tnorman
asked on
General SPAM question - load on Exchange - separate filter
I have a client who has had a domain for a long time now. Due to this, they receive mountains and mountains of SPAM (about 40 per minute on average, 24/7).
I have Exchange 2003 running on its own server (a pretty good Hp Proliant). I used to have GFI Mail Essentials running on the same server. I found though that the filter put so much load on the server, due to the volume of spam, it was impacting the performance of the server.
I installed GFI on a separate box, and that takes care of SPAM before it gets to the mail server. The firewall routes mail to the 'GFI box', and then a connector forwards it to the email server. However, I am facing a new challenge, and I am worried I created it.
It appears, when SPAM flow is at its highest (sometimes multiple spams a second), 'real' emails get queued and take up to an hour to get delivered.
Does having this filter put limitations on the amount of connections I can accept at one time?
Will the performance of the GFI box put limitations on things (it is a std P4 box).
Would something like a Barracuda help matters?
Any other general thoughts/ideas?
Help much appreciated,
TN
I have Exchange 2003 running on its own server (a pretty good Hp Proliant). I used to have GFI Mail Essentials running on the same server. I found though that the filter put so much load on the server, due to the volume of spam, it was impacting the performance of the server.
I installed GFI on a separate box, and that takes care of SPAM before it gets to the mail server. The firewall routes mail to the 'GFI box', and then a connector forwards it to the email server. However, I am facing a new challenge, and I am worried I created it.
It appears, when SPAM flow is at its highest (sometimes multiple spams a second), 'real' emails get queued and take up to an hour to get delivered.
Does having this filter put limitations on the amount of connections I can accept at one time?
Will the performance of the GFI box put limitations on things (it is a std P4 box).
Would something like a Barracuda help matters?
Any other general thoughts/ideas?
Help much appreciated,
TN
ASKER
Kieran...thanks for that...pretty good stuff.
What you describe is basically what I have GFI doing (just blacklists and DH).
However, it is running on Windows XP.
When I try to change the maximum connections (which is currently set at 10), it defaults back to 10.
Also, I am unable to turn it off.
Is this a limitation of the XP connector?
What you describe is basically what I have GFI doing (just blacklists and DH).
However, it is running on Windows XP.
When I try to change the maximum connections (which is currently set at 10), it defaults back to 10.
Also, I am unable to turn it off.
Is this a limitation of the XP connector?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If it is not limiting like that, then it could just be processing slow, which would not surprise me with GFI.
What I tend to do is use a relay server for the really obvious spam - get it to drop the connection instantly, that usually gets rid of 80% of it, then forward the rest to Exchange where it gets scanned again, this time it is scanning less mail, with less rules, so it is not so intensive.
The barracuda would probably have more success at this, simply because it would be configured better - but there is something you could try right now, for free.
Install Vamsoft ORF on the relay server, http://www.vamsoft.com enable greylisting and recipient filtering (directory harvest). That should drop a stack of your connections immediately, you could even move this to a second relay server (for the purpose of the test).