I think this is interesting because of the way I'm doing the virus
check: I'm using a pipe transport to cause a bounce if anything is
wrong with the message, but if everything is OK the message gets
discarded -- except that the shadow transport passes it back to
Exim for further processing. However the spec isn't entirely
clear about whether this is reliable, so consider it a toy for
now.
This setup is reasonably good at dealing with variable load. One
of the problems with Exiscan is that the best way of ensuring
that your machine doesn't get overloaded is to have a fairly low
smtp_accept_max (e.g. my 266MHz test box can't cope with more
than three). This depends on the rest of the world having good
retry behaviour -- or another box to keep a queue in front of the
scanning box.
I've restricted the number of CPU-intensive processes that run
symultaneously by keeping smtp_accept_queue and queue_run_max
very low -- the expected load from that should be two or three.
If the load gets too high we take measures to reduce it. Note
that it's quite easy to combine the virus_check_done and
do_spam_check transports into one, but this reduces the
effectiveness of queue_only_load by always running both heavy
programs.
Any comments or suggestions are welcomed...
Tony.
--
f.a.n.finch <dot@???>
http://dotat.at/
SOUTH UTSIRE: NORTHWEST VEERING EAST OR SOUTHEAST 4 OR 5 DECREASING 3. RAIN
THEN SHOWERS. MODERATE OR GOOD.
# abandon queue run at this load
deliver_queue_load_max = 4
# don't do immediate deliveries above this load
queue_only_load = 3
# number of symultaneous queue runners
queue_run_max = 2
# queue if more than this number of connections
smtp_accept_queue = 1
# don't accept smtp connections above this load
smtp_load_reserve = 10
begin routers
to_virus_check:
driver = accept
transport = do_virus_check
senders = !:
condition = ${if!match{$received_protocol}{scanned.*}{yes}{no}}
to_spam_check:
driver = accept
transport = do_spam_check
condition = ${if!match{$received_protocol}{scanned_virus}{no}{yes}}
begin transports
do_virus_check:
driver = pipe
batch_max = 1000
return_output
command = /etc/exim/uvscan-wrapper
shadow_transport = virus_check_done
virus_check_done:
driver = pipe
batch_max = 1000
use_bsmtp
command = /usr/local/sbin/exim -bS -oMr scanned_virus
do_spam_check:
driver = pipe
batch_max = 1000
use_bsmtp
command = /usr/local/sbin/exim -bS -oMr scanned_spam
transport_filter = /usr/local/bin/spamc
