Quote:
Originally Posted by flapjack
hmm, does it really matter much if the mail takes 1 or 3 seconds to be handled?? After all, it's going to take a lot more time travelling across the internet.
On the other hand, if it's really critical it runs as fast as possible... Well, I'd suggest you'd start looking for newer/better (versions of) anti-virus software and anti-spam software. They're probably the biggest hit on system performance and newer version might reduce the load a little (or increase it, but hey, the only sure way to increase performance is to upgrade the hardware :P)
|
1) It might not make a difference for a single user, if his mail takes 1 or 3 seconds, but if the mail-server has 2 arriving mails per second, you might notice the problem...
2) Software updates will probably not solve the problem, as the scanner still needs to do its work (i.e. scanning / analyzing), which takes some cpu load by definition...
NB3, you might wanna look at a method called
GreyListing. Go4google ofc.
It drastically reduces the number of mails that the server accepts, hence the actual amount of mails to scan will decrease.
It uses the fact that usually spammers send a spam-mail and forget about it, while real mail-servers will retry to deliver a message properly.
So the mailserver checks, if it has seen the combination of sender's address, sender's IP and recipients address before. If not, the mail will get rejected, with a reply like "try again in 5minutes". "Good" mail servers will, while spammers won't (not atm at least). If the mail comes in again (the server HAS seen the sender's details before now), it gets passed through, and the sender-data will be added to the database (i.e. whitelist) for 30 days or so.
As long as spammers don't adapt to this blocking-method, it's great. There's only one problem:
Big mail-provider might use multiple mail-servers. If one sends the mail, and another one later retries, the sender's-details-information-triple won't match - the mail gets rejected again. This can cause severe delay or even a bounce.
So you'd have to whitelist big mail-providers manually. Or as they usually tend to be in the same subnet, accept xxx.xxx.xxx.* or something.
My uni uses it, and I think they know their business...