[Mimedefang] MIMEDefang crash

Andrew_Hoying at blm.gov Andrew_Hoying at blm.gov
Thu Jan 8 15:39:14 EST 2004





Good suggestions, I've implemented them and the server is running
significantly better now. I did notice that sendmail processes were sitting
in cmd read state for up to their hour timeout quite often which soon
filled up the 20 allowed connections so I also added the following which
seems to have fixed that problem:

define(`confTO_COMMAND',`5m')dnl
define(`confTO_DATABLOCK', `10m')dnl
define(`confTO_DATAFINAL', `10m')dnl

Is there any other timeouts that would be good to set? Is there any
problems with those timeouts?

Thanks again,
Andrew Hoying



                                                                           
             "Kevin A.                                                     
             McGrail"                                                      
             <kmcgrail at pccc.co                                          To 
             m>                        <mimedefang at lists.roaringpenguin.co 
             Sent by:                  m>                                  
             mimedefang-bounce                                          cc 
             s at lists.roaringpe                                             
             nguin.com                                             Subject 
                                       Re: [Mimedefang] MIMEDefang crash   
                                                                           
             01/08/2004 12:48                                              
             PM                                                            
                                                                           
                                                                           
             Please respond to                                             
             mimedefang at lists.                                             
             roaringpenguin.co                                             
                     m                                                     
                                                                           
                                                                           




Andrew,

Without going into things more detailed, I would say that 40 slaves can run
160 sendmail processes.  I would say that this could allow for a bit of a
memory spike to occur and could definitely take down my dual 2.4Xeon box
with 3GB of RAM.

However, in reality, 15K emails is a pretty low load to need to run that
many concurrent processes.  Anything that exceeded 20 at the same time
would
be indicative of a DoS or netsplit or similar that would be likely to
overload your system.

Suggest a priority on keeping the box running and to protect the system
from
these problems by adding these lines to your sendmail.mc.

define(`confMAX_DAEMON_CHILDREN', `20')dnl
define(`confCONNECTION_RATE_THROTTLE',`15')dnl

And then setting your min MD slaves to 6 and your max MD slaves to 21 and
see if that doesn't handle your load and protect you from future problems.

This is based on how we have kept our main servers stable but I'd also love
to get more feedback about this because we do DNS for spamassassin.org.
Because of that, people seem to feel the need to hammer our servers with
SPAM which we happily accept and use to build RBL information (not to
mention death threats and wackos for being "anti-ecommerce).

One last note.  With sendmail, I'm against using the
maxrecipientspermessage
setting but I want to look into adding the BadRcptThrottle to the servers
that are not doing spamtraps.  I've never used it before and it seems like
it would be perfect but simply haven't had time to mess with it.

Regards,
KAM

> At around 11:30 today I had a large spike in incoming spam messages,
about
> 400 received in a few minutes. I have had spikes like this in the past
> without any problems, but this time MIMEDefang died. I am running
> MIMEDefang 2.39 with SpamAssassin 2.61 and no virus scanning. Here is
what

_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang




More information about the MIMEDefang mailing list