[Mimedefang] nasty multiplexor death

Adam Lanier adam at krusty.madoff.com
Tue Apr 27 16:11:40 EDT 2004


On Tue, 27 Apr 2004 15:32:18 -0400 (EDT)
"David F. Skoll" <dfs at roaringpenguin.com> wrote:

> On Tue, 27 Apr 2004, Adam Lanier wrote:
> 
> > Apr 27 13:47:31 krusty mimedefang[27573]: mfconnect: Error
> > communicating with multiplexor
> 
> Does the multiplexor process actually die?

It doesn't die.  In some cases, it will recover as threads get recycled; in some cases, nothing but recyling the multiplexor will correct the issue.

> 
> > Apr 27 03:52:10 krusty sendmail[11446]: i3R5p4v0011446: Milter
> > (mimedefang): to error state
> 
> That's actually a Sendmail error.

True, when I get this error from sendmail, the multiplexor is screwed.

> 
> > define(`confQUEUE_LA', `12')dnl
> > define(`confREFUSE_LA', `18')dnl
> 
> QUEUE_LA does much more damage than anything else; raise it to 5000.
> (i.e., you *never* want to just queue because of a high load average.)
> REFUSE_LA of 18 is too low for Linux; raise it to 50 or so.

will do

> > define(`confMAX_DAEMON_CHILDREN', `24')dnl
> 
> That's probably too aggressive; raise it to around 100 - 150.

will do this one also, having just added this setting I wasn't too sure where to set the limit

 
> Is /var/spool/MIMEDefang on a RAM disk?

no, with 1Gb of RAM I'm not sure I'd be comfortable allocating a RAM disk, despite the obvious benefits.  I am considering getting a solid-state disk to use though an additional 1Gb of RAM is probably cheaper.

> The NOTIFIER feature is used for something completely different; see
> the mimedefang-notify(7) man page.  That man page has a sample Perl
> script with Linux firewall rules that reject SYN packets on port 25
> when there are no free slaves, and accepts them when there is a free slave
> again.  THat might help your server withstand an attack.

Yes, I looked that script over before I started testing mine.  I'm currently just doing some testing with this functionality.  Wouldn't it make sense for the NOTIFIER feature to notify regarding warnings or errors though?

-- 
Adam Lanier
Bernard L. Madoff Investment Securities LLC



More information about the MIMEDefang mailing list