Re: [exim] server specs

Pàgina inicial
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
A: exim users
Assumpte: Re: [exim] server specs
Jean-Paul natola wrote:
>
>> I have spent some time working with Barracuda 'spam' firewalls which
>> have this (or a lower) specification and they can easily handle quite a
>> lot of work (hundreds of domains, thousands of messages). Inside they
>> are just a Linux box running a couple of MTA's, clamav, amavis-new,
>
>
> More than one MTA on box?
>
>
>
> As you can probably tell, I'm not that well versed in the *nix world
>
>
>
> Is this possible with freebsd?
>
>


Any of the *BSD.

And essentially word-for-word as Ron described his filtering steps ...

A few stats for a 12+ month period:


64.8% of attempted connections are rejected while still in CONNECT phase

90.8% of attempted connections are rejected before reaching DATA phase.

ClamAV is vanilla.

SA is stripped of ANY test Exim could - and does - do first.

Of the arrivals that survive to call uppon either scanner....

9.2% of attempted connections ever reach DATA phase and are scanned,

.8% of attempted connections are rejected in DATA phase by SA scanning

3.3% of attempted connections are tagged or quarantined by SA as 'Suspect'

8.4% of attempted connections are actually delivered, 'possible' spam included
in that - but to one or more IMAP folders marked as 'Suspect'.

With aggressive blocking of zombots ClamAV sees a WinCrobe or phish only a few
times a *year*.

With hardware encrytion (VIA CPU) giving a roughly 20:1 advantage over not, and
the stripped SA invoked for less than 10% of offered connections there isn't
much load.

>
>
>
>> apache and spamassassin. Some are only 512k and cope very well.
>
>
> I was just looking at barracuda appliance, GULP 2k plus 500 yearly updates ouch
>


VIA C6 MB @ US$ 70. Twin 80 to 500 GB WD SATA on ATACONTROL, GMIRROR, or
SoftRAID are cheap. HK$ 1,300 1U case & PSU... typically 4 to 6 year component
life - HDD included, fans excluded. IPFW or PF has all one needs for clever
firewalling.

FreeBSD if you are hooked on raw speed, feature-heavy, Linux-like 'come play
with me' environment.

OpenBSD for 'JFW' fire-and forget with semi-annual sub-ten-minute updates.

Replace all fans every year or two just on principle.

Spend the savings in time, money, and sleep on interesting comestibles and
blanket-sharers.

Life is too damn short to drink bad wine, use unreliable gadgets, or sleep with
a bitchy partner.

>
>
>
>
>
>
> The one thing I REALLY like about the barracuda is the LDAP and the per user Quarentine ,
>
> is there anyway to accomplish this in opensource?
>


Done here with PostgreSQL. Done elsewhere with MySQL, SQLite, as well as LDAP,
DB, CDB - even flat-files. Per-domain, per workgroup, per-user - whatever.

Lowly VIA CPU still* doesn't break a sweat.

Best,

Bill