Hi, does anyone have expirence with larger deployments that handle loads of mails each day and can give some insights into the ressource usage of their mailserver(s)? I'm planning to migrate from a seperated setup, where incoming, outgoing and spam/virus scanning is seperate on different machines to the ISPConfig approach where are services are on each mailserver. I think it'll be fine in handling the traffic, but some insights would be appricated.
I don't see any reasons for problems with that setup. E.g., I know a client that had about 15k mailboxes in an ISPConfig cluster, and there were no issues with that. This was already 10 years ago with amavisd, which is way slower than rspamd. If I remember correctly, he used a firewall and load-balancer appliance in front of the servers and he also had a commercial storage system for storing the email data that was mounted to /var/vmail on all nodes with NFS.
My main concern is the ressource usage or rather memory usage of clamav itself as this is the one process that uses quiet alot of memory on our current setup. Our rspamd is relativly quiet especially on cpu usage.
This ISPConfig host runs everything except name service: Code: top -o %MEM shows Code: top - 13:55:21 up 7 days, 16:44, 1 user, load average: 0,00, 0,02, 0,02 Tasks: 467 total, 1 running, 466 sleeping, 0 stopped, 0 zombie %Cpu(s): 2,0 us, 1,0 sy, 0,0 ni, 97,0 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st MiB Mem : 7978,1 total, 251,3 free, 7132,3 used, 594,4 buff/cache MiB Swap: 3814,0 total, 435,8 free, 3378,2 used. 479,3 avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 15798 mysql 20 0 3894664 1,3g 0 S 0,0 16,6 30:11.02 mysqld 643 clamav 20 0 2319592 635084 3476 S 0,0 7,8 3:12.08 clamd 30024 web143 20 0 449992 120496 67640 S 0,0 1,5 1:52.84 php-fpm7.3 30033 web143 20 0 461452 120064 65952 S 0,0 1,5 1:51.99 php-fpm7.3 30019 web143 20 0 406080 119404 68792 S 0,0 1,5 1:52.37 php-fpm7.3 If percent memory is calculated from RAM (host has 8 GB), then clamd uses about 8GB * 8 % = 0,64 GB. Another host, which runs postfix, dovecot etc and no websites, shows: Code: root@posti:~# top -o %MEM top - 13:59:12 up 7 days, 16:47, 2 users, load average: 0,06, 0,05, 0,00 Tasks: 182 total, 1 running, 181 sleeping, 0 stopped, 0 zombie %Cpu(s): 3,1 us, 3,1 sy, 0,0 ni, 93,8 id, 0,0 wa, 0,0 hi, 0,0 si, 0,0 st MiB Mem : 5962,9 total, 1354,4 free, 2499,6 used, 2108,9 buff/cache MiB Swap: 3814,0 total, 3376,0 free, 438,0 used. 3150,3 avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 360 clamav 20 0 2318632 1,4g 9816 S 0,0 23,6 5:25.18 clamd 535 redis 20 0 459232 404044 2772 S 0,0 6,6 13:25.63 redis-ser+ 16118 _rspamd 20 0 463268 95316 8972 S 0,0 1,6 2:07.74 rspamd 16117 _rspamd 20 0 729040 92512 5020 S 0,0 1,5 0:11.40 rspamd 16119 _rspamd 20 0 438864 85508 11004 S 0,0 1,4 2:09.56 rspamd 28066 mysql 20 0 1723748 77348 8900 S 0,0 1,3 4:45.28 mysqld 654 root 20 0 313840 48556 37780 S 0,0 0,8 0:20.77 /usr/sbin+ 7469 www-data 20 0 328044 46448 30416 S 0,0 0,8 0:01.16 /usr/sbin+ 17435 www-data 20 0 327744 46056 30312 S 0,0 0,8 0:00.95 /usr/sbin+ 24067 www-data 20 0 327928 45044 29188 S 0,0 0,7 0:00.68 /usr/sbin+ So this time 6GB * 24 % = 1,44 GB.
@Taleman Thank you for the stats. Do you have any numbers in relation like mails/day? Currently my master MX takes up ~14GB RAM between offical working hours.
Clamd is a daemon, so it does not get started for every incoming email again like when you would use ClamScan. Therefore, Clamd might use a lot of RAM on small systems with few emails compared to the system size, but on large systems, it uses less as it is started only once and is able to process lots of emails.
That's the part that i'm interested in. I have no clue what to expect but i guess based on your previous reply we will be most likly be fine. Regarding the clamav and rspamd integration in ISPConfig. Allthough the local.d/antivirus.conf is present and the server line points to the unix socker for clamd "/var/run/clamav/clamd.ctl" it does not seem to scan mails. The rspamd.log show: Code: 2024-01-30 12:41:57 #1976575(main) <tpyk1f>; lua; antivirus.lua:209: added antivirus engine clamav -> CLAM_VIRUS But sending an EICAR Teststring via E-Mail results in nothing. There is nothing regarding scanning the mails in the clamav.log: Code: Tue Jan 30 11:00:43 2024 -> Reading databases from /var/lib/clamav Tue Jan 30 11:01:03 2024 -> Database correctly reloaded (8683647 signatures) Tue Jan 30 11:01:03 2024 -> SelfCheck: Database status OK. Tue Jan 30 11:01:03 2024 -> Activating the newly loaded database... Tue Jan 30 12:01:03 2024 -> SelfCheck: Database status OK. Tue Jan 30 13:21:45 2024 -> SelfCheck: Database status OK. Am i missing something here?