|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Address verification causing SMTP timeouts
From: Noel Jones (njones
megan.vbhcs.org)
Date: Thu Dec 14 2006 - 12:56:44 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 12:39 PM 12/14/2006, Victor Duchovni wrote:
>On Thu, Dec 14, 2006 at 01:38:20PM -0500, Joel Nimety wrote:
>
> >
> >
> > Noel Jones wrote:
> > > At 06:59 AM 12/14/2006, Robert Fitzpatrick wrote:
> > >> Well, my problem woke me up this morning again after it ran all
> > >> afternoon and last night perfectly. As I mentioned in other threads, my
> > >> SMTP connections on two different servers at different locations start
> > >> to slow. And it started happening on both servers at the same time. So,
> > >> I did some disabling on one server and it seems to be address
> > >> verification.
> > >
> > > This makes sense. Address verification holds the incoming connection
> > > open a little longer to allow time to check the next hop for the
> > > address. This can lead to using up all available smtpd processes.
> > > Increase the MAXPROC column for smtpd in master.cf to fix this.
> >
> > What are the implications of increasing maxproc for smtpd? More memory
> > usage? More cpu usage? Higher system load? I'm trying to decide if
> > turning on address verification and increasing max proc is doable in my
> > situation, the servers are already pretty taxed.
>
>High volume sites (and even low-volume ones IMHO) should not use sender
>address verification, it is no longer a very effective strategy, and
>at this point I believe does more harm than good.
We've been talking about recipient verification in this thread, so
I'll assume that's what Joel is referring to.
Running more smtpd processes will use some more memory, but most of
the memory footprint of smtpd is shared so this shouldn't be too bad.
As for load, if you are currently accepting, filtering, and bouncing
mail to unknown recipients your load is very likely to go
down. Maybe way down.
The best way to validate recipients is with a lookup table, either
local hash maps or *sql or ldap to a shared database. If that isn't
possible, active recipient verification is a reasonable second
choice. Note the next-hop downstream/internal server *must* be able
to 550 reject unknown recipients during SMTP for recipient
verification to work.
--
Noel Jones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]