[Gross] Configuration questions

Jesse Thompson jesse.thompson at doit.wisc.edu
Wed Dec 22 01:27:08 EET 2010 

On 12/14/2010 07:26 AM, spamcatcher at uni.de wrote:
> Hello again,
> thanks for your reply about the version, Eino!
>
> If you can use help for tests or whatever, i can try :)
>
> I run a site with several domains, but a quite low mail-traffic ...
> Still, spam mails started to come up several times a day.
> This is on a very low volume.
>
> So, i am not sure about the right configuration settings for me.
>
> I did read the documentation incl. the Configuration options wiki entry!
> But still, i cannot decide on the configuration ...
>
> Could you help me?
>
> I just list some of my thoughts and questions:
>
> #######################################
> grey_delay
> 10
>
> Having read about other greylisting implementations, i seem to remember that this is often set to 10 or 20 minutes!
> Why is that only 10 seconds per default?
> Do i missunderstand the the effect of that setting?
>
> *confused*

Setting it to 10 prevents the spammers who cheat by just firing off 2 
messages simultaneously.

 From what I can tell, most spammers do not even bother retrying.

You could raise it.  I don't know what the practical limit is.

Consider that any spammer that is willing and able to wait and retry 
won't be thwarted by you raising the setting.

The only benefit that I see to raising it is to increase the delay so 
that the spammer will get on more blacklists.

You'll have to do your own experiments to find out if it worth it.


> #######################################
> query_timeout
> 5000
>
> pool_maxthreads
> 100
>
> This means, that the server is configured to handle 5000/1000 * 100 = 500 mails per second, right?
> That seems *way* to high for my servers :D
>
> 10 mails per second would already be too high.
>
> So, i *could* use smaller settings to save resources - but *what* to set lower?
>
> query_timeout 100?
> pool_maxthreads 2?
>
> Or better not touch that, even if oversized?

I think that pool_maxthreads applies to the thread pool for querying 
DNS.  Which means that if you lower pool_maxthreads too much, then you 
may start getting DNS query contention.

Your calculation forgets that multiple DNSBLs are [probably] queried for 
each message.

I would assume that these threads are light weight, so it shouldn't hurt 
to aim high.  If you do lower the setting, maybe you could lower 
pool_maxthreads to 10.

Don't lower query_timeout, especially if you are not running a local 
caching DNS server.

Jesse

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3403 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.utu.fi/pipermail/gross/attachments/20101221/32e43698/attachment.p7s>

More information about the Gross mailing list