child=15 -l -L -x -u vpopmail -s stderr 21 Tweak /etc/mail/spamassassin/local.cf: ok_locales all skip_rbl_checks 0 rbl_timeout 5 required_hits 5 report_safe 0 rewrite_header Subject ***SPAM*** use_pyzor 1 # Use for any MTA servers from which you want to trust will not spam you, such as another server in your # own network. # trusted_networks 127.0.0.1/18 # If you use Postini, uncomment this line: # trusted_networks 64.18.6.10 use_auto_whitelist 0 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_expire 1 bayes_expiry_max_db_size 18750 # Inserted to ignore all mail from Postini, if you use it, and pass it on unmodified # This should lessen our overall load. bayes_ignore_header X-pstn-levels Make sure to be running THE most current version of SpamAssassin and ClamAV (SpamAssassin in particular is exceedingly buggy, and they're constantly fixing it all the time). This may require you to install or upgrade a variety of perl modules (get comfortable with using CPAN). As for ClamAV? Well, here's what we do in /etc/clamd.conf: PhishingSignatures no PhishingScanURLs no ScanHTML no MaxScanSize 1M MaxFileSize 1M Changes to spamd or clamd configuration files need a svc -d and then svc -u from the /var/qmail/supervise directory (i.e., svc -d spamd). /var/qmail/control/concurrencyincoming is set to something reasonable for a 2.4GHz P4 with 1GB of RAM, 100 - concurrencyremote is 300 and concurrencylocal is 200 We set /var/qmail/control/databytes to 20 MB (this is industry standard anyway). Changing these files will require a HUP of qmail-smtpd (service qmail restart does