On 2/8/06, Derrick MacPherson <dmacpher@???> wrote:
> > I'm running Exim 4.52 with SA 3.1 and Clamav 0.87 on a machine with
> > only 256MB RAM quite happily, albeit with some careful limitations on
> > the number of SA child processes.
>
> would you share with me on what your settings are? Thanks.
Derrick,
I'm running spamd with "-m 3" so it will only create three child
processes. Then in exim.conf, I've got the following settings to
prevent the system getting swamped:
queue_only_load = 10
deliver_queue_load_max = 12
and then in my data ACL, I limit the sizes of messages to pass to Clamav and SA:
# Accept any message greater than 5MB - we don't want to virus scan anything
# too big
accept condition = ${if >{$message_size}{5242880}{1}{0}}
deny message = This message contains malware ($malware_name)
malware = *
warn message = X-Scanned-By: Clamav on mail.cambridgetechgroup.com
# Accept any message greater than 250K - we don't want to put anything to big
# through SpamAssassin
accept condition = ${if >{$message_size}{262144}{1}{0}}
# Also accept anything generated locally
accept hosts = +relay_from_hosts
# put headers in all messages (no matter if spam or not)
warn spam = mail:true/defer_ok
message = X-Scanned-By: SpamAssassin on mail.cambridgetechgroup.com\n\
X-Spam-Score: $spam_score\n\
X-Spam-Bar: $spam_bar\n
# reject spam at high scores (> 10)
deny message = This message appears to be spam (score: $spam_score,
subject: \"$h_Subject:\")
condition = ${if >{$spam_score_int}{100}{1}{0}}
warn log_message = SpamAssassin score: $spam_score
# add second subject line with [spam x.y] marker when message
# is over threshold - the system filter will replace the original subject
# line with this one later
warn message = X-Local-NewSubject: [spam $spam_score] $h_Subject:\n\
X-Spam-Report: $spam_report
condition = ${if >{$spam_score_int}{50}{1}{0}}
#log_message = Message marked as spam (score: $spam_score)
I also use Unix rather than TCP sockets for both Clamav and SA -
whether this makes any difference, I don't know.
This has worked fine for me, and avoided things going into swap.
Before I added these limits large influxes of mail would start
thrashing the swap and the box would die horribly.
Cheers,
John