OT: Re: How many people to admin a Cyrus system?
Ian G Batten
ian.batten at uk.fujitsu.com
Tue Nov 13 10:12:13 EST 2007
On 13 Nov 07, at 1335, Adam Tauno Williams wrote:
>> 3. Can't handle high load very well, in fact it handles load
>> horribly.
>
> I have a friend who works at a small shop who reports exactly the same
> issue with Zimbra, s..ll...ooo..wwww...
>
>> 3) ClamAV. Do note how much email I said we dealt with a minute. We
>> didn't get a great deal of email. Maybe 2000 email a day? Not
>> overly
>> much. However as the ClamAV database would grow, if you restarted
>> ClamAV or Zimbra eventually it would take too long for ClamAV to
>> start
>> and would not listen on the port assigned and would make mail fail to
>> deliver. (Ouch huh?)
>
> In defense of CLAMAV I can say that we run it on our SMTP server
> (not on
> the IMAP or groupware server which seems like a bad idea). It works
> well and is pretty stable. If your CLAMAV was causing you this
> problem
> then Zimbra must have boloxed the setup or you just had a bad version.
Clamav-milter works very well for sendmail shops, without any amavis
involvement at all. The slow startup bug is an artefact of one
particular release: it now comes up in about 15 seconds. Once it's
running it's perfectly rapid enough to cope with our complete
internal load. clamd-milter can do the parsing of archives,
breaking up of MIME etc at least as well as amavisd.
If you don't have an equivalent to clamav-filter for your MTA of
choice, then you need to make sure that you start clamd, and then
pass the material to be scanned with clamdscan (note the d). clamd
will need to be running as a user that can read the temporary files,
because the best way to use clamd is to pass filenames over the
AF_UNIX domain socket.
We in fact run clamav-milter with its built-in clamd support, for
reasons I can't offhand remember. So we fire up clamd, then clamav-
milter, then clamav-milter passes temporary files to clamd.
If you have to use amavisd, make sure you tell it to use clamdscan
rather than clamscan. The latter does indeed take 10 seconds to fire
up.
clamd likes large pages, Solaris fans.
Our milter startup script: there is some local stuff in there.
#!/bin/sh
case "$1" in
start) mv /var/clamav/clamd.log /var/clamav/clamd.log.old
LD_PRELOAD=mpss.so.1
MPSSHEAP=4M
MPSSSTACK=64K
export LD_PRELOAD MPSSHEAP MPSSSTACK
newtask -p clam /usr/local/sbin/clamd
attempt=1
sleep=5
while [ $attempt -lt 5 ]; do
if /usr/local/bin/clamdscan /etc/termcap; then
break
else
attempt=`expr $attempt + 1`
sleep=`expr $sleep + 5`
echo sleeping for $sleep seconds, attempt $attempt
sleep $sleep
fi
done
# --postmaster=igb at ftel.co.uk \
# --postmaster-only \
newtask -p milter /usr/local/sbin/clamav-milter \
--dont-blacklist=`/usr/local/bin/fujitsuhosts` \
--noreject \
--dont-wait \
--local \
--outgoing \
--quiet \
--external \
--pidfile=/var/clamav/milter.pid \
--whitelist-file=/etc/mail/clamav-whitelist \
inet:2010
newtask -p spam /usr/perl5/bin/spamd -s local6 -u spamd -x -d
--pidfile=/var/run/spamd.pid
su spamd << \ZZZ
newtask -p milter /usr/local/sbin/spamassassin_milter -p inet:
2002 &
ZZZ
newtask -p milter /usr/local/sbin/mailarchive -u archive -p
inet:4001
newtask -p milter /usr/local/sbin/spamtrap -u spamtrap -p inet:
4000
;;
stop) for i in /var/clamav/milter.pid /var/run/spamd.pid; do
test -f $i && kill `cat $i`
done
pkill -u spamd
pkill -u clamav
pkill -u archive
pkill -u spamtrap
;;
esac
More information about the Info-cyrus
mailing list