[Gross] Weighted checks in production
Eino Tuominen
eino at utu.fi
Fri Mar 28 12:43:20 EET 2008
Eino Tuominen wrote:
> Eino Tuominen wrote:
>> Hi all,
>>
>> I have now weighted checks version in production in one node:
>>
>> smtp01:gross# ps -e -o etime,time,vsz,rss,pcpu,args | grep grossd
>> 03:50:08 6:08 32408 31776 0.6 sbin/grossd
>>
>> Trust: 9959 Match: 46 Greylist: 3643 Block: 39232 Queries/sec: 3.823019
>>
>> Its now 6:30 pm here, so ham is still coming in. I uploaded a new
>> development snapshot on Google, play with it!
>>
>> Oh, I now made these ports as defaults: 5525 gross; 5522 status; 5524
>> sync. This time I checked IANA port list first!-)
>
> Darn, I managed to upload wrong version. Now check_blocker is broken in
> the gross-svn-232.tar.gz. I'll fix it ASAP. Otherwise it should be stable.
>
> I'll be back,
First night has passed, here are the statistics of one node:
Trust: 15166 Match: 233 Greylist: 8582 Block: 120463
Quite amazing?!
I have now uploaded gross-svn-236.tar.gz, it's running now in production
here. I couldn't get check_blocker to reuse connections as Sophos'
blockerd keeps shutting every connection down right after the answer.
And, now there's watchdog to see if blocker threads get stuck.
Jesse, you threw an idea some time ago about skipping first n rotating
filters when calculating the effective filter. I've been pondering your
idea and I think it could be of use now. It might be a good idea to hold
a triplet as long as few hours at greylisted state, as it would give
Puremessage and alike time to update their filters and let the spammers
id get spread to another RBL's as well. What do you think?
The original problem was that resolution of filters is so poor (1 hour
with default config). But now that most spam gets blocked and only a
portion gets greylisted there is a lot of room in the filters. We could
easily afford more rotating buffers skipping a few first of them.
--
Eino Tuominen
More information about the Gross
mailing list