[unisog] New virus - not caught by central servers (fwd)

Simon Kissler Simon.Kissler at valpo.edu
Tue Jul 27 22:28:36 GMT 2004

We use spamassassin w/ amavis and have parallelized our mail "filtering"
and queueing using Sun V210s and IP anycast. This has worked very
effectively and our average time to process a message is 1.2 seconds.  We
usually take 30 minutes to an hour to catch up, but the delay is largely
caused by slow storage on the final destination (a problem we're currently
tackling). That said the only scenario under which we would be down
anymore at this point would be a core network outage since the parallel
design allows us to apply upgrades/patches/etc. while the overall system
(as the customer sees it) remains live.

Similar to some of the other comments e-mail is seen as an absolutely
mission critical service here.


On Tue, 27 Jul 2004, Scott M. Dier wrote:

> On Tue, 2004-07-27 at 15:11, Frank Bulk wrote:
> > That brings up an interesting point, and perhaps people could
> > comment.  For every hour of email processing down, how long does it
> > take for your queue to get processed once things are back up?  And
> > what would you guess your bottleneck to be, the spam gateway/virus
> > gateway/messaging system/bandwidth?
> Last time this happened for an extended period of time (6 hours?) it
> took about 2 hours to catch up, I think.  Our bottleneck is spamassassin
> (because it does some useful external lookups). (We use
> postfix/amavisd-new with clamav/SA)
> I'm testing out dspam here to replace spamassassin.
> --
> Scott Dier <sdier at cs.umn.edu>
> CS/IT Systems Staff
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

Simon Kissler                                   Simon.Kissler at valpo.edu
UNIX Systems Administrator			Phone: (219) 464 6773
Electronic Information Services                 Fax  : (219) 464 5381
Valparaiso University
Kretzmann Hall B22
Valparaiso, IN 46383

                 "Cannot find REALITY.SYS...Universe Halted."


More information about the unisog mailing list