Re: postfix, spamassassin and spam ~ blocking cable and adsl modems

To: debian-isp@lists.debian.org, thing@katrina.thing.dyndns.org
Subject: Re: postfix, spamassassin and spam ~ blocking cable and adsl modems
From: Russell Coker <russell@coker.com.au>
Date: Sun, 8 Aug 2004 23:02:33 +1000
Message-id: <[🔎] 200408082302.33789.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 1091836314.1494.36.camel@kaitan>
References: <[🔎] 1091836314.1494.36.camel@kaitan>

On Sat, 7 Aug 2004 09:52, Steven Jones <thing@katrina.thing.dyndns.org> wrote:
> We seem to be, being hit with in excess of 12,000 spam emails per day
> from adsl and cable modems in the US alone. Then we get brute force
> attacked....the server at times gets somewhat stretched...
>
> What would ppl suggest it the most efficient way to block such
> addresses?

If you use some DNSBL services you can block access from dial-up and broadband 
customer IP addresses without blocking mail servers.  Below is the list of 
DNSBL and RHSBL services that I have one one of my machines.

smtpd_client_restrictions = permit_mynetworks, 
reject_rbl_clientbl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, 
reject_rbl_client list.dsbl.org, reject_rbl_client cbl.abuseat.org, 
reject_rbl_client dnsbl.njabl.org, reject_rbl_client sbl.spamhaus.org, 
reject_rbl_client relays.ordb.org, reject_rhsbl_client rhsbl.sorbs.net, 
reject_rhsbl_client dsn.rfc-ignorant.org, reject_rhsbl_client 
postmaster.rfc-ignorant.org

> The goal here is to minimise disk i/o as that is the item being
> stretched, iostat -x 5 shows over 450% utilisation.....delays are geting
> to 4+ hours...and they bitch if its over 5 minutes....

Putting some of that iostat output as a text attachment to your email would 
really help us advise you about this (NB don't paste it into your email as 
the lines are too long and will get munged).

> I have 4 cpu's and spare capacity on these and I am only using 2.5 gig
> out of 4gig of ram so have spare here....the box only processes incoming
> smtp only, outgoing takes another route.....

The spare RAM will be cache, so most likely your machine is doing few disk 
reads and it's entirely bottlenecked on disk writes when it's running.

If you mount all your file systems with the noatime option then you may save 
5% or 10% of your disk access.

Configure syslogd to use the "-" option for most (if not all) log files to not 
use synchronous writes.  Every email gets several lines in the syslog and you 
don't want them to all be written synchronously.

> At present I am running ext3 on the logging and spool directories but
> considering reiserFS, a good idea?
>
> Also I am aiming to get more disks as I ahve only 2, so I can either
> raid 0 over the 3 new disks or split the queues....to 3 disks, which
> might be better?

Don't use RAID-0, it increases the probability of data loss through disk 
error.  A hardware RAID-5 over the 5 disks will give better write performance 
if you have a battery-backed write-back cache on the RAID controller (the 
cheap ones don't).

> Would a scsi hwraid based cache controller be worth it?

Yes.

If you mount your Ext3 file systems with "data=journal" and have external 
journals on a separate disk then you may get really good performance.

Usually the lower block numbers of a disk are mapped to the outer tracks and 
have a higher data transfer rate (use the zcav program in my Bonnie++ package 
to test this).  So you could have the main file systems for storing the data 
on one pair of disks in a RAID-1 array and the external journals for those 
file systems on the fastest part of another pair of disks in a separate 
RAID-1.  If you have a pair of disks used for nothing but journals (which 
will probably take <100M of disk space) then the seeks should all be very 
short which will give a fast access time.

http://www.umem.com/PCINVRAMCARDS.html

An even better option might be to use non-volatile RAM storage devices.  Above 
is the URL for a company that makes PCI cards that have non-volatile storage.  
These cards can handle reads and writes at PCI bandwidth (four times faster 
than any hard disk even with 32bit PCI) and with no seek time (hard disks can 
only do about 100 seeks a second while the umem cards should do 50,000 or 
more depending on the size of the data blocks).

I don't know whether the Linux drivers for umem cards work with the latest 
hardware, you would have to check with them.

Also umem cards aren't particularly expensive.  Last time I got a quote the 
high-end cards were only about $700US.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- postfix, spamassassin and spam ~ blocking cable and adsl modems
  - From: Steven Jones <thing@katrina.thing.dyndns.org>

Prev by Date: Re: IIS worms and apache
Next by Date: Re: postfix, spamassassin and spam ~ blocking cable and adsl modems
Previous by thread: postfix, spamassassin and spam ~ blocking cable and adsl modems
Next by thread: Re: postfix, spamassassin and spam ~ blocking cable and adsl modems
Index(es):
- Date
- Thread