Hi,
I made yesterday some mail stress tests - I found some perl script
that send defined count of emails. I sent 1000 emails and SA didn't
crashed. All 8 cores had 100% (this means that hyperthread is enabled
and mentioned one 100 CPU wasn't SA loading). Since crashing a few
days ago there are some changes that I made - message size that checks
SA was 1MB, I set it to 100kB (once a time we had spams that had
900kB) and decreased min-children from 15 -> 5.
Anyway - I'm aware about some disadvantages about dkim, spf or so.
But there are many admins, that has servers without reverse dns, many
mails is in html format etc and SA consider this emails as a spam.
This is a reason that we started using this test and publishing our
SPF policy and started DKIM signing. And SPF helped us too (many spams
are from "us" to "us" :) ).
Now I've the rules and scores tunned, the spams that passed thru
users sends me to our spam mailbox and often it is reported to
spamcop. And I check what caused passing thru. We've daily about 10000
- 15000 emails, spams coughted by SA are a few thousands, spams passed
thru are a few dozens as I can see by the spams sent to my spam
mailbox from users. Of course, some time spamers finds domains with
spf=+all or so :)
J.K.
Cituji Matus UHLAR - fantomas <[email protected]>:
On 04.04.13 14:09, Josef Karliak wrote:
we've one "collecting" smtp server (without SA), one antispam
server (SA and this server sends outgoing email1) and one email
server (cyrus imap server). We've about 3000 active email users -
here is a fast picture
http://www.ajetaci.cz/skola/epi/zumpa/rychle_zapojeni_firewall_antispam_email.png
So, when you accept mail from the net, you first collect it by an SMTP
server and then filter it out? I recommend the opposite, especially for
your case:
- receive mail from internet directly to server that can do spam and
recipient checks, so you can REJECT both mail to unknown users and the
spam at SMTP level
- receive mail from local users by te same server, so you can do the same
checks (at SMTP time)
- have one extra SMTP server for special users or special cases as this one,
that can accept all the mail and submit through mail hub, which will
either pass through main server or SA-scan after accepting the mail
(you may have to deal with undeliverable spam, backscatter etc)
- if you want special server for mailboxes (IMAP and POP3), if can receive
mail from the main server
About filtering email - when the scanned email has SPF, Domainkeys
or DKIM =="pass", I've some rules with SCORE "-10" or so, so the
email is trustworthy. Including ours.
Are you aware that the whole fact that mail passes SPF or DKIM checks tells
COMPLETELY NOTHING about its spamminess? they can be spam as well, and I do
NOT recommend using SPF for anything than positive scoring when the mail
FAILS those tests.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu,
zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and check. If you've problem with sending emails to me, start
using email origin methods mentioned above. Thank you.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
