[KLUG Members] Sendmail performance tweaks/tips

[Chester Wisniewski]

adamb at glaven.org wrote:
> I realize that bringing up MTAs usually sttart wars, but I am currently
> finding myself managing some sendmail servers. My previous position had me
> working with qmail, so I haven't worked with  sendmail for....3  years.
> Enough time to forget most of what I knew before.
>
>
> So, in the interest of performance: what is it that you put in  your MC
> file and any other tweaks that you put in your cf file to "speed"  things
> up and manage queue sizes?
>
> I don't have any of my old cf or mc files from the last time I ran a
> couple production sendmail servers; and the current cf files seem to be
> lacking the accompanying mc files.
>
> In my cf files, here's what might speed up my delivery or 'tweak' sendmail:
>
> AliasWait at 10
> MaxMessage size at 11M
> DeliveryMode is background
> Connection cache size is 2
> Connection cache timeout is 5m
> Check Aliases is false (which doesn't really do anything for
> performance)
> Privacy Options are the standard: noexpn, novrfy,authwarnings,
> needmailhelo
>
>
> SuperSafe is True.
>
> I also have a few timeouts set that I'm not sure are of any use:
> initial: 15s
> connect: 15s
> ident: 0
> queuereturn: 12h
> queuereturn.normal: 12h
> queuewarn: 6h
>
> Back off timeouts again:
>
> DoubleBounces are sent to the bit bucket.
> Max recipients is 100
> Dead letter goes to bit bucket.
>
>
> I've used QueueLA before, but it didnt' seem to 'queue' things so much as
> 'deny new messages'.  So, I'm a bit leery of that (And no, I didn't
> confuse it with RefuseLA).
>
>
>
> I believe that this version of sendmail (8.13.7) includes milter support,
> I'm interested in milters.  I know they are the bees knees, the cat's
> pajamas, but unfortunately, the most popular, and one I was dying to use -
> Greylisting - is unusable since mail on the domain I'm worrying about uses
> postini. So, mail goes to postini, postini sends it to us. I can grey list
> all I want, but postini is still gonna send it.  The same goes for IP
> blacklisting, connection throttles to stop spammers, and the like.
> Postini is *the* only way into the mail server - any other connections are
> rejected.  (I do understand that I could throttle connections, but it's
> not going to stop say, a spammer - the mail is already spooled on postini,
> so it WILL come, the only thing that throttling will do is delay any
> incoming mail.)
>
> As configured, sendmail already denies messages going to recipients that
> don't exist;  but because postini doesn't filter all mail (just ones that
> are subscribed) a spam stomping milter that has a  low false-positive rate
> (since having someone on hand to do nothing but sort through messages
> isn't useful) would also be good. And again: My only problem is I *am* on
> solaris, and since glibc yhasn't been ported, any milter that is C/C++
> that uses glibc is out of the question. Unless I want to port either
> glibc, or the milter.  Perl and python filters, while less desirable, are
> acceptable.
>
>
> So:  if you have any tips, feel free to send them on.  As I mentioned in
> the other thread, I'm looking to move, but since this would be a LARGE
> move, I have to make do with what I have until I have new servers built
> and ready and a migration plan written out and tested.  (Hey - if you have
> migration plans... well.. post those, too).
>
> I mostly need to get away fro mbox format, as mbox format is not NFS safe,
> and the current "nfs safe" version of procmail wwe have is undesirable.
>
> Feel free to bounce ideas, flame, whatever.
>
> Adam
> _______________________________________________
> Members mailing list
> Members at kalamazoolinux.org
> 
>   
Hi Adam,

I work for a private company that produces Anti-Spam and Anti-Virus 
products that are milters (Postini is my arch enemy!). I am not going to 
pitch you on our solution, however I will probe around a bit on open 
source solutions we know to exist out there that may work in your 
environment. If you would like to know the good/bad/ugly of any of them 
in particular that you might be looking at, I would be happy to share 
our competitive intelligence (or kudos!).

Chet