SpamAssasin, ClamAV and memory

We have a couple of busy servers here, one with 500 mailboxes and another with 700. Both have ClamAV daemon, freshclam and SpamAssasin. We find that if we have to bring the servers down for any reason and they are for more than an hour, the mail load when they come back on just crushes the CPU. We've found that if we turn SpamAssasin off the problem subsides. Is there a better way to set up mail scanning for this type of situation?
A somewhat related question: is there a rule of thumb for how much memory I should allocate to these boxes? We are running these as LAMP servers on a VMWare host. They have about 20 lightly used MySQL databases each. The server with 500 mailboxes has 143 virtual servers and the one with 700 has a single virtual server. I currently have the 700 mailbox one at 4GB and the 500 mailbox one at 2GB.

Status: 
Active

Comments

Howdy -- yeah, SpamAssassin can be CPU intensive, but there are some settings that can assist with that.

If you look in Email Messages -> Spam and Virus Scanning, what is "SpamAssassin client program" set to?

It is set for the Client for SpamAssassin filter server spamd

Ah, unfortunately, it looks like you're already using the option that uses the least CPU.

Do you happen to have another server available?

If so, you could use a separate system for running the SpamAssassin daemon process. That one instance may even be able to act as the spam server for both of your servers.

That would make that one SpamAssassin server take the majority of the load, and not slow down your primary servers.

You can also do the same thing with ClamAV -- it can run on that same remote server.

There's instructions on setting that up here:

http://www.virtualmin.com/documentation/email/spam-av

That's a good idea. I will take a look at the doc you sent. Does 4GB sound like the right number for a busy mail server with virtualmin?

For email, RAM isn't likely to be the problem you're having. 4GB of RAM should be plenty... and adding more RAM isn't likely to handle email processing better. I suspect disk IO will be one of the larger bottlenecks that you're running into.

RAM can help other things though -- such as allowing MySQL to use more RAM, or allowing you to enable memcache, But those would be for website performance, moreso than email performance.

That said -- I'd suggest running "free -m", and verify that you aren't using any swap space (or at least, that there's plenty of RAM either free or cached -- cached RAM is as good as free). If you have plenty of RAM free or cached, that suggests that adding more won't provide much benefit.

I'd like to try running spamassassin on a second server, to offload the cpu a bit. I have another very quiet production server which is also running spamc. Can I use that server to scan for itself and the other server? It wasn't clear in the documentation above if I could do that.

Sure, a SpamAssassin server can scan emails both on it and from other servers.

All you're doing is enabling SpamAssassin to be contacted from remote servers, you're not disabling the ability for it to scan emails originating on the server it resides on.

Ok, I'll give that a go.

We tried our server move again and again the cpu was crushed by the mail load from 800 boxes. I think we are discovering that you can not restore a server over the top of a previous restoration or an existing server because it duplicates all the mail. Do you recommend deleting the old domain before you do a restore? I had assumed that a restore would remove the mail existing on the server and then copy over the backup. We had people tell us that the got 800 messages they already have deleted in the past so it seems that the mail was the sum total of the mail on the server and the mail in the backup. Can you confirm this? I thinkthe cpu was crushed this time because all those boxes were download large quantities of duplicate mail. The other possibility is that the webmail clients see the old mail as new and download it again. Any guidance here would be appreciated.

A restore doesn't delete any existing files, it would just overwrite them if they already exist.

If that's a problem of any sort, you can delete the files in the homedir, or even the full domain, prior to performing the restore.

That's a good idea to delete the homes directory. We didn't want to delete the full domain because we have all the settings in there, some of which are not tied to the domain, but I've attempted this restore so many times now, I can probably figure it out.

Can you tell me which ip to put for each for the statement below -i 193.9.101.120 -A 193.9.101.104" If I'm setting this server to run spamassassin for itself and the other servers is -i this servers IP and -A this server virtualmin IP (which is the same on this machine)?

Setting up Spamd on Debian or Ubuntu

Login to the system you want to run spamd on as root
Install SpamAssassin with : apt-get install spamassassin
Edit the file /etc/default/spamassassin , and change the line ENABLED=0 to ENABLED=1.
In the same file, add the following to the OPTIONS line : -i serverip -A virtualmin-ipAn example completed line would look like : OPTIONS="--create-prefs --max-children 5 --helper-home-dir -i 193.9.101.120 -A 193.9.101.104"

The -i parameter tells SpamAssassin what IP address to listen on. You could give your public IP address there.

Since that would have SpamAssassin listening for connections from remote hosts, you then want to lock it down so that only certain IP's can connect (you don't want the entire Internet using your server to scan email :-)

The -A parameter says which IP's are allowed to connect. You can list as many as you want there, each IP separated by a comma.

Does that answer your question?