After processing email for many years using clamd and spamassassin, and seeing the spammers always seem to stay one step ahead, or have automated incremental changes to their attacks, we finally outsourced to one of the leading anti-spam/virus filtering services for a small per-address fee (we resell it for about 4x what we pay). We also resell it as a store-and-forward option for domains that we don’t host, or for customers who are running in-house Exchange servers.
After a 30-day free trial with the outsourced solution, none of our customers have balked at the per address fee. If it saves them 5 minutes per month, it has paid for itself.
Our main justification: it takes a huge load off the web servers. We still have some customers who don’t want to pay the fee, and prefer to use spamassassin… we explain to them that spamassassin creates huge files, and be prepared to pay more in terms of site performance, bandwidth and disk space if they don’t go with the outsourced solution. With the one we use, the MX records all point to the outsource, so we don’t have to deal with email until after it has been run through the filtering.
It sounds like a cop-out, but this was a decision based on having an overloaded NOC and a couple of frustrated sysadmins. We offload the majority of that bandwidth, process, storage etc. to the outsource and we concentrate on keeping our customers happy. As much as we’d like to remain open-source, certain services are worth paying for, and this is one.
We are looking at other solutions, including an anti-spam appliance for the NOC, and other outsourced MX filtering services… but we don’t plan to use spamassasin and clamd for our own domains or close customers. Whenever I sell a website development project, I strongly push the outsourced spam/virus filter. Most folks understand the need.
I have used spamamassin on several sites prior to working in my current job, where all of my hosts are on my LAN and in my NOC. I can tell you that, on boxes where there are several hundred virtual domains and most are running spamassasin, the server loads during spam attacks get quite high, and last week we had an older server running cpanel where the bayes files for one domain went over the domain’s quota and created a loop that completely overloaded the server (8.0+), due to the process not being able to write.
When a user is at or near the full disk quota and they have bayes_token enabled, this can cause a condition where the spamd will run out of control and the bayes_token files will become corrupt for that user.