Re: [Exim] Using Exim on a large volume fallback MX

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: copito
CC: exim-users
Subject: Re: [Exim] Using Exim on a large volume fallback MX
copito@??? said:
> To give you some idea of the numbers, our current fallback MX
> processes around 400k unique messages a day. Currently (off peak) we
> have several queues with a total of 80k messages (1.5 GB). Our
> current hardware is a Sun E3000 with 4 CPUs and 1.5GB of RAM with
> queues on a Netapp 630 filer.


Not a cheap config :-)

> Of main interest to us is whether the split_spool_directory will be
> enough to balance the queues (ideally fewer than 4000 files per
> directory) , and what options there are for adding additional flushing
> queues.


For a fallback system, split_spool_directory should balance out pretty
evenly... bursts of traffic would however tend to go into a single
directory.

Personally, I would tend to use multiple commodity boxes for this
rather than the big iron.

For spam (generation) prevention I'd suggest:-

  1. Lock down your dialups.  Dialups do not need to send direct SMTP
     so either block them from doing so, or redirect them using
     some form of layer 3 redirection to your mail server.
     If people can send mail out without hitting your mail servers
     then you are going to be a spam source.


  2. System protection.    Use the number of smtp sessions control
     functions in exim to prevent one idiot DOSing your servers
     by using hundreds of SMTP sessions


  3. Traffic analysis.  Its reasonably easy to write a real time
     log analysis tool (I did it in perl) which sits on the exim
     log and watches for high traffic from one sender (ip).
     You then mark that IP as blocked and deal with the messages
     in the system filter.  Putting the exim settings so that
     multiple messages in a session are queued helps.


There are a few other things you can do but this has worked well in a
previously built system. The one thing you need to do is control the
dialups - otherwise all you can do is play whack-a-mole with the
spammers.

    Nigel.
-- 
[ Nigel Metheringham           Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]
[ - Comments in this message are my own and not ITO opinion/policy - ]