Mail continues to be slow at times due to the amount of SPAM processed.
IDSG is working to resolve the problem.
IDSG continues to work with an open call to the vendor to solve this problem.
There is no estimated date for a resolution.
[2008-03-12 13:42:04 | Eric Fraser]
I’m sure that most of you have noticed the significant email delays that have been occurring off and on for the past several months while passing through the EECS Anti-Spam Appliances. Below is an explanation of what is happening, why it is happening, what has been done and is being done to resolve the issue and what you can do as a user to mitigate the effects spam.
**What is happening?**
The Barracuda Anti-Spam Appliances have periodically been under heavy load recently. The CPUs are running at 100% and not able to process all incoming messages promptly. When the CPUs are overloaded the appliances begin to queue up messages and then try to process them when things are quieter, a process that we’ve observed to not be very efficient. Typically these delays have impacted email originating from outside the department as well as email sent to mailing lists. Email sent directly to users within the Department via the SMTP gateway, gateway.eecs will bypass the appliances and be delivered directly.
**Why is it happening?**
On the first order there is just simply more spam. This is true in terms of sheer volume, but also in terms of ratios of spam vs. non-spam. Current ratios are approximately 95%/5% spam versus non-spam. These trends are no surprise and would not normally fall outside of our life-cycle planning for these systems.
EECS has always taken a very conservative stance on filtering spam, opting to tag everything and only block on emails that are either undeliverable or come from an invalid source. Because processing takes more resources than blocking, this has the effect of more load on the appliances.
The most significant impact that we’ve seen has been the large increase processing required in the last year or so in dealing with more sophisticated spam. In particular, all appliances now need to do much more in depth analysis of email attachments to deal with recent tricks in hiding spam within images with random pixel differentiations.
Finally, we’ve seen a few cases of recent exploitations of local email list servers than have compounded the impact. In particular, machines that have unmoderated and open email lists were being targeted
**What has been done so far?**
In the past month we’ve taken more aggressive actions on spam, including using Real-time Blackhole Lists (RBL) to filter mail coming from suspicious sources. This was beginning to have a positive effect on throughput. It also helped reveal some of the campus email list servers that were contributing to the quantities of spam. Now that those machines have been repaired, we are able to restore some of these more aggressive techniques. The next step that is being taken now is to block those emails coming from suspicious sources identified by SpamHaus, similar to what is being done at calmail. This should decrease the overall load on the appliances by 20%.
We’ve also taken some steps that will stop many of the unsophisticated spammers by doing a minimal version of graylisting.
**What is being done next?**
The appliances will be replaced with faster hardware within the next day or so. This will have the most significant impact as the hardware is 4x more powerful than the current hardware.
**What can users do to help fight spam?**
There are several documents that can describe this better than I am possible in this email. Some of them are listed on the IRIS FAQ site:
Personally, I find that it can be an eye-opening and mind-numbing experience to open up your Spam folder and walk through it for a moment. Take notice if there are any large numbers of spam messages sent to you that are being addressed to mailing lists that you may be on or to outside addresses that you have that are being forwarded to your account here. Large quantities of these would indicate that those lists or addresses are acting as open gateways for spam abuse. Removing yourself from unwanted lists and forwarding can be helpful as well as letting moderators of those sites know the extent to which spammers may be abusing those lists/addresses.