Look for opinions: Best Email server w/ virtual domain and anti-spam functionaliy?
Hello, In the past 4 years we have tried using both Postfix and Qmail, several different virtual-domain packages, and spam assassin. We handle many different domains for our customers so virtual domain support is an absolute requirement, this goes for the pop3 side as well as the MTA side. Recently we have had to shut spam assassin off of our qmail server because it was running the load average so high that it was ceasing to function properly. So what I'm looking for is opinions on what the best combination of packages is that will provide at least the following functionality without running our mid-range hardware to the ground. I'm willing to consider anything, even commercial options. 1. Virtual domain support (have to be able to email users of the same user name at many different domains, i.e. john@abc.com, john@123.com, john at def.com, etc). 2. Anti-spam software. This needs to be somethign effiecient - python and perl-based options that grind business to a halt are not good. 3. pop3 access Other highly-desireable features that aren't absolutely required: Some good way to provide smtp for dynamic clients - pop-before-smtp or smtp authentication - cannot be IP based. Thanks -- ---------------------------------------------------- Jonathan Wilson Cedar Creek Software http://www.cedarcreeksoftware.com
JW wrote regarding '[SLE] Look for opinions: Best Email server w/ virtual domain and anti-spam functionaliy?' on Thu, Sep 09 at 16:44:
Hello,
In the past 4 years we have tried using both Postfix and Qmail, several different virtual-domain packages, and spam assassin.
We handle many different domains for our customers so virtual domain support is an absolute requirement, this goes for the pop3 side as well as the MTA side.
Recently we have had to shut spam assassin off of our qmail server because it was running the load average so high that it was ceasing to function properly.
So what I'm looking for is opinions on what the best combination of packages is that will provide at least the following functionality without running our mid-range hardware to the ground. I'm willing to consider anything, even commercial options.
1. Virtual domain support (have to be able to email users of the same user name at many different domains, i.e. john@abc.com, john@123.com, john at def.com, etc).
2. Anti-spam software. This needs to be somethign effiecient - python and perl-based options that grind business to a halt are not good.
3. pop3 access
Other highly-desireable features that aren't absolutely required:
Some good way to provide smtp for dynamic clients - pop-before-smtp or smtp authentication - cannot be IP based.
Personally, I'd stick with postfix (or qmail). It sounds like you just need a more efficient anti-spam setup. With my postifx install, I have a bunch of regular expression header checks that block lots of stuff before it ever gets queued. That helps some. Then, I run spamd on a seperate machine (the DNS server, typically, since it's not doing much else). That takes the spam checker load off of your mail machine. You could pretty easily set up a simple round-robin spamd hostname with a couple of machines running spamd and sharing configuration stored in mysql / NFS mounts. That's kinda what I do at home. I don't have a huge email load, but a 486 machine handles all of my incoming mail (it's 5PM and I've done about 5000 messages since 9AM today) with spamd running on an old dual celeron machine. Load averages are around 0.1 or so most of the time, with the scanning taking less than 1 second for most messages. If you distribute that across a couple of machines, you could handle >120 messages/minute on this old hardware that costs almost nothing to buy... Or, find another antivirus/spam scanner. They're all gonna slow thngs down, though, so you may as well just set up multiple MTAs with their own spamd and get the redundancy + speed increase from cheap hardware. --Danny, setting up a third MTA at work tomorrow - to take some of the load
JW, We use CommunigatePro (proprietary, but cheap) with SpamAssassin. Communigate is fast and rock-solid if a bit no-frills, and supports the features you've mentioned. While SpamAssassin is open source and very sophisticated, it has one problem that has caused us a lot of difficulty: all spam processing is done entirely in RAM, with no ability to swap to disk if the server gets slammed. -- Josh Berkus Aglio Database Solutions San Francisco
Josh wrote regarding 'Re: [SLE] Look for opinions: Best Email server w/ virtual domain and anti-spam functionaliy?' on Thu, Sep 09 at 21:18:
JW,
We use CommunigatePro (proprietary, but cheap) with SpamAssassin.
Communigate is fast and rock-solid if a bit no-frills, and supports the features you've mentioned. While SpamAssassin is open source and very sophisticated, it has one problem that has caused us a lot of difficulty: all spam processing is done entirely in RAM, with no ability to swap to disk if the server gets slammed.
SA doesn't do anything to lock itself in physical RAM. If the server's under high load and SA is scanning lots of messages, then the kernel can't very well swap it out, since SA will be receiving most of the available time slices. I'm not sure how the processing would work outside of RAM, anyway. What's it gonna do - write a file and then read the file off of the disk several times? :) If the memory usage is a problem, it'd probably be a good idea to take some of the rulesets out (or, more likely, look at other processes running on the same machine / install mroe memory). Get rid of the sets that rely on network connections (like the RBL lists) to speed the thing up. --Danny
The Friday 2004-09-10 at 13:10 -0500, Danny Sauer wrote:
Communigate is fast and rock-solid if a bit no-frills, and supports the features you've mentioned. While SpamAssassin is open source and very sophisticated, it has one problem that has caused us a lot of difficulty: all spam processing is done entirely in RAM, with no ability to swap to disk if the server gets slammed.
SA doesn't do anything to lock itself in physical RAM. If the server's under high load and SA is scanning lots of messages, then the kernel can't very well swap it out, since SA will be receiving most of the available time slices. I'm not sure how the processing would work outside of RAM, anyway. What's it gonna do - write a file and then read the file off of the disk several times? :)
The trick is to throttle the mail being sent to SA; you can limit the number of local mail delivery processes postfix opens (assuming that SA is called from there), so that you don't have more than a certain number of SA processes running. I assume qmail has a similar adjustment. If you don't limit that number, you may end having hundred of SA processes (one per mail), using all ram available and swapping to disk when ram is spent. This does effectively grind any mail to the ground on its knees. If you limit the number of processes, mail will simply be spooled and wait. It is fact much faster. -- Cheers, Carlos Robinson
On September 9, 2004 03:43 pm, JW wrote:
Hello,
In the past 4 years we have tried using both Postfix and Qmail, several different virtual-domain packages, and spam assassin.
We handle many different domains for our customers so virtual domain support is an absolute requirement, this goes for the pop3 side as well as the MTA side.
Recently we have had to shut spam assassin off of our qmail server because it was running the load average so high that it was ceasing to function properly.
You can put SpamAssassin on a separate server, which should fix your problem. Are you using spamd/spamc? That should take care of the startup overhead, after that Perl should slow things down too bad. I don't know of a better Anti-Spam system though. Chris
Thanks
-- ---------------------------------------------------- Jonathan Wilson Cedar Creek Software http://www.cedarcreeksoftware.com
-----Original Message-----
From: JW
Recently we have had to shut spam assassin off of our qmail server because it was running the load average so high that it was ceasing to function properly.
So what I'm looking for is opinions on what the best combination of packages is that will provide at least the following functionality without running our mid-range hardware to the ground. I'm willing to consider anything, even commercial options.
Communigate Pro Messaging Server at www.stalker.com has a commercial package that is easy to setup, has support and runs on most platforms. Ken
On Thu, 09 Sep 2004 20:02:19 -0400, you wrote:
-----Original Message----- From: JW
To: suse-linux-e@suse.com Date: Thu, 9 Sep 2004 16:43:08 -0500 Subject: [SLE] Look for opinions: Best Email server w/ virtual domain and anti-spam functionaliy? Recently we have had to shut spam assassin off of our qmail server because it was running the load average so high that it was ceasing to function properly.
FWIW, I've found postfix to be MUCH faster and less resource intensive that either sendmail or qmail (I tried all 3). Spamassassins requirements have much to do with the options that you have configured, which version of spamassassin, and exactly how you're trying to do things. For example, using postgres or mysql for user settings and black/white/grey lists speeds things up while reducing memory footprint. Rulesets also have a direct impact on processing speed as well as memory footprint. The speed and congestion of your pipe also impact spamassassins speed if you're using any of the DNSRBLs, pyzor, razor, DCC, and so on. How are you running spamassassin, what virus testers, and so on? I'm using the most recent amavisd-new and have noticed that the speed has increased since 2 versions ago by around 12% on the same hardware. Unless it's an artifact of a new kernel or something, but still... And clam and f-prot are both run against any incoming binaries - those speeds have been pretty constant for the last year, as near as I can tell. Spamassassin 3.0 adds an enormous amount of functionality while reducing memory requirements AND increasing speed, but it's currently in pre4 so I don't know if you want to try it just now. I'm on pre3 here & now and my mail server isn't even breaking a sweat on a message every 8 seconds (roughly), on a _very_ heavily loaded P4 with a gig of ram. You don't mention anything concrete in your message - number of users, available memory, observed processing speed, etc., so it's not easy to offer a concrete recommendation. Mike- -- If you can keep your head while those around you are losing theirs... You may have a great career as a network administrator ahead! -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
participants (7)
-
Carlos E. R.
-
Chris Cameron
-
Danny Sauer
-
Josh Berkus
-
JW
-
Ken Schneider
-
Michael W Cocke