Results 1 to 10 of 10
  1. #1
    Join Date
    Jul 2005
    Location
    Kolkata, India
    Posts
    4

    Unhappy spamd overloading the server

    Hello people!

    I am a newbie who's still getting a feel of his Linux Box, and I have already run into a strange problem.

    I have a site which gives users high capacity mailboxes. There was a spam problem with the site sometime back, and so i enabled spamassassin. The spam problem was no more, but as my server has something round 200 mails in queue at any given time, spamassassin and it's child processes are eating up too much CPU and memory, and causing failures of several services.
    At times the server load goes to as much as >800 for a dual processor server

    As soon as i shut down spamassassin everything goes back to normal.

    Can anyone suggest any way to configure spamassassin so that it works more efficiently and still keeps the spam out ? I visited the spamassassin website and got a link related to the issue,
    with the following :

    Are you experiencing high system load or possibly swapping? Look at the number of children you have spawned, and compare that to the available memory (by default each child can use 20-30 megs of RAM). Depending on load you might find success in lowering the number of children that are spawned (see -m in the spamd documentation).
    Can anyone explain to me what this means? Maybe this is a stupid question, but like I said, I am still groping my way around..not really a pro.

    My Server details are as follows :

    Operating system Linux (Fedora)
    Kernel version 2.4.22-1.2199.nptlsmp
    Machine Type i686
    Apache version 1.3.33 (Unix)
    cPanel Build 10.2.0-RELEASE 82
    SpamAssassin version..umm..not sure..how do i check that ?

    Please tell me if there is some way to configure spamassassin to get round these issues and/or if there is an alternative software solution for this.

    Thanks in advance.

    Best Regards,
    kane

  2. #2
    Join Date
    Jan 2003
    Location
    Lake Arrowhead, CA
    Posts
    789
    Check your SA version by running "spamassassin -V"

    The best method is generally to block as much spam as possible using "passive" (RBL) methods before doing "active" content analysis. We block some networks at the firewall and use local IP blacklists to block about 75% of spam before it even gets to Spamassassin.

    Beyond that and general process optimization, your could also play with disabling some of spamassassin's more CPU intensive tests until you find a tradeoff between system performance and spam delivery levels.
    http://www.srohosting.com
    Stability, redundancy and peace of mind

  3. #3
    Join Date
    Apr 2005
    Location
    Sweden
    Posts
    241
    How are you invoking spamassassin? If its through procmail (probably not, but anyways...) its easy to set a limit so that only messages smaller than say 100k gets scanned. Spam emails are usually pretty small, i havent yet seen a spam email bigger than 100k (usually they are only a few k)

    Scanning big emails in spamassassin can easily bring it up to very high loads, since it tends to go quadratic based on size of the input.

    So if you get a lot of big emails look into setting a limit.

  4. #4
    Join Date
    Jul 2005
    Location
    Kolkata, India
    Posts
    4
    Thanks for the replies guys

    My basic problem is that I don't know how to properly configure Spamassassin. Actually the users don't mind if they receive spams.. the only concern was that users were sending spam. So maybe we should just scan the outgoing mails, and as suggested by The_Overl, scan only mails less than 100k.
    How do I specify these settings in spamassasin? I have heard about a user preference file, but I don't know where to save it or what to put inside it..
    Also what "CPU intensive tests" as suggested by SROHost should I watch out for ?

    Thx.

    Kane

  5. #5
    Join Date
    Jan 2003
    Location
    Lake Arrowhead, CA
    Posts
    789
    If you use "verbose" logging (sorry, you'll need to RTM ), the spamd.log log output will tell you what tests were run and how long it took to run them. I believe baysian filtering may be the most CPU intensive, but it can also block the most spam. There are many reasons Spamassassin might be slow and many depend on your specific server setup, but the most important "generic" considerations I know of are:

    - Make sure you're using the spamd daemon (stays running in memory) rather than running spamassassin separately for each connection. That should be the default install these days, but it depends on your MTA.

    - Use RBLs, firewall or other methods to block known spam IPs BEFORE feeding mail to spamassassin. The point being to reduce the number of messages you need to scan.

    - Once you get spamassassin configured, turn OFF verbose logging as it adds some overhead writing multiple lines to a log for every SMTP connection.



    Other things might depend on your specific server config. Check your system stats (top and ps output) with spamassassin running and see if the load is purely CPU use, swapping, disk i/o or something else. If you're running a server which sends and receives 1000 messages a minute, you'll need a lot of ram (probably a gig or more) available for spamassassin. Most people with that kind traffic run spamassassin on a dedicated server.
    http://www.srohosting.com
    Stability, redundancy and peace of mind

  6. #6
    If your using Cpanel, you could also enable the spamdconf under addon modules and limit your spamd child requests to 2 or 3 which would reduce the load on your server.

    I've got mine set to 2 and have not had any problems.

  7. #7
    Join Date
    Jul 2005
    Location
    Kolkata, India
    Posts
    4
    Hi ppl!

    thanks again for the replies.

    I have made sure of the following things :

    1. spamd is running as a daemon
    2. verbose mode was turned off.

    I limited the number of spamd childs to 2 as suggested by azimpact it gave some good results. the server is much more stable now, but still failures are occuring sometimes when the mail load is heavy.

    Is there a possible way to configure spamassassin so that only outgoing mails are scanned ? This is because most of the users in the mail server are paid-to-read-spam people, so there is a lot of incoming spam to start with which we donot need to filter, as the users have *meant* the server for this use. The only concern is to prevent the users themselves from spamming. Is that possible through a rule ?

    Thx.

    kane

  8. #8
    Join Date
    Dec 2002
    Location
    The Shadows
    Posts
    2,913
    You might want to move to a two server setup, one which does filtering and one that does delivery and sending. Could also look at using two mailservers and giving them the same MX. I believe DNS will load balance between the two...

    Another option is hardware load balancing.

    As for spamd scanning outgoing mails... I don't think it does that at all. I could be mistaken, but I believe spamassassin is more used to prevent incoming spam. There are better ways to prevent outgoing spam that spamassassin.
    Dan Sheppard ~ Freelance whatever

  9. #9
    Join Date
    Jul 2005
    Location
    Kolkata, India
    Posts
    4
    hi Daniel!

    could you please point me in the right direction as how can i prevent outgoing spam ?

    thx.

    kane

  10. #10
    Join Date
    Mar 2004
    Location
    Odessa, Ukraine
    Posts
    605
    use php mail header patch for discovery spammers or warper for sendmail.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •