[Mimedefang] MIMEDefang crash

[Kevin A. McGrail]

Andrew,

Without going into things more detailed, I would say that 40 slaves can run
160 sendmail processes.  I would say that this could allow for a bit of a
memory spike to occur and could definitely take down my dual 2.4Xeon box
with 3GB of RAM.

However, in reality, 15K emails is a pretty low load to need to run that
many concurrent processes.  Anything that exceeded 20 at the same time would
be indicative of a DoS or netsplit or similar that would be likely to
overload your system.

Suggest a priority on keeping the box running and to protect the system from
these problems by adding these lines to your sendmail.mc.

define(`confMAX_DAEMON_CHILDREN', `20')dnl
define(`confCONNECTION_RATE_THROTTLE',`15')dnl

And then setting your min MD slaves to 6 and your max MD slaves to 21 and
see if that doesn't handle your load and protect you from future problems.

This is based on how we have kept our main servers stable but I'd also love
to get more feedback about this because we do DNS for spamassassin.org.
Because of that, people seem to feel the need to hammer our servers with
SPAM which we happily accept and use to build RBL information (not to
mention death threats and wackos for being "anti-ecommerce).

One last note.  With sendmail, I'm against using the maxrecipientspermessage
setting but I want to look into adding the BadRcptThrottle to the servers
that are not doing spamtraps.  I've never used it before and it seems like
it would be perfect but simply haven't had time to mess with it.

Regards,
KAM

> At around 11:30 today I had a large spike in incoming spam messages, about
> 400 received in a few minutes. I have had spikes like this in the past
> without any problems, but this time MIMEDefang died. I am running
> MIMEDefang 2.39 with SpamAssassin 2.61 and no virus scanning. Here is what