I currently have an ISPConfig3 cluster running on different VPS'es for my company. ISPConfig3 is very nice, I can handle within the same interface the websites, databases, accounts and mail. My cluster runs perfectly, however when I start having a lot of hits because of visitors to my webpages or because of SPAM the daemons start forking and as a consequence, the operative system swaps and all go slow.
I was then looking for a solution that doesn't involve adding more resources to the servers. After analyzing how ISPConfig 3 deploys the daemons in my Linux CentOS 7, I figure out that taking out amavisd, clamd and postgrey will help a lot.
Why these two daemons? Well, there are two big reasons. The first one is because email anti-spam and the greylist filtering service are a common task; there is no need to have multiple daemons doing the same. And the second and most important is that they are in perl, and according to my readings, perl has a huge footprint. I don't have the document, but I remember I read somewhere each perl process uses 16BM of RAM. So, moving out these two daemons, I potentially will free at least 64 MB in each server. I am not sure how many RAM does clamd use.
So, I will describe what I have done.
As the image shows, this is my architecture.
Install the amavisd, clamav and postgrey from the RPM's that CentOS provides. Those are really good and enough. Clamav doesn't need any configuration, it is called by amavisd.
Copy the /etc/amavisd/amavisd.conf from an ISPConfig3 server and then, in the new server d the following modifications:
In the Amavisd server, you will need to have this in your /etc/postfix/master.cf
127.0.0.1:10027 inet n - n - - smtpd
For security reasons, you may want to disable the port 25/tcp in the master.cf file as well.
This is quite easy:
Before turning off the local amavisd and postgrey, we need to tell the postfix to point to the external file. So, I did the following:
Restart your Postfix. You can disable now clamd (clamav), postgrey and amavisd.
Your SPF records should reflect the IP of your Amavisd server.
DKIM will not work unless you copy manually the files or write a custom script. Some notes:
The idea is to copy the keys and concatenate all the files, but this is not always too easy if you have more than two servers. I will write about this when I figure it out.
Good luck!blog comments powered by Disqus
Read about IT, Migration, Business, Money, Marketing and other subjects.
Some subjects: FusionPBX, FreeSWITCH, Linux, Security, Canada, Cryptocurrency, Trading.