hege at hege
Jul 8, 2012, 11:06 PM
Post #8 of 13
On Sun, Jul 08, 2012 at 04:40:31PM -0500, Dave Funk wrote:
> >On 07/08/2012 12:49 PM, David Kentwood wrote:
> >>I want to setup spamassassin + clamav + postfix. Many internet guides use
> >>Amavisd to integrate them together. However, my vps has only 516mb ram so I
> >>don't want to install Amavisd unless it's really recommended. So would the
> >>setup work well without using Amavisd? Would you recommend using Amavisd?
> One thing to keep in mind are the various factors that influence
> memory usage in spamassassin & clamav (and by how much).
> For example (on a SLES-11 x86_64 box) clamd with just the stock ClamAV
> rules has a RSS of 155MB, with a number of 3'rd party add in rulesets
> (EG Sanesecurity, SecureiteInfo, etc) its RSS is over 500MB.
> However the Clam + added rulesets has a hit rate that is 50x~100x higher
> than just stock ClamAv rules
I just ditch main.cld which seems pointless, I think it saved something like
40-50MB. If there are actually ever any new "viruses", daily.cld should
catch them. With this and most 3rd party sigs, clamd is only 80MB RSS.
> spamd's memory size is influenced by added rules and by scanned
> message size. As spamd keeps in memory multiple copies of a message
> (the raw form, the parsed 'full' form, the "cleaned" normalized
> form, etc) its memory
> usage grows nonlinearly with message size. EG if you restrict spamd
> to only scanning small (< 64KB) messages it might be no more than
> 100MB RSS but when you feed it larger messages (say 350KB) it can
> easily hit 150MB RSS per instance.
I've never seen my amavisd RSS over 100MB (512k msg size). On a 64-bit box
it can be something like 1.5x more since Perl likes to spend a whole lot
more memory there. But not something to worry usually on a VPS.
> So if you limit scanned message size you use less memory but then bloated
> spams will slip thru.
They won't if you use amavisd. It just truncates messages to the limit and
scans that. :-)
> Depending upon your mail flow rate you may want to keep multiple
> spamd children around. Each child uses up memory but multiple
> children help thruput during bursts of incoming messages.
You can easily run many children since amavisd or spamd forks are
copy-on-writed pretty well. So only extra memory used is the per scan state
and file data etc.