[Mimedefang] nasty multiplexor death
Adam Lanier
adam at krusty.madoff.com
Tue Apr 27 16:11:40 EDT 2004
On Tue, 27 Apr 2004 15:32:18 -0400 (EDT)
"David F. Skoll" <dfs at roaringpenguin.com> wrote:
> On Tue, 27 Apr 2004, Adam Lanier wrote:
>
> > Apr 27 13:47:31 krusty mimedefang[27573]: mfconnect: Error
> > communicating with multiplexor
>
> Does the multiplexor process actually die?
It doesn't die. In some cases, it will recover as threads get recycled; in some cases, nothing but recyling the multiplexor will correct the issue.
>
> > Apr 27 03:52:10 krusty sendmail[11446]: i3R5p4v0011446: Milter
> > (mimedefang): to error state
>
> That's actually a Sendmail error.
True, when I get this error from sendmail, the multiplexor is screwed.
>
> > define(`confQUEUE_LA', `12')dnl
> > define(`confREFUSE_LA', `18')dnl
>
> QUEUE_LA does much more damage than anything else; raise it to 5000.
> (i.e., you *never* want to just queue because of a high load average.)
> REFUSE_LA of 18 is too low for Linux; raise it to 50 or so.
will do
> > define(`confMAX_DAEMON_CHILDREN', `24')dnl
>
> That's probably too aggressive; raise it to around 100 - 150.
will do this one also, having just added this setting I wasn't too sure where to set the limit
> Is /var/spool/MIMEDefang on a RAM disk?
no, with 1Gb of RAM I'm not sure I'd be comfortable allocating a RAM disk, despite the obvious benefits. I am considering getting a solid-state disk to use though an additional 1Gb of RAM is probably cheaper.
> The NOTIFIER feature is used for something completely different; see
> the mimedefang-notify(7) man page. That man page has a sample Perl
> script with Linux firewall rules that reject SYN packets on port 25
> when there are no free slaves, and accepts them when there is a free slave
> again. THat might help your server withstand an attack.
Yes, I looked that script over before I started testing mine. I'm currently just doing some testing with this functionality. Wouldn't it make sense for the NOTIFIER feature to notify regarding warnings or errors though?
--
Adam Lanier
Bernard L. Madoff Investment Securities LLC
More information about the MIMEDefang
mailing list