Author: W B Hacker Date: To: exim users Subject: Re: [exim] server specs
Jean-Paul natola wrote: >
>> I have spent some time working with Barracuda 'spam' firewalls which
>> have this (or a lower) specification and they can easily handle quite a
>> lot of work (hundreds of domains, thousands of messages). Inside they
>> are just a Linux box running a couple of MTA's, clamav, amavis-new,
>
>
> More than one MTA on box?
>
>
>
> As you can probably tell, I'm not that well versed in the *nix world
>
>
>
> Is this possible with freebsd?
>
>
Any of the *BSD.
And essentially word-for-word as Ron described his filtering steps ...
A few stats for a 12+ month period:
64.8% of attempted connections are rejected while still in CONNECT phase
90.8% of attempted connections are rejected before reaching DATA phase.
ClamAV is vanilla.
SA is stripped of ANY test Exim could - and does - do first.
Of the arrivals that survive to call uppon either scanner....
9.2% of attempted connections ever reach DATA phase and are scanned,
.8% of attempted connections are rejected in DATA phase by SA scanning
3.3% of attempted connections are tagged or quarantined by SA as 'Suspect'
8.4% of attempted connections are actually delivered, 'possible' spam included
in that - but to one or more IMAP folders marked as 'Suspect'.
With aggressive blocking of zombots ClamAV sees a WinCrobe or phish only a few
times a *year*.
With hardware encrytion (VIA CPU) giving a roughly 20:1 advantage over not, and
the stripped SA invoked for less than 10% of offered connections there isn't
much load.
>
>
>
>> apache and spamassassin. Some are only 512k and cope very well.
>
>
> I was just looking at barracuda appliance, GULP 2k plus 500 yearly updates ouch
>
VIA C6 MB @ US$ 70. Twin 80 to 500 GB WD SATA on ATACONTROL, GMIRROR, or
SoftRAID are cheap. HK$ 1,300 1U case & PSU... typically 4 to 6 year component
life - HDD included, fans excluded. IPFW or PF has all one needs for clever
firewalling.
FreeBSD if you are hooked on raw speed, feature-heavy, Linux-like 'come play
with me' environment.
OpenBSD for 'JFW' fire-and forget with semi-annual sub-ten-minute updates.
Replace all fans every year or two just on principle.
Spend the savings in time, money, and sleep on interesting comestibles and
blanket-sharers.
Life is too damn short to drink bad wine, use unreliable gadgets, or sleep with
a bitchy partner.
>
>
>
>
>
>
> The one thing I REALLY like about the barracuda is the LDAP and the per user Quarentine ,
>
> is there anyway to accomplish this in opensource?
>
Done here with PostgreSQL. Done elsewhere with MySQL, SQLite, as well as LDAP,
DB, CDB - even flat-files. Per-domain, per workgroup, per-user - whatever.