Optimizing Performance

  • Latest Version: Ensure that you are using the latest version of the PureMessage software by navigating to the Support > Available Updates page in the PureMessage Manager, selecting the repository from the Package Repositories drop-down list, and clicking Query. If any of the packages can be upgraded, you can do so by running pmx-setup at the command line.
  • PureMessage Service Configuration: Be sure that the PureMessage services running have sufficient RAM and CPU available. For recommendations, see "Memory and CPU Requirements" in the Prerequisites section of the Installation Guide.
  • Concurrent Interpreters: In the pmx.conf file, the concurrency_limit setting determines the maximum number of Perl interpreters that may be allocated to filter requests. When that value is reached, the concurrency_limit_action setting determines the action. Tuning these options can result in more efficient memory usage.
  • DNSBL (DNS Black List) or DNS Lookups by the Spam Filter: If the spam filter is configured to perform DNSBL (DNS Black List) or DNS checks, PureMessage performance is strongly affected by the connection speed between PureMessage and the DNS server. For optimal performance, install a local caching DNS server. To disable network checks entirely, set the enabled option in etc/spam.d/dnsbl.conf to "no". See "About Anti-Spam Rules" in the Policy Configuration section of the Administrator's Reference for more information.
  • IP Blocking: Ensure that you are using IP blocking, either at the MTA level or in the policy. The most effective way is to use IP blocking at the MTA level. This is set on the Local Services tab of the PureMessage Manager. Ensure that the IP Blocker Service is running, and then click MTA IP Blocking on the sidebar to ensure that this feature is enabled. Additionally, reverse DNS checks that detect dynamic IP addresses can be enabled. For more information, see "Enabling or Disabling MTA IP Blocking" in the Manager Reference.

    A lesser, but still very significant impact on performance is to use IP blocking in the policy. This option also requires that the IP Blocker service is running. On the Policy tab of the Manager, add a main rule, setting the test as Message is from blocked IP, and ensuring that the action is Stop processing.

  • Quarantine Database Options: PureMessage offers two database options: PostgreSQL and CDB (Common Database). PostgreSQL is installed by default, and it is required for multiple-server deployments requiring a centralized quarantine and PureMessage reporting. The CDB data store is a flat-file database that can be used in single-server implementations where reports are not a requirement. See "How do I change the quarantine indexing database?" in the Frequently Asked Questions for information about switching from the default database, PostgreSQL, to CDB.
  • PostgreSQL and Kernel Tuning: It may be necessary to tune the PostgreSQL server kernel, depending on your message volumes and server configuration. See "Tuning PostgreSQL for PureMessage" in the Sophos Knowledgebase and PostgreSQL's own documentation for more information.
  • Other Recommendations:
    • If you originally installed PureMessage prior to version 5.2.1, ensure that you are using the End User Web Interface (EUWI) with the direct method by editing the /opt/pmx6/etc/enduser/enduser_ui.conf file as described at the end of either the Single-Server Upgrade or the Multi-Server Upgrade pages in the Getting Started Guide.
    • If possible, perform address verification at the MTA level (greatest performance improvement) or in the policy (lesser, but still improved performance).
    • If your organization's policies allow it, discard high-probability spam, such as 90% and greater, or even just 99%, spam probability.
    • Ensure that you have implemented the settings for PostgreSQL suggested in the tuning guide that is included in the Sophos Knowledgebase.
    • If you are using sendmail and have a problem with load spikes, consider switching to Postfix.
    • Ensure large lists and maps are CDB-based.
    • Ensure that your logs are being rotated.