When I switched to my new Slicehost server, I spent a while trying to decide what I wanted to do about email for my domains. I contemplated using Google’s domain email service, or some other third-party email hosting. But I just hated giving up that much control of my email setup. I’ve been administering my own email for (…thinking…) almost 15 years now. So, in the end, I just ended up routing email to my new web server.
The problem was that this added a significant amount of processing load to the server. Maily because I have been using the SpamBouncer procmail rules to filter my email. This set of procmail rules does a pretty good job of reducing the amount of spam that makes it to my inbox, but procmail is a notorious CPU hog. Whenever a batch of spam emails would arrive (when you host email for several domains and users, you notice that spam often arrives in ‘clumps’), several procmail processes would kick off, and the system load would shoot up by an order of magnitude for a brief time. The machine seemed to handle it okay, but it bugged me.
Recently, however, I was contacted by one Brad Garrison. He was also a customer with Slicehost, but he wasn’t as satisfied with them as I was. Brad was having some sort of problem with load on his server, and decided to try a different hosting provider. But he had some pre-paid credit that he could not get refunded. Being a visitor to my site, and seeing that I was at Slicehost, he generously arranged to transfer the remainder of his credit to my account (thanks, Brad!).
I decided to put this windfall to use by adding a second server to my account, to act as a dedicated email gateway and spam filter. First, I added a 256 Slice to my account, and set it up with Ubuntu 8.04. Once I had the base system up and running, with a few personal tweaks, I followed the instructions on HowToForge for building a SpamSnake server. When I was done, my server was running the Postfix MTA, MailScanner, Spamassassin, ClamAV, and MailWatch. I had problems with the greylist server, so I disabled gld and removed the associated bits from my postfix config.
Once it was all configured, I pointed the MX records for one of my lesser-used domains to the new server. Then I was able to send some test emails (which is how I ended up disabling gld), adjust and fix things I had missed in the initial setup, and get everything working just right. Once I was happy with it, I updated the DNS for the rest of my domains, to use the new server as their MX (Mail eXchange). After letting it run for a day, however, I found that the load on the new server was through the roof. MailScanner uses a *lot* of RAM, so the machine was in constant swap. So I upgraded the slice to 512MB of RAM. This process went smoothly. It probably took about 15 minutes from my initial request to the point that the machine was running in the new configuration, and it was only down for about 5 of those minutes. Score one for Xen virtual machines!
With the increased RAM, the machine was now happily munching on email, spitting the spams and virii into the bit bucket, and passing the rest of the messages along to my main server. I did, notice, however, that certain spammers were still sending emails directly to my mailbox server, instead of to the spamsnake gateway server. Naughty, naughty spammers! I fixed this by configuring the mailbox server to only accept connections from the gateway server. This took a little bit of research, but a user named Simon on the #exim channel in Freenode IRC pointed me in the right direction for setting up the ACL rules.
So, now my web server is happier because of the lower CPU load. And my inbox is happier because I get much less spam making it through filtering. I went from about 150 uncaught spams per night to about 12. I don’t even want to think about how many messages are getting blocked before I ever see a statistic on them (e.g., blocked by DNSBL, or other fingerprints, before any anti-spam content scanning takes place). For a while, I was actually worried that I had broken something, because I had been going so long without seeing new messages. I almost missed the constant dribble of spams! Almost 🙂
4 Responses to Whither Spam?