OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: more woes...new installation help
From: Ralf Hildebrandt (R.Hildebrandttu-bs.de)
Date: Thu Mar 23 2000 - 10:14:25 CST

On Thu, Mar 23, 2000 at 10:56:45AM -0500, Admin Mailing Lists wrote:

> Last night (first night running it) I had the smtp port become
> unresponsive, twice, for a minute. This morning it also became
> unresponsive under a server load of only like .5 I had to stop/start it.
> "Unresponsive" meaning, would connect, but no banner or do anything. Even
> connecting from localhost.

What did the log say for that period of time ?

> Nextly, load with postfix has been greater than with sendmail 8.9.3.
> sendmail had the effect at night of a PEAKED load of 3 on the server.
> Postfix last night stayed around a load of 5 in the prime time hours and
> at one time peaked the load to 9.
> If this is a result of the daemon operations itself, or the extensively
> logging of it, i'm not sure.

> Another thing i noticed which may or may not mean anything is, i started
> using the mailinglist-recommended contrib package to do mailstat-like
> graphing with MRTG. The new graph compared to the old sendmail one..the
> outgoing is pretty much the same, but the incoming messages shot up like a
> rocket immediately. In the prime time the average was around 40
> messages..now it's like 150.
> for graphs: http://www.intergrafix.net/mailstats

So your box accepts about 4x more incoming connections at the same time than
before -- this surely is bound to increase load.

Nevertheless, you can throttle that if you want to.
Check this:
http://www.informatik.uni-bonn.de/pub/software/postfix/resource.html

And also have a look at master.cf:
smtp inet n - y - - smtpd
smtp unix - - y - 25 smtp

                                                ^^
                                                You can limit the # of
                                                processes here!

> Lastly, only other things I can thing of are:
> I'm running postmap and postfix reload every 30 seconds to update
> pop-before-smtp hash tables.

=:|

This will put a considerable load on the box. Besides, you don't need to
"postfix reload" since postfix automagically recognizes changed tables.

The daemons commit suicide and restart when they see a change in the maps
(or such).

> 3) can anyone explain this warning and how to fix it:
> Mar 22 14:13:19 athena postfix/smtpd[29927]: warning: restriction
> `reject_unknown_recipient_domain' after `check_relay_domains' is ignored

What part of that particukar sentence don't you understand?

restriction 'reject_unknown_recipient_domain' after 'check_relay_domains' is ignored

> hash:$config_directory/relay_allowed,check_relay_domains,reject_unknown_recipient_domain,permit_mx_backup
Hmm, I see reject_unknown_recipient_domain after check_relay_domains here :)
It's ignored since it makes no sense. Refer to the docs.

BTW, about your ps output: Relax, you have
    a smtpd process for each incoming SMTP connection (The Postfix SMTP
server receives the message and does some sanity checks, in order to protect
the rest of the Postfix system.)

and a cleanup for each incoming SMTP connection (The cleanup daemon
implements the final processing stage for new mail)

and a smtp for each outgoing SMTP connection.

For details, see
http://www.informatik.uni-bonn.de/pub/software/postfix/receiving.html 

-- 
Ralf Hildebrandt <R.Hildebrandttu-bs.de> www.stahl.bau.tu-bs.de/~hildeb
So unleash your nmap-from-hell and beware, you may tickle an obscure
bug in an ancient box hand-built by Seymour Cray himself, the only one
of its kind ever made, whose sole user pays the salaries of everyone
you ever met in the entire time you worked at the company, with money
he makes with an investment strategy hand-coded in assembler for this
special machine, by an analytic wizard who has since died.