Re: exim or postfix

To: Craig Sanders <cas@taz.net.au>
Cc: debian-isp@lists.debian.org
Subject: Re: exim or postfix
From: John Goerzen <jgoerzen@complete.org>
Date: Fri, 12 Nov 2004 08:24:57 -0600
Message-id: <[🔎] 20041112142457.GC10273@excelhustler.com>
In-reply-to: <[🔎] 20041112064717.GO4592@taz.net.au>
References: <[🔎] 418D944C.2030900@rcrcomputing.com> <[🔎] 200411111603.22752.mark@easymailings.com> <[🔎] slrncp7m70.orh.jgoerzen@christoph.complete.org> <[🔎] 20041111220440.GM4592@taz.net.au> <[🔎] slrncp8hi2.rfe.jgoerzen@christoph.complete.org> <[🔎] 20041112064717.GO4592@taz.net.au>

On Fri, Nov 12, 2004 at 05:47:17PM +1100, Craig Sanders wrote:
> On Fri, Nov 12, 2004 at 05:12:34AM +0000, John Goerzen wrote:
> i like the way it works.  makes it easy to model the flow of mail from
> component to component.

On the other hand, it introduces complexity into the system.  It's a lot
easier for me to write a plug-in for an Exiscan-acl filter (I could just
accept a message on stdin and indicate my desires by an exit code, or my
output, or whatever) than to write one for Postfix.  For Postfix, I have
to be a daemon, and one that speaks SMTP as both a client and a server
at that.

> btw, if setting up a chain of filters, you don't need to loop it through postfix
> each time.  

True.

> > The only featureful free software filtering system for Postfix that I've
> > seen in Amavis.  And it sucks too.  Slow, unreliable, a huge memory hog,
> > leaves files all over on the disk, etc, etc, etc.
> 
> again, i like it (amavisd-new, that is).  it is a bit of a memory hog (SA is
> *much* worse), but it's not unreliable and it doesn't leave files all over the
> place, it uses /var/lib/amavis and cleans up after itself.  speedwise, it's not

I've had a lot of trouble with Amavis.  And BTW, when I say Amavis, I am
speaking about amavis, amavis-new, or amavis-ng collectively.

I had to write a little cron job for my server that goes and cleans up
the files it leaves behind from virus scanning.

If the Internet is down, the whole thing freaks out.  Amavis will sit
there waiting for spamassassin to do its thing.  Postfix will time out,
and keep trying to call Amavis later.  Meanwhile, Amavis will finally
deliver the message (or not).  Lots of duplication.

I've also had a lot of trouble on upgrades to Amavis related to Perl
versions and the like.  It's had some serious "silently drops all mail"
type bugs before.

I will grant that once it starts up and is working OK, it doesn't crash.

> too shabby - insignificant time overhead compared to the time taken by SA or
> even clamav.
> 
> > That said, exiscan-acl is a lot faster than postfix+amavis on my system.
> > Maybe it's because it uses about 500k of memory with a C program instead
> > of 40MB of memory wiht a Perl program, or because it doesn't have to
> > incorporate a full SMTP server, dunnno.
> 
> if you use SA with it, though, it still ends up using that 40MB per process.

root       262  0.0  2.0 25604 3900 ?        Ss   06:22   0:03
/usr/sbin/spamd -c -m 10 -d --pidfile=/var/run/spamd.pid

3.9MB here :-)

> the nice thing about amavis is that you tell it to pre-fork as many processes
> as you think you'll need (adjust according to empirical observation) and you avoid
> the overhead of starting up perl and compiling SA for every message.
> 
> dunno if exiscan-acl does something like that - i'd guess that it does because
> it is an obvious optimisation.  either way, whether pre-forked or not, each SA
> process uses that much memory, and takes the same amount of time to run all
> it's checks.

Exiscan prefers to operate by communicating with spamd and clamd
daemons.  That way, you get all those benefits, but exiscan itself
doesn't have to embed a large Perl program in its process.

> i could probably get away with having SA checks during the SMTP stage.  but I
> agree with Wietse's attitude that a system that only works some of the time is
> fundamentally broken.  by doing content-filtering later and DISCARDing messages
> with scores over 13.0, i get pretty close to the same benefit without any of
> the risk.

Yeah, I could see that.  OTOH, observation has shown that, under even
high load, I can spam and virus check every message in about 2 seconds.
Plus, I have Exim configured to queue only once my load exceeds 2.5
(meaning that incoming messages are scanned, then queued for the next
queue run, rather than being delivered immediately), which means that
load never gets much above that.  (Mail is really the only thing on my
server that generates load)

[ snip ]

> > >    4779	User unknown
> > 
> > I am stunned at how many attempts I get to send mail to non-existant
> > accounts, too.
> 
> spammers sell their lists based on the number of addresses.  they don't care if
> the addresses they are selling actually exist.

One theory I had for my situation is that I just turned off my backup
MX.  If they really were always targeting it, it would have accepted
every message, so they would have thought every address was a real one.

However, you seem to have blown that theory. :-)

-- John

Reply to:

References:
- exim or postfix
  - From: Rodney Richison <rodney@rcrcomputing.com>
- Re: exim or postfix
  - From: Mark Bucciarelli <mark@easymailings.com>
- Re: exim or postfix
  - From: John Goerzen <jgoerzen@complete.org>
- Re: exim or postfix
  - From: Craig Sanders <cas@taz.net.au>
- Re: exim or postfix
  - From: John Goerzen <jgoerzen@complete.org>
- Re: exim or postfix
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: Re: exim or postfix
Next by Date: Looking for a network sniffer that collects a used-ports list to help preparing a portfilter firewall script
Previous by thread: Re: exim or postfix
Next by thread: Re: exim or postfix
Index(es):
- Date
- Thread