目前的设置如下:
> Postfix提示邮件,用户在虚拟表中,存储在MySQL中
>在连接上,所有服务器都使用针对某些DNSBL的policyd-weight服务进行测试
>所有邮件都是在垃圾邮件客户端的帮助下通过SpamAssassin垃圾邮件运行的
>然后邮件随Dovecot 2’LDA(本地传递代理),虚拟用户一起提供
如你所见……
>没有病毒扫描程序运行,这是有原因的:clamav会占用所有可能的内存,而且,这个设置都会过滤掉病毒邮件(我已经使用ClamAV启用了1.5年的同样的测试,没有病毒邮件甚至连ClamAV)
>我不使用amavisd,我真的不想.如果你有足够的内存和大量的同步扫描仪,你只需要那个怪物.用手微调也是一场噩梦.
>我在postfix中运行policyd-weight而不是policyd和本地DNSBLs.我不喜欢派人离开,因为他们列出了一项服务.
重要声明:一切正常.我收到的垃圾邮件数量非常少,几乎从未得到过误报,而且大多数不良邮件都被policyd-weight所阻止.我觉得服务的唯一“问题”总共使用了很多内存.
我已经削减了spamassassin的模块(见下文),但我真的很想听到一些建议如何尽可能减少内存占用,主要是:SpamAssassin真正需要什么插件以及或多或少无用的插件,关于我目前的后缀& policyd-weight设置?
SpamAssassin规则也使用sa-compile编译(sa-update每周从cron运行一次,编译后立即运行)
这些是可能重要的一些当前配置,请告诉我您是否还需要更多.
postfix / master.cf(仅限部分)
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -e /usr/lib/dovecot/deliver -d ${recipIEnt} -f {sender} postfix / main.cf(仅限部分)
smtpd_helo_required = yessmtpd_helo_restrictions = permit_mynetworks,reject_invalID_hostname,permitsmtpd_recipIEnt_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_hostname,reject_non_fqdn_recipIEnt,reject_unkNown_recipIEnt_domain,reject_unauth_pipelining,reject_unauth_destination,check_policy_service inet:127.0.0.1:12525,permit
policyd-weight.conf(仅限部件)
$REJECTMSG = "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-administrator to correct HELO and DNS MX settings or to get removed from DNSBLs";$REJECTLEVEL = 4;$DEFER_STRING = 'IN_SPAMcop= BOGUS_MX=';$DEFER_ACTION = '450';$DEFER_LEVEL = 5;$DNSERRMSG = '450 No DNS entrIEs for your MTA,HELO and Domain. Contact YOUR administrator';# 1: ON,0: OFF (default)# If ON request that ALL clIEnts are only checked against RBLs$dnsbl_checks_only = 0;# 1: ON (default),0: OFF# When set to ON it logs only RBLs which affect scoring (positive or negative)$LOG_BAD_RBL_ONLY = 1;## DNSBL settings@dnsbl_score = ( # host,hit,miss,log name 'dnsbl.ahbl.org',3,-1,'dnsbl.ahbl.org','dnsbl.njabl.org','dnsbl.sorbs.net','bl.spamcop.net','Zen.spamhaus.org','pbl.spamhaus.org','cbl.abuseat.org','List.dsbl.org',);# If ClIEnt IP is Listed in MORE DNSBLS than this var,it gets REJECTed immediately$MAXDNSBLHITS = 3;# alternatively,if the score of DNSBLs is ABOVE this level,reject immediately$MAXDNSBLscore = 9;$MAXDNSBLMSG = '550 Az levelezoszerveruk IP cime tul sok spamListan talahato,kerjuk ellenorizze! / Your MTA is Listed in too many DNSBLs; please check.';## RHSBL settings@rhsbl_score = ( 'multi.surbl.org',4,'multi.surbl.org','rhsbl.ahbl.org','dsn.rfc-ignorant.org',# 'postmaster.rfc-ignorant.org',0.1,'postmaster.rfc-ignorant.org',# 'abuse.rfc-ignorant.org','abuse.rfc-ignorant.org');# skip a RBL if this RBL had this many continuous errors$BL_ERROR_SKIP = 2;# skip a RBL for that many times$BL_SKIP_RELEASE = 10;## cache stuff# must be a directory (add trailing slash)$LOCKPATH = '/var/run/policyd-weight/';# socket path for the cache daemon.$SPATH = $LOCKPATH.'/polw.sock';# how many seconds the cache may be IDle before starting maintenance routines#NOTE: standard maintenance jobs happen regardless of this setting.$MAXIDLECACHE = 60;# after this number of requests do following maintenance jobs: checking for config changes$MAINTENANCE_LEVEL = 5;# negative (i.e. SPAM) result cache settings ################################### set to 0 to disable caching for spam results. To this level the cache will be cleaned.$CACHESIZE = 2000;# at this number of entrIEs cleanup takes place$CACHEMAXSIZE = 4000;$CACHEREJECTMSG = '550 temporarily blocked because of prevIoUs errors';# after NTTL retrIEs the cache entry is deleted$NTTL = 1;# clIEnt MUST NOT retry within this seconds in order to decrease TTL counter$NTIME = 30;# positve (i.,e. HAM) result cache settings #################################### set to 0 to disable caching of HAM. To this number of entrIEs the cache will be cleaned$POSCACHESIZE = 1000;# at this number of entrIEs cleanup takes place$POSCACHEMAXSIZE = 2000;$POSCACHEMSG = 'using cached result';#after PTTL requests the HAM entry must succeed one time the RBL checks again$PTTL = 60;# after $PTIME in HAM Cache the clIEnt must pass one time the RBL checks again.#Values must be nonfractal. Accepted time-units: s,m,h,d$PTIME = '3h';# The clIEnt must pass this time the RBL checks in order to be Listed as hard-HAM# After this time the clIEnt will pass immediately for PTTL within PTIME$TEMP_PTIME = '1d';## DNS settings# RetrIEs for ONE DNS-Lookup$DNS_RETRIES = 1;# Retry-interval for ONE DNS-Lookup$DNS_RETRY_IVAL = 5;# max error count for unresponded querIEs in a complete policy query$MAXDNSERR = 3;$MAXDNSERRMSG = 'passed - too many local DNS-errors';# persistent udp connection for DNS querIEs.#broken in Net::DNS version 0.51. Works with Net::DNS 0.53; DEFAulT: off$PUDP= 0;# Force the usage of Net::DNS for RBL lookups.# normally policyd-weight trIEs to use a faster RBL lookup routine instead of Net::DNS$USE_NET_DNS = 0;# A List of space separated NS IPs# This overrIDes resolv.conf settings# Example: $NS = '1.2.3.4 1.2.3.5';# DEFAulT: empty$NS = '';# timeout for receiving from cache instance$IPC_TIMEOUT = 2;# If set to 1 policyd-weight closes connections to smtpd clIEnts in order to avoID too many#established connections to one policyd-weight child$TRY_BALANCE = 0;# scores for checks,WARNING: they may manipulate eachother# or be factors for other scores.# HIT score,MISS score@clIEnt_ip_eq_helo_score = (1.5,-1.25 );@helo_score = (1.5,-2 );@helo_score = (0,-2 );@helo_from_mx_eq_ip_score= (1.5,-3.1 );@helo_numeric_score= (2.5,0 );@from_match_regex_verifIEd_helo= (1,-2 );@from_match_regex_unverifIEd_helo = (1.6,-1.5 );@from_match_regex_Failed_helo = (2.5,0 );@helo_seems_dialup = (1.5,0 );@Failed_helo_seems_dialup= (2,0 );@helo_ip_in_clIEnt_subnet= (0,-1.2 );@helo_ip_in_cl16_subnet = (0,-0.41 );#@clIEnt_seems_dialup_score = (3.75,0 );@clIEnt_seems_dialup_score = (0,0 );@from_multiparted = (1.09,0 );@from_anon= (1.17,0 );@bogus_mx_score = (2.1,0 );@random_sender_score = (0.25,0 );@rhsbl_penalty_score = (3.1,0 );@enforce_dyndns_score = (3,0 );
spamassassin / init.pre(我把.pre文件放在一起)
loadplugin Mail::SpamAssassin::Plugin::Hashcashloadplugin Mail::SpamAssassin::Plugin::SPFloadplugin Mail::SpamAssassin::Plugin::Pyzorloadplugin Mail::SpamAssassin::Plugin::Razor2loadplugin Mail::SpamAssassin::Plugin::autoLearnThresholdloadplugin Mail::SpamAssassin::Plugin::MIMEheaderloadplugin Mail::SpamAssassin::Plugin::ReplaceTagsloadplugin Mail::SpamAssassin::Plugin::Checkloadplugin Mail::SpamAssassin::Plugin::httpSMismatchloadplugin Mail::SpamAssassin::Plugin::URIDetail loadplugin Mail::SpamAssassin::Plugin::Bayesloadplugin Mail::SpamAssassin::Plugin::BodyEvalloadplugin Mail::SpamAssassin::Plugin::DNSEvalloadplugin Mail::SpamAssassin::Plugin::HTMLEvalloadplugin Mail::SpamAssassin::Plugin::headerEvalloadplugin Mail::SpamAssassin::Plugin::MIMEEvalloadplugin Mail::SpamAssassin::Plugin::RelayEvalloadplugin Mail::SpamAssassin::Plugin::URIEvalloadplugin Mail::SpamAssassin::Plugin::WLBLEvalloadplugin Mail::SpamAssassin::Plugin::VBounceloadplugin Mail::SpamAssassin::Plugin::Rule2XSBody
spamassassin / local.cf(parts)
use_bayes 1bayes_auto_learn 1bayes_store_module Mail::SpamAssassin::Bayesstore::MysqLbayes_sql_dsn DBI:MysqL:db:127.0.0.1:3306bayes_sql_username userbayes_sql_password passbayes_ignore_header X-Bogositybayes_ignore_header X-Spam-Flagbayes_ignore_header X-Spam-Status### User settingsuser_scores_dsn DBI:MysqL:db:127.0.0.1:3306user_scores_sql_password useruser_scores_sql_username passuser_scores_sql_custom_query SELECT preference,value FROM _table_ WHERE username = _USERname_ OR username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) ORDER BY username ASC# for better speedscore DNS_FROM_AHBL_RHSBL 0score __RFC_IGnorANT_ENVFROM 0score DNS_FROM_RFC_DSN 0score DNS_FROM_RFC_BOGUSMX 0score __DNS_FROM_RFC_POST 0score __DNS_FROM_RFC_ABUSE 0score __DNS_FROM_RFC_WHOIS 0 更新01
由于adaptr建议我删除policyd-weight并配置postfix postscreen,这导致RAM使用率约为-15-20 MB,工作速度更快.我不确定它是否满负荷工作,但似乎很有希望.
解决方法 我建议你升级到postfix 2.8并部署 postscreen;这是专门设计为僵尸/ DNSBL分类服务器,并高速处理多个黑名单.它还提供完全加权的黑/白名单评分,明确的白名单等.
关于你的第二个问题,我建议你查看spamass-milter;在线过滤器比外部过程更有效.
总结以上是内存溢出为你收集整理的我需要建议:小内存占用linux邮件服务器与垃圾邮件过滤全部内容,希望文章能够帮你解决我需要建议:小内存占用linux邮件服务器与垃圾邮件过滤所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)