Discussion:
[Maia-users] Significantly reduce the load on your MAIA boxen
Randy McAnally
2015-08-23 16:46:49 UTC
Permalink
Whipped this up to reduce the load on our MAIA boxes (cluster of nodes
filtering mail for 1000's of domains) and it helped significantly with
almost 50% reduction in load with no false positives. Spam waves /
botnet / dictionary attacks are pretty much a thing of the past.

FYI we also use policyd for some time now but it lacks the ability to
track SPAM status. When looking at our logs 90% of the load was spam
filtering on OBVIOUS spam sources... so here is my solution:

https://github.com/djamps/sa-policy

Hope it helps someone. :)

--
Randy McAnally
P.J. Tezza
2015-08-23 17:43:47 UTC
Permalink
Nice!!!

PJ

On 8/23/15 9:46 AM, Randy McAnally wrote:
> Whipped this up to reduce the load on our MAIA boxes (cluster of nodes
> filtering mail for 1000's of domains) and it helped significantly with
> almost 50% reduction in load with no false positives. Spam waves /
> botnet / dictionary attacks are pretty much a thing of the past.
>
> FYI we also use policyd for some time now but it lacks the ability to
> track SPAM status. When looking at our logs 90% of the load was spam
> filtering on OBVIOUS spam sources... so here is my solution:
>
> https://github.com/djamps/sa-policy
>
> Hope it helps someone. :)
>
Lawrence R. Mulder
2015-08-23 18:39:31 UTC
Permalink
I've also found that having postfix block nearly all of the recently expanded internet TLDs has dramatically reduced both false negative and ‎maia filtering load. Unfortunately, if you are a provider that has to service more of these domains than not for some reason, this may not be practical, but for me it has been almost magical.

Thanks,
-Larry

________________________________________________
Lawrence R. Mulder / RHCE, VTSP, SEC+
Vice President, InformAbility, Inc.
***@informability.com
http://www.informability.com/about
http://www.facebook.com/InformAbility
Ph: 630-532-5941
Fx: 630-532-5955
________________________________________________
Original Message
From: P.J. Tezza
Sent: Sunday, August 23, 2015 12:43 PM
To: maia-***@renaissoft.com
Subject: Re: [Maia-users] Significantly reduce the load on your MAIA boxen


Nice!!!

PJ

On 8/23/15 9:46 AM, Randy McAnally wrote:
> Whipped this up to reduce the load on our MAIA boxes (cluster of nodes
> filtering mail for 1000's of domains) and it helped significantly with
> almost 50% reduction in load with no false positives. Spam waves /
> botnet / dictionary attacks are pretty much a thing of the past.
>
> FYI we also use policyd for some time now but it lacks the ability to
> track SPAM status. When looking at our logs 90% of the load was spam
> filtering on OBVIOUS spam sources... so here is my solution:
>
> https://github.com/djamps/sa-policy
>
> Hope it helps someone. :)
>

_______________________________________________
Maia-users mailing list
Maia-***@renaissoft.com
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
Randy McAnally
2015-09-03 18:38:58 UTC
Permalink
Hi again all,

I've pushed a couple of updates to help keep the mysql tables from
growing too large and also included a CSF firewall regex to temp-ban
abusive hosts in iptables that are flooding the postfix logs. I found
that some hosts react badly to the 450's and hammer postfix at over
1000/min! Although it barely phased postfix, it made for a messy/large
maillog.

At this point I'd consider the tool very stable. Been running without
issues for over a week now on two nodes.

Spam processing is down by over 50% and zero false positives so far!

~Randy
Loading...