From owner-freebsd-isp@FreeBSD.ORG Tue Apr 26 09:07:48 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9389316A4CE for ; Tue, 26 Apr 2005 09:07:48 +0000 (GMT) Received: from smf-camp8.smf.ebay.com (smfcamppool08.emailebay.com [66.135.215.237]) by mx1.FreeBSD.org (Postfix) with ESMTP id 460D143D1D for ; Tue, 26 Apr 2005 09:07:43 +0000 (GMT) (envelope-from cmuser@shaggy.smf.ebay.com) Received: from shaggy.smf.ebay.com (fallback-camp.vip.smf.ebay.com [10.108.160.50])j3Q97hZd006601 for ; Tue, 26 Apr 2005 02:07:43 -0700 Received: (from cmuser@localhost) by shaggy.smf.ebay.com (8.11.6+Sun/8.11.6) id j3Q92qG13678; Tue, 26 Apr 2005 02:02:52 -0700 (PDT) Date: Tue, 26 Apr 2005 02:02:52 -0700 (PDT) From: Unexpected reply handler Message-Id: <200504260902.j3Q92qG13678@shaggy.smf.ebay.com> To: freebsd-isp@freebsd.org References: <200504260901.j3Q9146M001785@mailhost5.sjc.ebay.com> In-Reply-To: <200504260901.j3Q9146M001785@mailhost5.sjc.ebay.com> Precedence: junk X-Loop: reply@reply.ebay.com Subject: Re: Hi X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2005 09:07:48 -0000 Thank you for your response. Please don't reply to this message - it is an automated response and your reply will not be received. If you have a question for eBay Customer Support, please visit the following eBay Help page. This page will help you locate the answer to your question, or assist you in contacting us: http://pages.ebay.com/help/index.html If you would like to change your notification preferences, which determine what type of email you receive from eBay, please follow the steps below: 1. Click "My eBay" located at the top of all eBay pages. You may be asked to sign in. 2. Click the "eBay Preferences" link located under the "My Account" heading. 3. Click the "view/change" link to the right of "Notification Preferences." You may be asked to sign in once more. 4. On the "Change Your Notification Preferences" page, check the boxes to indicate the types of messages you'd like to receive from eBay. Then, uncheck the boxes to indicate the types of messages you don't want to receive from us. 5. Once you're done, be sure to click the "Save Changes" button at the top or bottom of the page. Again, thanks for writing eBay. -- From owner-freebsd-isp@FreeBSD.ORG Wed Apr 27 23:06:54 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CE3816A4CE for ; Wed, 27 Apr 2005 23:06:54 +0000 (GMT) Received: from psknet.com (kennedy.psknet.com [63.171.251.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0198B43D48 for ; Wed, 27 Apr 2005 23:06:54 +0000 (GMT) (envelope-from troy@psknet.com) Received: from dilbert.psknet.com ([63.171.251.35]) by psknet.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43 (FreeBSD)) id 1DQvcK-000EgZ-Tr for freebsd-isp@freebsd.org; Wed, 27 Apr 2005 19:06:53 -0400 Message-ID: <427019F3.6000000@psknet.com> Date: Wed, 27 Apr 2005 19:02:11 -0400 From: Troy Settle User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ipfw/natd broken? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2005 23:06:54 -0000 All, I have a box (486, 16mb) running FreeBSD 3.51-something. It's been in service for the better part of 10 years (originally 2.0.5 or so). It's acting as a router/nat device for a network with about 50 desktop systems, and has never given me a problem until this week. It seems that VPN (PPTP) won't work behind NAT. I can use VPN tunnels from XP PRO to both windows servers and linux-based VPN servers all day long from home using my netgear broadband router, but from this location, behind the FreeBSD box, they won't work. What gives? -- -- Troy Settle Pulaski Networks 866.477.5638 http://www.psknet.com From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 01:32:08 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8785116A4CE for ; Thu, 28 Apr 2005 01:32:08 +0000 (GMT) Received: from aoniu.kalianet.to (smtp.kalianet.to [209.58.72.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 030C143D45 for ; Thu, 28 Apr 2005 01:32:05 +0000 (GMT) (envelope-from samkava@kalianet.to) Received: from CIRIUM (LATE [209.58.72.122]) by aoniu.kalianet.to (8.13.3/8.12.8) with ESMTP id j3S00Auc021956 for ; Thu, 28 Apr 2005 13:00:21 +1300 From: "Sam Kava" To: Date: Thu, 28 Apr 2005 14:31:38 +1300 Message-ID: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: load balancing - email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 01:32:08 -0000 I am planning to setup a load balancing server to allow 3 pop servers to share access to my mail server. Read the postings but nobody really touch this subject. Appreciate any help, hopefully someone has done this using freebsd. Thanks for any help. Sam. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.10.4 - Release Date: 27/04/2005 From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 02:23:38 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B9FA16A4CE for ; Thu, 28 Apr 2005 02:23:38 +0000 (GMT) Received: from gumby.citytel.net (gumby.citytel.net [204.244.98.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C7A343D2F for ; Thu, 28 Apr 2005 02:23:38 +0000 (GMT) (envelope-from kwoody@citytel.net) Received: from pop.citytel.net (pop.citytel.net [204.244.98.50]) by gumby.citytel.net (Postfix) with ESMTP id 5ED13237353 for ; Wed, 27 Apr 2005 19:23:35 -0700 (PDT) Date: Wed, 27 Apr 2005 19:24:55 -0700 (PDT) From: Keith Woodworth To: freebsd-isp@freebsd.org In-Reply-To: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> Message-ID: <20050427191941.L65811@pop.citytel.net> References: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: NTop X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 02:23:38 -0000 Started playing around with NTop the other day. Had it watching just the local interface (fxp0) for testing. Its not a very powerful machine only a PII. As a test I threw 15Megs of traffic at it on another interface (fxp1) and it completely bogged the machine down, dropping packets faster than a bucket full of holes, which I sorta expected anyway. So question is what is a good machine spec wise to be able to run Ntop at about 100Megs of traffic? I guess faster is better and as much ram as I can stuff into it. Anyone else running Ntop? What kind of machine vs how much traffic are you looking at? thanks, Keith From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 04:20:04 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A2A216A4CE for ; Thu, 28 Apr 2005 04:20:04 +0000 (GMT) Received: from twonetom18.sge.net (twonetom18.sge.net [152.91.2.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00CDD43D64 for ; Thu, 28 Apr 2005 04:20:03 +0000 (GMT) (envelope-from Stanley.Hopcroft@IPAustralia.gov.au) Received: from twonetvs14.sge.net (twonetvs-om [152.91.2.17]) by twonetom18.sge.net (Postfix) with ESMTP id 9B048AB15 for ; Thu, 28 Apr 2005 14:20:03 +1000 (EST) Received: from twonetvs14.sge.net (localhost [127.0.0.1]) by localhost (Postfix) with ESMTP id 3B64E15F64 for ; Thu, 28 Apr 2005 14:20:01 +1000 (EST) Received: from twonetim2.sge.net (twonetim-vs.sge.net [152.91.2.9]) by twonetvs14.sge.net (Postfix) with ESMTP id 2A43D15F31 for ; Thu, 28 Apr 2005 14:20:01 +1000 (EST) Received: from guinness.lyn.gwy (unknown [152.91.9.242]) by twonetim2.sge.net (Postfix) with SMTP id E26DCA9C9 for ; Thu, 28 Apr 2005 14:20:18 +1000 (EST) Received: from vmail.aipo.gov.au (mail-in.ipa.lyn.gwy [192.168.254.253]) by guinness.lyn.gwy with ESMTP id j3S4K0nt015293 for ; Thu, 28 Apr 2005 14:20:00 +1000 (EST) Received: from ws11114.aipo.gov.au (ws11114.aipo.gov.au [10.0.7.233]) by vmail.aipo.gov.au (8.12.9p2/8.12.9) with ESMTP id j3S4K0oR086953 for ; Thu, 28 Apr 2005 14:20:00 +1000 (EST) (envelope-from Stanley.Hopcroft@IPAustralia.gov.au) Received: from ws11114.aipo.gov.au (localhost [127.0.0.1]) by ws11114.aipo.gov.au (8.13.3/8.13.3) with ESMTP id j3S4J1RE050323 for ; Thu, 28 Apr 2005 14:19:01 +1000 (EST) (envelope-from anwsmh@ws11114.aipo.gov.au) Received: (from anwsmh@localhost) by ws11114.aipo.gov.au (8.13.3/8.13.3/Submit) id j3S4J13I050322 for freebsd-isp@freebsd.org; Thu, 28 Apr 2005 14:19:01 +1000 (EST) (envelope-from anwsmh) Date: Thu, 28 Apr 2005 14:19:01 +1000 From: Stanley Hopcroft To: freebsd-isp@freebsd.org Message-ID: <20050428041901.GC49470@ws11114.aipo.gov.au> References: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> <20050427191941.L65811@pop.citytel.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_1114662000-84898-170" Content-Disposition: inline In-Reply-To: <20050427191941.L65811@pop.citytel.net> User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.48 on 10.0.100.191 Subject: Re: NTop X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 04:20:04 -0000 This is a multi-part message in MIME format... ------------=_1114662000-84898-170 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Dear Sir, I am writing to thank you for your letter and say, On Wed, Apr 27, 2005 at 07:24:55PM -0700, Keith Woodworth wrote: > > > Anyone else running Ntop? What kind of machine vs how much traffic are you > looking at? > Ntop needs a lot of RAM if you want to monitor serious bandwidth (ie LAN or big WAN). I think the requirement is documented in the distro docs/FAQ 'Q. Why does ntop use so much memory ?' IIRC correctly it uses 12-16 kB/host. Think about nmap 10/8. > thanks, > Keith Other caveats are 3.1 - the latest release - may not work too well on RELENG 4. The Ntop list archives on gmane are prob your friends; the memory issues come up often. Yours sincerely. ------------=_1114662000-84898-170 Content-Type: text/plain; name="disclaimer.txt" Content-Disposition: inline; filename="disclaimer.txt" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 X-Mailer: MIME-tools 5.415 (Entity 5.415) -- This message contains privileged and confidential information only for use by the intended recipient. If you are not the intended recipient of this message, you must not disseminate, copy or use it in any manner. If you have received this message in error, please advise the sender by reply e-mail. Please ensure all e-mail attachments are scanned for viruses prior to opening or using. ------------=_1114662000-84898-170-- From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 07:25:19 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13E2D16A4CE for ; Thu, 28 Apr 2005 07:25:19 +0000 (GMT) Received: from obh.snafu.de (obh.snafu.de [213.73.92.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8017643D49 for ; Thu, 28 Apr 2005 07:25:18 +0000 (GMT) (envelope-from ob@gruft.de) Received: from ob by obh.snafu.de with local (Exim 4.50 (FreeBSD)) id 1DR3Of-0006Ay-GE for freebsd-isp@freebsd.org; Thu, 28 Apr 2005 09:25:17 +0200 Date: Thu, 28 Apr 2005 09:25:17 +0200 From: Oliver Brandmueller To: freebsd-isp@freebsd.org Message-ID: <20050428072517.GO95908@e-Gitt.NET> References: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> User-Agent: Mutt/1.5.9i Sender: Oliver Brandmueller Subject: Re: load balancing - email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 07:25:19 -0000 Hello. On Thu, Apr 28, 2005 at 02:31:38PM +1300, Sam Kava wrote: > I am planning to setup a load balancing server to allow 3 pop servers to > share access to my mail server. Read the postings but nobody really > touch this subject. Appreciate any help, hopefully someone has done this > using freebsd. The mail storage format should be Maildir - which is NFS safe. Access to Maildir mailboxes by pop can be accomplished by courier-imap (it has a POP component) or the dovecot imap/pop server. I have both running in a single setup (for access to different mailboxes). The dir with the mailboxes can then simply be mounted from an NFS server. You should think about a shared authentication mechanism; we use LDAP for that. It's quite simple. We even use more than one SMTP Server to handle incoming mails in this setup. Lodabalncing is done by an Alteon 180e in front of the machines (currently 3, soon to be 5). - Oliver -- | Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin | | Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/ | | Ich bin das Internet. Sowahr ich Gott helfe. | | Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! | From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 07:41:04 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7222416A4CE for ; Thu, 28 Apr 2005 07:41:04 +0000 (GMT) Received: from smtp.datapro.co.za (mail.uskonet.com [196.3.164.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F80943D3F for ; Thu, 28 Apr 2005 07:41:02 +0000 (GMT) (envelope-from etienne@unix.za.org) Received: from NiNJA.datapro.co.za (ninja.datapro.co.za [196.35.242.87]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.datapro.co.za (Postfix) with ESMTP id 9C5A339D22 for ; Thu, 28 Apr 2005 09:35:54 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by NiNJA.datapro.co.za (Postfix) with ESMTP id 26ED2A8E63 for ; Thu, 28 Apr 2005 09:44:13 +0200 (SAST) From: Etienne Ledoux To: freebsd-isp@freebsd.org Date: Thu, 28 Apr 2005 09:44:12 +0200 User-Agent: KMail/1.6.2 References: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> <20050428072517.GO95908@e-Gitt.NET> In-Reply-To: <20050428072517.GO95908@e-Gitt.NET> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200504280944.12838.etienne@unix.za.org> Subject: Re: load balancing - email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: etienne@unix.za.org List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 07:41:04 -0000 > It's quite simple. We even use more than one SMTP Server to handle > incoming mails in this setup. Lodabalncing is done by an Alteon 180e in > front of the machines (currently 3, soon to be 5). I have a similar setup but I use ipf (ipnat round-robin) for my load balancing, on a freebsd box infront of the machines. Works just as good. e. From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 08:04:03 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD67016A4CE for ; Thu, 28 Apr 2005 08:04:03 +0000 (GMT) Received: from obh.snafu.de (obh.snafu.de [213.73.92.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6640C43D5C for ; Thu, 28 Apr 2005 08:04:03 +0000 (GMT) (envelope-from ob@gruft.de) Received: from ob by obh.snafu.de with local (Exim 4.50 (FreeBSD)) id 1DR40A-0006hX-DO for freebsd-isp@freebsd.org; Thu, 28 Apr 2005 10:04:02 +0200 Date: Thu, 28 Apr 2005 10:04:02 +0200 From: Oliver Brandmueller To: freebsd-isp@freebsd.org Message-ID: <20050428080402.GP95908@e-Gitt.NET> References: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> <20050428072517.GO95908@e-Gitt.NET> <200504280944.12838.etienne@unix.za.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200504280944.12838.etienne@unix.za.org> User-Agent: Mutt/1.5.9i Sender: Oliver Brandmueller Subject: Re: load balancing - email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 08:04:03 -0000 Hi. On Thu, Apr 28, 2005 at 09:44:12AM +0200, Etienne Ledoux wrote: > I have a similar setup but I use ipf (ipnat round-robin) for my load > balancing, on a freebsd box infront of the machines. Works just as good. Never looked at it; is it able to do weighting and failover? How does it detect, if a service is down on one of the machines, so that you don't have every third connection failing? - Oliver -- | Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin | | Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/ | | Ich bin das Internet. Sowahr ich Gott helfe. | | Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! | From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 09:15:20 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A97616A4CE for ; Thu, 28 Apr 2005 09:15:20 +0000 (GMT) Received: from mailspool.ops.uunet.co.za (mailspool.ops.uunet.co.za [196.7.0.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id B40E643D1D for ; Thu, 28 Apr 2005 09:15:19 +0000 (GMT) (envelope-from mark@aboutit.co.za) Received: from 196-47-4-10.access.uunet.co.za ([196.47.4.10] helo=hermes.aboutit.co.za) by mailspool.ops.uunet.co.za with esmtp (Exim 3.36 #1) id 1DR576-00040o-00 for freebsd-isp@freebsd.org; Thu, 28 Apr 2005 11:15:17 +0200 Received: by hermes.aboutit.co.za (Postfix, from userid 65534) id D45427149E; Thu, 28 Apr 2005 11:15:11 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by hermes.aboutit.co.za (Postfix) with ESMTP id 1D28997C91 for ; Thu, 28 Apr 2005 11:15:10 +0200 (SAST) Received: from hermes.aboutit.co.za (localhost [127.0.0.1]) by hermes.aboutit.co.za (Postfix) with ESMTP id 32C9369DC1 for ; Thu, 28 Apr 2005 11:15:09 +0200 (SAST) Message-ID: <212682.1114679709203.SLOX.WebMail.wwwrun@hermes.aboutit.co.za> From: Mark Bojara To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Priority: 3 (normal) X-Mailer: SuSE Linux Openexchange Server 4 - WebMail (Build 2.3780) X-Operating-System: Linux 2.4.19-4GB i386 (JVM 1.3.1_04) Organization: AboutIT Online Date: Thu, 28 Apr 2005 11:15:09 +0200 (SAST) X-Virus-Scanned: by AMaViS snapshot-20020531 X-Spam-Status: No, hits=-3.7 required=8.0 tests=AWL,BAYES_01 version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Subject: apache in worker mode eats memory X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 09:15:20 -0000 Hi All Im running Apache 2.0.53 server on 5.4-RC3 AMD64 in Worker mode. This webserver serves 50000 hits per hour. Whats currently happening is it works fine for 8 hours then the server just starts spawning httpd processes when it reaches about 70 processes the box runs out of memory and swap space then crashes :( This is what I currently have set: ServerLimit 16 StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 20000 EnableSendfile Off HostnameLookups Off EnableMMAP on Timeout 120 KeepAlive On MaxKeepAliveRequests 1024 KeepAliveTimeout 15 Anyone seen this perhaps a better way of doing it? Thanks Mark From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 09:21:34 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3C90316A4CE for ; Thu, 28 Apr 2005 09:21:34 +0000 (GMT) Received: from smtp.datapro.co.za (mail.uskonet.com [196.3.164.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59C1143D46 for ; Thu, 28 Apr 2005 09:21:28 +0000 (GMT) (envelope-from etiennel@datapro.co.za) Received: from NiNJA.datapro.co.za (ninja.datapro.co.za [196.35.242.87]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.datapro.co.za (Postfix) with ESMTP id 6FE9A39D6A for ; Thu, 28 Apr 2005 11:16:19 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by NiNJA.datapro.co.za (Postfix) with ESMTP id 8EED9E7193 for ; Thu, 28 Apr 2005 11:24:38 +0200 (SAST) From: Etienne Ledoux To: freebsd-isp@freebsd.org Date: Thu, 28 Apr 2005 11:24:38 +0200 User-Agent: KMail/1.6.2 References: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> <200504280944.12838.etienne@unix.za.org> <20050428080402.GP95908@e-Gitt.NET> In-Reply-To: <20050428080402.GP95908@e-Gitt.NET> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200504281124.38084.etiennel@datapro.co.za> Subject: Re: load balancing - email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: etiennel@datapro.co.za List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 09:21:34 -0000 On Thursday 28 April 2005 10:04, Oliver Brandmueller wrote: > Hi. > > On Thu, Apr 28, 2005 at 09:44:12AM +0200, Etienne Ledoux wrote: > > I have a similar setup but I use ipf (ipnat round-robin) for my load > > balancing, on a freebsd box infront of the machines. Works just as good. > > Never looked at it; is it able to do weighting and failover? How does it > detect, if a service is down on one of the machines, so that you don't > have every third connection failing? > Well I guess it's not that fancy. It's just plain vanilla round-robin load balancing. I use other tools to detect services that die, queues not clearing etc. I also use freevrrpd for failover. There use to be a project called lload. This apparently in conjunction with ipfw could do weighted load balancing but I can't seem to find that anymore. I guess it died. I'm sure there might be similar projects though. From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 09:36:07 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BC3116A4CE for ; Thu, 28 Apr 2005 09:36:07 +0000 (GMT) Received: from a2.scoop.co.nz (aurora.scoop.co.nz [202.50.109.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2CD7643D41 for ; Thu, 28 Apr 2005 09:36:06 +0000 (GMT) (envelope-from andrew@scoop.co.nz) Received: from a2.scoop.co.nz (localhost [127.0.0.1]) by a2.scoop.co.nz (8.13.3/8.12.11) with ESMTP id j3S9Zh7E066939; Thu, 28 Apr 2005 21:35:43 +1200 (NZST) (envelope-from andrew@scoop.co.nz) Received: from localhost (andrew@localhost)j3S9Zh0U066936; Thu, 28 Apr 2005 21:35:43 +1200 (NZST) (envelope-from andrew@scoop.co.nz) X-Authentication-Warning: a2.scoop.co.nz: andrew owned process doing -bs Date: Thu, 28 Apr 2005 21:35:43 +1200 (NZST) From: Andrew McNaughton To: Mark Bojara In-Reply-To: <212682.1114679709203.SLOX.WebMail.wwwrun@hermes.aboutit.co.za> Message-ID: <20050428212753.W66240@a2.scoop.co.nz> References: <212682.1114679709203.SLOX.WebMail.wwwrun@hermes.aboutit.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV 0.83/857/Thu Apr 28 18:30:10 2005 on a2.scoop.co.nz X-Virus-Status: Clean cc: freebsd-isp@freebsd.org Subject: Re: apache in worker mode eats memory X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 09:36:07 -0000 If apache is allowed to spawn enough processes to run you out of memory, you are going to have problems. Work on your apache config and process limits to make sure this can't happen. If you consume enough memory to start paging, the time it takes for a request to be handled climbs, more processes mount up, you consume more memory, and the system goes down badly. Limiting how much you try to handle at once enables you to handle more. If your server processes have a large memory footprint, using a proxy in front of your web server to handle spooling requests to users might help a lot. Caching is not necessarily part of that picture, but that might also help save you from using large apache processes to serve simple requests. Andrew McNaughton On Thu, 28 Apr 2005, Mark Bojara wrote: > Date: Thu, 28 Apr 2005 11:15:09 +0200 (SAST) > From: Mark Bojara > To: freebsd-isp@freebsd.org > Subject: apache in worker mode eats memory > > Hi All > > Im running Apache 2.0.53 server on 5.4-RC3 AMD64 in Worker mode. This > webserver serves 50000 hits per hour. Whats currently happening is it > works fine for 8 hours then the server just starts spawning httpd > processes when it reaches about 70 processes the box runs out of memory > and swap space then crashes :( > > This is what I currently have set: > ServerLimit 16 > StartServers 2 > MaxClients 150 > MinSpareThreads 25 > MaxSpareThreads 75 > ThreadsPerChild 25 > MaxRequestsPerChild 20000 > EnableSendfile Off > HostnameLookups Off > EnableMMAP on > Timeout 120 > KeepAlive On > MaxKeepAliveRequests 1024 > KeepAliveTimeout 15 > > Anyone seen this perhaps a better way of doing it? > > Thanks > Mark > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- There is no way to happiness Happiness is the way ------------------------------------------------------------------- Andrew McNaughton http://www.scoop.co.nz/ andrew@scoop.co.nz Mobile: +61 422 753 792 -- pgp encrypted mail welcome keyid: 70F6C32D keyserver: pgp.mit.edu 5688 2396 AA81 036A EBAC 2DD4 1BEA 7975 A84F 6686 From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 11:29:04 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A00216A4CE for ; Thu, 28 Apr 2005 11:29:04 +0000 (GMT) Received: from mh1.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 385FB43D39 for ; Thu, 28 Apr 2005 11:29:03 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by mh1.centtech.com (8.13.1/8.13.1) with ESMTP id j3SBSlTA062938; Thu, 28 Apr 2005 06:28:47 -0500 (CDT) (envelope-from anderson@centtech.com) Message-ID: <4270C8B8.4080002@centtech.com> Date: Thu, 28 Apr 2005 06:27:52 -0500 From: Eric Anderson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050325 X-Accept-Language: en-us, en MIME-Version: 1.0 To: etiennel@datapro.co.za References: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> <200504280944.12838.etienne@unix.za.org> <20050428080402.GP95908@e-Gitt.NET> <200504281124.38084.etiennel@datapro.co.za> In-Reply-To: <200504281124.38084.etiennel@datapro.co.za> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.82/857/Thu Apr 28 01:30:10 2005 on mh1.centtech.com X-Virus-Status: Clean cc: freebsd-isp@freebsd.org Subject: Re: load balancing - email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 11:29:04 -0000 Etienne Ledoux wrote: > On Thursday 28 April 2005 10:04, Oliver Brandmueller wrote: > >>Hi. >> >>On Thu, Apr 28, 2005 at 09:44:12AM +0200, Etienne Ledoux wrote: >> >>>I have a similar setup but I use ipf (ipnat round-robin) for my load >>>balancing, on a freebsd box infront of the machines. Works just as good. >> >>Never looked at it; is it able to do weighting and failover? How does it >>detect, if a service is down on one of the machines, so that you don't >>have every third connection failing? >> > > > Well I guess it's not that fancy. It's just plain vanilla round-robin load > balancing. I use other tools to detect services that die, queues not clearing > etc. I also use freevrrpd for failover. There use to be a project called > lload. This apparently in conjunction with ipfw could do weighted load > balancing but I can't seem to find that anymore. I guess it died. I'm sure > there might be similar projects though. Round-robin is typically considered 'load distribution', where the load is evenly distributed amongst a list of hosts, but not balanced by how loaded the machine is or if the machine is even down. CARP, which will be in 5.4R I believe (and is in 6.0-CURRENT now), is like VRRP, but with more knobs, whistles, and features. You should look into CARP for this. Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology A lost ounce of gold may be found, a lost moment of time never. ------------------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 12:09:21 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD44D16A4CE for ; Thu, 28 Apr 2005 12:09:21 +0000 (GMT) Received: from obh.snafu.de (obh.snafu.de [213.73.92.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A14843D46 for ; Thu, 28 Apr 2005 12:09:21 +0000 (GMT) (envelope-from ob@gruft.de) Received: from ob by obh.snafu.de with local (Exim 4.50 (FreeBSD)) id 1DR7pY-000As6-Jp for freebsd-isp@freebsd.org; Thu, 28 Apr 2005 14:09:20 +0200 Date: Thu, 28 Apr 2005 14:09:20 +0200 From: Oliver Brandmueller To: freebsd-isp@freebsd.org Message-ID: <20050428120920.GA33214@e-Gitt.NET> References: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> <200504280944.12838.etienne@unix.za.org> <20050428080402.GP95908@e-Gitt.NET> <200504281124.38084.etiennel@datapro.co.za> <4270C8B8.4080002@centtech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4270C8B8.4080002@centtech.com> User-Agent: Mutt/1.5.9i Sender: Oliver Brandmueller Subject: Re: load balancing - email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 12:09:21 -0000 Hi. On Thu, Apr 28, 2005 at 06:27:52AM -0500, Eric Anderson wrote: > CARP, which will be in 5.4R I believe (and is in 6.0-CURRENT now), is > like VRRP, but with more knobs, whistles, and features. You should look > into CARP for this. I know CARP handles the case, that a host is down, but does it handle the case, that a single service on a host is down? - Oliver -- | Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin | | Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/ | | Ich bin das Internet. Sowahr ich Gott helfe. | | Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! | From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 14:23:56 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41D8F16A4CE for ; Thu, 28 Apr 2005 14:23:56 +0000 (GMT) Received: from mail.kconline.com (mail.kconline.com [216.241.132.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id CEB2543D2F for ; Thu, 28 Apr 2005 14:23:55 +0000 (GMT) (envelope-from clint@southerncomp.com) Received: from [127.0.0.1] (xl.expressxl.com [216.241.132.48]) (authenticated bits=0) by mail.kconline.com (8.13.3/8.13.3) with ESMTP id j3SENpWv031025 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 28 Apr 2005 09:23:51 -0500 (EST) (envelope-from clint@southerncomp.com) Message-ID: <4270F1F7.7010609@southerncomp.com> Date: Thu, 28 Apr 2005 09:23:51 -0500 From: Clint Wilson User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <427019F3.6000000@psknet.com> In-Reply-To: <427019F3.6000000@psknet.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.51 on 216.241.132.20 Subject: Re: ipfw/natd broken? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 14:23:56 -0000 Troy Settle wrote: > All, > > I have a box (486, 16mb) running FreeBSD 3.51-something. It's been in > service for the better part of 10 years (originally 2.0.5 or so). > It's acting as a router/nat device for a network with about 50 desktop > systems, and has never given me a problem until this week. Troy, I would highly highly recommend upgrading your system. It is apparent it has internet access, and there are numerous exploits that could compromise the integrity of your entire network. > > It seems that VPN (PPTP) won't work behind NAT. I can use VPN tunnels > from XP PRO to both windows servers and linux-based VPN servers all > day long from home using my netgear broadband router, but from this > location, behind the FreeBSD box, they won't work. The aforementioned being said, I am unaware at this time of any reason why this might not work on 3.5. I am currently doing this same setup IPFW+NATD+FreeBSD 4.11 (Soon to be upgraded to 5.4) and it is working with no problems. There have been a lot of changes to IPFW since your version of FreeBSD I am also sure the natd daemon has been revised as well since your version. I would upgrade to 5.4 set your nat and ipfw back up and see if the problem still is there. > > What gives? > > -- Clint Wilson Southern Comp Solutions LLC http://www.scsisp.com From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 14:32:38 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D54416A4CE for ; Thu, 28 Apr 2005 14:32:38 +0000 (GMT) Received: from pgh.nepinc.com (pgh.nepinc.com [66.207.129.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id B83AD43D45 for ; Thu, 28 Apr 2005 14:32:35 +0000 (GMT) (envelope-from jimd@nepinc.com) Received: from pptp8.pgh.nepinc.com (pptp8.pgh.nepinc.com [192.168.97.208]) (authenticated bits=0) by pgh.nepinc.com (8.12.11/8.12.8) with ESMTP id j3SEWYeC070676 for ; Thu, 28 Apr 2005 10:32:35 -0400 (EDT) (envelope-from jimd@nepinc.com) From: Jim Durham Organization: NEP Supershooters To: freebsd-isp@freebsd.org Date: Thu, 28 Apr 2005 10:32:33 -0400 User-Agent: KMail/1.8 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504281032.33822.jimd@nepinc.com> Subject: Mail Server recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jim.durham@nepinc.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 14:32:38 -0000 Hi, We currently have a dual-1.8 Xeon box with 2gb ram and Raid-1 160mhz SCSI's running sendmail/procmail/spamassassin and clamav. Our place is growing, adding users and so, we need a bigger, faster box. Question: Currently the box mentioned is a Dell PowerEdge 2650. We like to deal with Dell, but it's not absolutely "written in stone" that I do so. I bought a 2650 because we got one to run a Windows server and I booted FreeBSD on it to see what it would make of the PERC3 Raid and all that and it was just fine. The 2650 just 'loves' FreeBSD, so we bought one and its worked well, but we need more performance now. What bigger, faster box would make a significant jump in speed and capacity runs FreeBSD well? I can get a 2850 with 3gb processors, 320mhz SCSIs and add more RAM, but I'm not sure that would give us a quantum-leap in performance. -- Thanks for any suggestions.. Jim Durham From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 14:46:21 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53F4216A4CE for ; Thu, 28 Apr 2005 14:46:21 +0000 (GMT) Received: from energistic.com (mail.energistic.com [216.54.148.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id A573543D5C for ; Thu, 28 Apr 2005 14:46:20 +0000 (GMT) (envelope-from steve@energistic.com) Received: from energistic.com (steve@localhost.energistic.com [127.0.0.1]) by energistic.com (8.13.3/8.13.3) with ESMTP id j3SEkJTD028566; Thu, 28 Apr 2005 09:46:19 -0500 (EST) (envelope-from steve@energistic.com) Received: (from steve@localhost) by energistic.com (8.13.3/8.13.3/Submit) id j3SEkJ7I025763; Thu, 28 Apr 2005 09:46:19 -0500 (EST) (envelope-from steve) Date: Thu, 28 Apr 2005 09:46:19 -0500 From: Steve Ames To: jim.durham@nepinc.com Message-ID: <20050428144619.GA8412@energistic.com> References: <200504281032.33822.jimd@nepinc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200504281032.33822.jimd@nepinc.com> User-Agent: Mutt/1.5.9i X-Spam-Status: No, score=-6.9 required=5.0 tests=AWL,BAYES_50,SPF_HELO_PASS, SPF_PASS,USER_IN_WHITELIST_TO autolearn=ham version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on energistic.com cc: freebsd-isp@freebsd.org Subject: Re: Mail Server recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 14:46:21 -0000 Which version of FreeBSD are you running? Are you using 5.X to take full advantage of both processors? To get the 'quantum' upgrade a single faster machine is the way to go. Have you done any profiling to see where the current bottleneck is? Is it I/O, CPU cycles, network? In many cases it would make sense to put in another box to distribute the network/CPU load but that comes with increased storage complexity (getting all machines to write to a common filesystem)... but given that spamassassin and clamav are CPU and memory intensive I'd think that was a solid tradeoff. For the cost of buying one BIG machine you could get 2-3 of the size you have now and distribute the load. On Thu, Apr 28, 2005 at 10:32:33AM -0400, Jim Durham wrote: > Hi, > > We currently have a dual-1.8 Xeon box with 2gb ram and Raid-1 > 160mhz SCSI's running sendmail/procmail/spamassassin and clamav. > > Our place is growing, adding users and so, we need a bigger, > faster box. > > Question: Currently the box mentioned is a Dell PowerEdge 2650. > We like to deal with Dell, but it's not absolutely "written in > stone" that I do so. I bought a 2650 because we got one to run > a Windows server and I booted FreeBSD on it to see what it would > make of the PERC3 Raid and all that and it was just fine. The > 2650 just 'loves' FreeBSD, so we bought one and its worked well, > but we need more performance now. What bigger, faster box would > make a significant jump in speed and capacity runs FreeBSD well? > > I can get a 2850 with 3gb processors, 320mhz SCSIs and add more > RAM, but I'm not sure that would give us a quantum-leap in > performance. > > -- Thanks for any suggestions.. > > Jim Durham > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 17:09:10 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3D2316A4CE for ; Thu, 28 Apr 2005 17:09:10 +0000 (GMT) Received: from mailspool.ops.uunet.co.za (mailspool.ops.uunet.co.za [196.7.0.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9059B43D31 for ; Thu, 28 Apr 2005 17:09:09 +0000 (GMT) (envelope-from mark@aboutit.co.za) Received: from 196-47-4-10.access.uunet.co.za ([196.47.4.10] helo=hermes.aboutit.co.za) by mailspool.ops.uunet.co.za with esmtp (Exim 3.36 #1) id 1DRCVg-000Imn-00; Thu, 28 Apr 2005 19:09:08 +0200 Received: by hermes.aboutit.co.za (Postfix, from userid 65534) id 0FE2BD63DA; Thu, 28 Apr 2005 19:09:03 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by hermes.aboutit.co.za (Postfix) with ESMTP id 0F716D63E7; Thu, 28 Apr 2005 19:09:01 +0200 (SAST) Received: from hermes.aboutit.co.za (localhost [127.0.0.1]) by hermes.aboutit.co.za (Postfix) with ESMTP id AC5C6D63CF; Thu, 28 Apr 2005 19:09:00 +0200 (SAST) Message-ID: <2165595.1114708140701.SLOX.WebMail.wwwrun@hermes.aboutit.co.za> From: Mark Bojara To: Andrew McNaughton Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Priority: 3 (normal) X-Mailer: SuSE Linux Openexchange Server 4 - WebMail (Build 2.3780) X-Operating-System: Linux 2.4.19-4GB i386 (JVM 1.3.1_04) Organization: AboutIT Online References: <212682.1114679709203.SLOX.WebMail.wwwrun@hermes.aboutit.co.za><20050428212753.W66240@a2.scoop.co.nz> Date: Thu, 28 Apr 2005 19:09:00 +0200 (SAST) X-Virus-Scanned: by AMaViS snapshot-20020531 X-Spam-Status: No, hits=-4.7 required=8.0 tests=AWL,BAYES_01,EMAIL_ATTRIBUTION,QUOTED_EMAIL_TEXT, QUOTE_TWICE_1,REFERENCES,REPLY_WITH_QUOTES autolearn=ham version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-isp@freebsd.org Subject: Re: apache in worker mode eats memory X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 17:09:10 -0000 what options would you advise i tweak? On Apr 28, 2005 11:35 AM, Andrew McNaughton wrote: > > If apache is allowed to spawn enough processes to run you out of memory, > you are going to have problems. Work on your apache config and process > limits to make sure this can't happen. > > If you consume enough memory to start paging, the time it takes for a > request to be handled climbs, more processes mount up, you consume more > memory, and the system goes down badly. Limiting how much you try to > handle at once enables you to handle more. > > If your server processes have a large memory footprint, using a proxy in > front of your web server to handle spooling requests to users might help a > lot. Caching is not necessarily part of that picture, but that might also > help save you from using large apache processes to serve simple requests. > > Andrew McNaughton > > > > On Thu, 28 Apr 2005, Mark Bojara wrote: > > > Date: Thu, 28 Apr 2005 11:15:09 +0200 (SAST) > > From: Mark Bojara > > To: freebsd-isp@freebsd.org > > Subject: apache in worker mode eats memory > > > > Hi All > > > > Im running Apache 2.0.53 server on 5.4-RC3 AMD64 in Worker mode. This > > webserver serves 50000 hits per hour. Whats currently happening is it > > works fine for 8 hours then the server just starts spawning httpd > > processes when it reaches about 70 processes the box runs out of memory > > and swap space then crashes :( > > > > This is what I currently have set: > > ServerLimit 16 > > StartServers 2 > > MaxClients 150 > > MinSpareThreads 25 > > MaxSpareThreads 75 > > ThreadsPerChild 25 > > MaxRequestsPerChild 20000 > > EnableSendfile Off > > HostnameLookups Off > > EnableMMAP on > > Timeout 120 > > KeepAlive On > > MaxKeepAliveRequests 1024 > > KeepAliveTimeout 15 > > > > Anyone seen this perhaps a better way of doing it? > > > > Thanks > > Mark > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > > -- > > There is no way to happiness > Happiness is the way > > ------------------------------------------------------------------- > Andrew McNaughton http://www.scoop.co.nz/ > andrew@scoop.co.nz Mobile: +61 422 753 792 > > -- > pgp encrypted mail welcome > keyid: 70F6C32D keyserver: pgp.mit.edu > 5688 2396 AA81 036A EBAC 2DD4 1BEA 7975 A84F 6686 > From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 17:34:51 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAD2F16A4CE for ; Thu, 28 Apr 2005 17:34:51 +0000 (GMT) Received: from pgh.nepinc.com (pgh.nepinc.com [66.207.129.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7A8443D55 for ; Thu, 28 Apr 2005 17:34:50 +0000 (GMT) (envelope-from jimd@nepinc.com) Received: from pptp8.pgh.nepinc.com (pptp8.pgh.nepinc.com [192.168.97.208]) (authenticated bits=0) by pgh.nepinc.com (8.12.11/8.12.8) with ESMTP id j3SHYnki070821 for ; Thu, 28 Apr 2005 13:34:50 -0400 (EDT) (envelope-from jimd@nepinc.com) From: Jim Durham Organization: NEP Supershooters To: freebsd-isp@freebsd.org Date: Thu, 28 Apr 2005 13:34:48 -0400 User-Agent: KMail/1.8 References: <200504281032.33822.jimd@nepinc.com> <20050428144619.GA8412@energistic.com> In-Reply-To: <20050428144619.GA8412@energistic.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504281334.48362.jimd@nepinc.com> Subject: Re: Mail Server recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jim.durham@nepinc.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 17:34:51 -0000 On Thursday 28 April 2005 10:46 am, Steve Ames wrote: > Which version of FreeBSD are you running? Sorry...that's what happens when you get interrupted 4 times while trying to post 8-) ! I'm running 4.10. I have a couple 5.x boxes, but I haven't moved the production servers to 5.x yet. > Are you using 5.X to > take full advantage of both processors? To get the 'quantum' > upgrade a single faster machine is the way to go. Have you > done any profiling to see where the current bottleneck is? Is > it I/O, CPU cycles, network? Load average was as high as 125. Lots of virus scanning and spam scanning processes. > n many cases it would make sense > to put in another box to distribute the network/CPU load but > that comes with increased storage complexity (getting all > machines to write to a common filesystem)... but given that > spamassassin and clamav are CPU and memory intensive I'd think > that was a solid tradeoff. For the cost of buying one BIG > machine you could get 2-3 of the size you have now and > distribute the load. That's an option I was considering. Like you say, sharing mailboxes for POP can be interesting. One thing that I have considered also is having a 'plain vanilla' sendmail installation that folks POP from and do all the scanning on a set of load-balanced machines and then they just relay it to the POP machine. Something like that... > > On Thu, Apr 28, 2005 at 10:32:33AM -0400, Jim Durham wrote: > > Hi, > > > > We currently have a dual-1.8 Xeon box with 2gb ram and > > Raid-1 160mhz SCSI's running sendmail/procmail/spamassassin > > and clamav. > > > > Our place is growing, adding users and so, we need a bigger, > > faster box. > > > > Question: Currently the box mentioned is a Dell PowerEdge > > 2650. We like to deal with Dell, but it's not absolutely > > "written in stone" that I do so. I bought a 2650 because we > > got one to run a Windows server and I booted FreeBSD on it > > to see what it would make of the PERC3 Raid and all that and > > it was just fine. The 2650 just 'loves' FreeBSD, so we > > bought one and its worked well, but we need more performance > > now. What bigger, faster box would make a significant jump > > in speed and capacity runs FreeBSD well? > > > > I can get a 2850 with 3gb processors, 320mhz SCSIs and add > > more RAM, but I'm not sure that would give us a quantum-leap > > in performance. > > Thanks for the input... -- Jim Durham From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 20:50:16 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 657D216A4CE for ; Thu, 28 Apr 2005 20:50:16 +0000 (GMT) Received: from materva.diewebmaster.at (materva.diewebmaster.at [80.66.42.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A02543D46 for ; Thu, 28 Apr 2005 20:50:15 +0000 (GMT) (envelope-from christian.damm@diewebmaster.at) Received: from localhost (localhost.diewebmaster.at [127.0.0.1]) by materva.diewebmaster.at (Postfix) with ESMTP id DE9A321811E; Thu, 28 Apr 2005 22:50:13 +0200 (CEST) Received: from materva.diewebmaster.at ([127.0.0.1]) by localhost (materva.diewebmaster.at [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 37192-10; Thu, 28 Apr 2005 22:50:13 +0200 (CEST) Received: from [192.168.1.11] (unknown [80.66.40.101]) by materva.diewebmaster.at (Postfix) with ESMTP id 098D42180E1; Thu, 28 Apr 2005 22:50:12 +0200 (CEST) Message-ID: <42714C91.6060705@diewebmaster.at> Date: Thu, 28 Apr 2005 22:50:25 +0200 From: Christian Damm Organization: Die Webmaster User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: jim.durham@nepinc.com References: <200504281032.33822.jimd@nepinc.com> In-Reply-To: <200504281032.33822.jimd@nepinc.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at diewebmaster.at cc: freebsd-isp@freebsd.org Subject: Re: Mail Server recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 20:50:16 -0000 Jim Durham schrieb: > Hi, > > We currently have a dual-1.8 Xeon box with 2gb ram and Raid-1 > 160mhz SCSI's running sendmail/procmail/spamassassin and clamav. this iron should handle serious load without probs. 1.) how large is your userbase? 2.) do you know the bottleneck? (cpu, i/o, ram etc.) 3.) average mails processed per day? (ham/spam/virus ratio?) 4.) sendmail is slow compared to other modern unix MTA`s 5.) procmail and spamassassin are resource hogs > > Our place is growing, adding users and so, we need a bigger, > faster box. ...or multiple smaller boxes, load balanced via rrdns or a dedicated load balancer. anyway, i think hardware is not your problem...as long as i dont have any numbers its hard to make suggestions. im running >25k userbases on single self built x86 hosts (mostly p4`s (> 2ghz), 1gb ram, raid-10 (4 hd`s) - its all about fine tuning the whole system (os, mta, other daemons/apps) for performance (btw. - i dont have any 5.x production boxes right now, im talking 4.x here). > > Question: Currently the box mentioned is a Dell PowerEdge 2650. > We like to deal with Dell, but it's not absolutely "written in > stone" that I do so. I bought a 2650 because we got one to run > a Windows server and I booted FreeBSD on it to see what it would > make of the PERC3 Raid and all that and it was just fine. The > 2650 just 'loves' FreeBSD, so we bought one and its worked well, > but we need more performance now. What bigger, faster box would > make a significant jump in speed and capacity runs FreeBSD well? > > I can get a 2850 with 3gb processors, 320mhz SCSIs and add more > RAM, but I'm not sure that would give us a quantum-leap in > performance. > > -- Thanks for any suggestions.. > > Jim Durham > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > !DSPAM:4270fbf594953045413553! > -- mfg. christian damm technische leitung phone: dw 42 email: christian.damm@diewebmaster.at icq at work: 124464652 die webmaster - flötzerweg 156 - 4030 linz - austria phone: +43-732-381242 fax: +43-732-381242-22 isdn (leonardo): +43-732-381242-33 homepage: www.diewebmaster.at, public email: office@diewebmaster.at From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 22:33:07 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A393C16A4CE for ; Thu, 28 Apr 2005 22:33:07 +0000 (GMT) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5252043D2F for ; Thu, 28 Apr 2005 22:33:07 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id C9F355E9A; Thu, 28 Apr 2005 18:33:06 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 64451-04; Thu, 28 Apr 2005 18:33:06 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-53-96.ny325.east.verizon.net [68.161.53.96]) by pi.codefab.com (Postfix) with ESMTP id A1D225E8A; Thu, 28 Apr 2005 18:33:05 -0400 (EDT) Message-ID: <42716480.60508@mac.com> Date: Thu, 28 Apr 2005 18:32:32 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: jim.durham@nepinc.com References: <200504281032.33822.jimd@nepinc.com> <20050428144619.GA8412@energistic.com> <200504281334.48362.jimd@nepinc.com> In-Reply-To: <200504281334.48362.jimd@nepinc.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com cc: freebsd-isp@freebsd.org Subject: Re: Mail Server recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 22:33:07 -0000 Jim Durham wrote: > On Thursday 28 April 2005 10:46 am, Steve Ames wrote: >>Which version of FreeBSD are you running? > > Sorry...that's what happens when you get interrupted 4 times > while trying to post 8-) ! I'm running 4.10. I have a couple > 5.x boxes, but I haven't moved the production servers to 5.x > yet. Since you've got a dual-proc box, and mail handling parallelizes well into seperate tasks, 5.x will probably help for your case. [ ... ] > Load average was as high as 125. Lots of virus scanning and spam > scanning processes. Are you swapping excessively? I bet your system is running out of memory trying to run so many processes, that it starts swapping and your load average blows up. You ought to try using the options to amavis/spamd/whatever to limit the number of child subprocesses which they are allowed to fork. Each of those can take up to 30-40 MB, so you can only run about forty or fifty of them on a machine with 2GB and still have room for the kernel, I/O buffers, and other processes. If you are using sendmail, consider switching to store and forward mode exclusively, and use regular queue runners to help serialize the mail into a certain # of deliveries at any one time via: # limit on number of concurrent queue runners #O MaxQueueChildren Also consider setting up queue groups, and splitting up your mail into at least two piles: your internal mail, and everyone else, although creating a few more groups for common list traffic helps. Or consider switching to an MTA like postfix, which provides very good control over how many child processes can go on via master.cf... Also, are you using this machine as a reader box as well? If so, you really may want to get another box and have one serve as an MX and virus/spam scanner, and have the other be a reader box which exchanges SMTP only with your MX (use a firewall). -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Thu Apr 28 23:03:03 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6938516A4FE for ; Thu, 28 Apr 2005 23:03:03 +0000 (GMT) Received: from mortis.over-yonder.net (adsl-12-42-198.jan.bellsouth.net [65.12.42.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 918D843D5C for ; Thu, 28 Apr 2005 23:03:00 +0000 (GMT) (envelope-from fullermd@over-yonder.net) Received: by mortis.over-yonder.net (Postfix, from userid 100) id ECEBC20F21; Thu, 28 Apr 2005 18:02:58 -0500 (CDT) Date: Thu, 28 Apr 2005 18:02:58 -0500 From: "Matthew D. Fuller" To: jim.durham@nepinc.com Message-ID: <20050428230258.GG81486@over-yonder.net> References: <200504281032.33822.jimd@nepinc.com> <20050428144619.GA8412@energistic.com> <200504281334.48362.jimd@nepinc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200504281334.48362.jimd@nepinc.com> X-Editor: vi X-OS: FreeBSD User-Agent: Mutt/1.5.9i-fullermd.2 cc: freebsd-isp@freebsd.org Subject: Re: Mail Server recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2005 23:03:03 -0000 On Thu, Apr 28, 2005 at 01:34:48PM -0400 I heard the voice of Jim Durham, and lo! it spake thus: > > One thing that I have considered also is having a 'plain vanilla' > sendmail installation that folks POP from and do all the scanning on > a set of load-balanced machines and then they just relay it to the > POP machine. Something like that... I would (well, not with sendmail, but... 8-). You've got a set of tasks [the mailboxes] that aren't all that heavy, and are hard to parallelize, and a set of tasks [the scanning] that are insanely heavy and easy to parallelize. I mean, it's like getting a personal message from Olympus to split these tasks along the bright neon lines! -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream. From owner-freebsd-isp@FreeBSD.ORG Fri Apr 29 04:27:44 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2765F16A4CE for ; Fri, 29 Apr 2005 04:27:44 +0000 (GMT) Received: from aoniu.kalianet.to (aoniu.tcc.to [209.58.72.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id A517343D2F for ; Fri, 29 Apr 2005 04:27:39 +0000 (GMT) (envelope-from samkava@kalianet.to) Received: from CIRIUM (LATE [209.58.72.122]) by aoniu.kalianet.to (8.13.3/8.12.8) with ESMTP id j3T2sBSC004768; Fri, 29 Apr 2005 15:54:22 +1300 From: "Sam Kava" To: "'Oliver Brandmueller'" , Date: Fri, 29 Apr 2005 17:25:48 +1300 Message-ID: <002101c54c73$92f46f50$0701a8c0@CIRIUM> MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 Importance: Normal In-Reply-To: <20050428072517.GO95908@e-Gitt.NET> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: RE: load balancing - email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 04:27:44 -0000 Oliver, Thanks. I was wondering if someone tried loadbalancing on a freebsd box. Sam. -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Oliver Brandmueller Sent: Thursday, 28 April 2005 8:25 p.m. To: freebsd-isp@freebsd.org Subject: Re: load balancing - email server Hello. On Thu, Apr 28, 2005 at 02:31:38PM +1300, Sam Kava wrote: > I am planning to setup a load balancing server to allow 3 pop servers to > share access to my mail server. Read the postings but nobody really > touch this subject. Appreciate any help, hopefully someone has done this > using freebsd. The mail storage format should be Maildir - which is NFS safe. Access to Maildir mailboxes by pop can be accomplished by courier-imap (it has a POP component) or the dovecot imap/pop server. I have both running in a single setup (for access to different mailboxes). The dir with the mailboxes can then simply be mounted from an NFS server. You should think about a shared authentication mechanism; we use LDAP for that. It's quite simple. We even use more than one SMTP Server to handle incoming mails in this setup. Lodabalncing is done by an Alteon 180e in front of the machines (currently 3, soon to be 5). - Oliver -- | Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin | | Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/ | | Ich bin das Internet. Sowahr ich Gott helfe. | | Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! | _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.10.4 - Release Date: 27/04/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.10.4 - Release Date: 27/04/2005 From owner-freebsd-isp@FreeBSD.ORG Fri Apr 29 12:29:58 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E9A116A4CE for ; Fri, 29 Apr 2005 12:29:58 +0000 (GMT) Received: from Shenton.org (23.ebbed1.client.atlantech.net [209.190.235.35]) by mx1.FreeBSD.org (Postfix) with SMTP id 4470643D5E for ; Fri, 29 Apr 2005 12:29:56 +0000 (GMT) (envelope-from chris@Shenton.Org) Received: (qmail 62701 invoked by uid 1001); 29 Apr 2005 12:29:54 -0000 From: Chris Shenton To: Oliver Brandmueller References: <005201c54b92$0cf63e60$0701a8c0@CIRIUM> <20050428072517.GO95908@e-Gitt.NET> <200504280944.12838.etienne@unix.za.org> <20050428080402.GP95908@e-Gitt.NET> Date: Fri, 29 Apr 2005 08:29:54 -0400 In-Reply-To: <20050428080402.GP95908@e-Gitt.NET> (Oliver Brandmueller's message of "Thu, 28 Apr 2005 10:04:02 +0200") Message-ID: <86y8b16a0t.fsf@PECTOPAH.shenton.org> User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-isp@freebsd.org Subject: Re: load balancing - email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 12:29:58 -0000 Oliver Brandmueller writes: > Never looked at it; is it able to do weighting and failover? How does it > detect, if a service is down on one of the machines, so that you don't > have every third connection failing? Detecting and avoiding failure is the most critical thing. I've found true balancing isn't that important. For a client, I set up qmail-ldap on a handful of machines; each also runs courier-imap. They're behind an F5 load balancer, but you could use the nifty "pen" load balancer (/usr/ports/net/pen). They all use NFS-attached NetApp storage which is pretty high availability; the Maildir storage is the key. To get fault tolerance, you'd need to have two "pen" boxes (or pen running on two mail boxes) and configure pen to fail over if one dies; I haven't tried that because I have the F5. (The one thing that's not bullet proof in this set up is outgoing mail queues, which -- in qmail -- must be on the local box. If that box catches fire, undelivered mail is lost. That hasn't been much of an issue for us, however). The system's been up for the past year, with zero downtime, even when we've taken down individual boxes for OS upgrades. From owner-freebsd-isp@FreeBSD.ORG Fri Apr 29 14:39:10 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50E0116A4CE for ; Fri, 29 Apr 2005 14:39:10 +0000 (GMT) Received: from pgh.nepinc.com (pgh.nepinc.com [66.207.129.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5CA843D5D for ; Fri, 29 Apr 2005 14:39:09 +0000 (GMT) (envelope-from jimd@nepinc.com) Received: from pptp8.pgh.nepinc.com (pptp8.pgh.nepinc.com [192.168.97.208]) (authenticated bits=0) by pgh.nepinc.com (8.12.11/8.12.8) with ESMTP id j3TEcvKI019824; Fri, 29 Apr 2005 10:38:57 -0400 (EDT) (envelope-from jimd@nepinc.com) From: Jim Durham Organization: NEP Supershooters To: "Matthew D. Fuller" Date: Fri, 29 Apr 2005 10:38:55 -0400 User-Agent: KMail/1.8 References: <200504281032.33822.jimd@nepinc.com> <200504281334.48362.jimd@nepinc.com> <20050428230258.GG81486@over-yonder.net> In-Reply-To: <20050428230258.GG81486@over-yonder.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504291038.56086.jimd@nepinc.com> cc: freebsd-isp@freebsd.org cc: jim.durham@nepinc.com Subject: Re: Mail Server recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jim.durham@nepinc.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 14:39:10 -0000 On Thursday 28 April 2005 07:02 pm, Matthew D. Fuller wrote: > On Thu, Apr 28, 2005 at 01:34:48PM -0400 I heard the voice of > > Jim Durham, and lo! it spake thus: > > One thing that I have considered also is having a 'plain > > vanilla' sendmail installation that folks POP from and do > > all the scanning on a set of load-balanced machines and then > > they just relay it to the POP machine. Something like > > that... > > I would (well, not with sendmail, but... 8-). You've got a > set of tasks [the mailboxes] that aren't all that heavy, and > are hard to parallelize, and a set of tasks [the scanning] > that are insanely heavy and easy to parallelize. I mean, it's > like getting a personal message from Olympus to split these > tasks along the bright neon lines! I see...and I hear!!! (Awfully Bright...could we back off the neon a little? ) 8-) . Now, to find the time betwen fixing XP problems... Thanks! -- Jim Durham IT Engineer NEP Supershooters 2 Beta Dr. Pittsburgh, PA 15238 412-826-1414 From owner-freebsd-isp@FreeBSD.ORG Fri Apr 29 15:49:13 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4902916A4CE for ; Fri, 29 Apr 2005 15:49:13 +0000 (GMT) Received: from pgh.nepinc.com (pgh.nepinc.com [66.207.129.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id A68AD43D58 for ; Fri, 29 Apr 2005 15:49:12 +0000 (GMT) (envelope-from jimd@nepinc.com) Received: from pptp8.pgh.nepinc.com (pptp8.pgh.nepinc.com [192.168.97.208]) (authenticated bits=0) by pgh.nepinc.com (8.12.11/8.12.8) with ESMTP id j3TFnBNG006519 for ; Fri, 29 Apr 2005 11:49:12 -0400 (EDT) (envelope-from jimd@nepinc.com) From: Jim Durham Organization: NEP Supershooters To: freebsd-isp@freebsd.org Date: Fri, 29 Apr 2005 11:49:10 -0400 User-Agent: KMail/1.8 References: <200504281032.33822.jimd@nepinc.com> <42714C91.6060705@diewebmaster.at> In-Reply-To: <42714C91.6060705@diewebmaster.at> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504291149.10651.jimd@nepinc.com> Subject: Re: Mail Server recommendations (digest) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jim.durham@nepinc.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 15:49:13 -0000 I'd like to thank everyone who replied with useful suggestions to my mail server request. It would be too much to post all the replies, so.... The consensus seems to be that a solution using separate machines for virus and spam scanning ahead of the server that provides smtp and pop services to the users would be a more 'elegant' solution than bigger iron. The solution that seems good to me after sifting all the responses is to load-balance port 25 and feed 2 or 3 machines that virus and spam scan email and then relay it to the MTA on the machine with the user's mailboxes. I'm using 'balance' from ports to load balance our Citrix servers and it seems to work quite well. I will probably try this for port 25. Christian Damm asked questions regarding the ratio of spam to ham, and number of virus emails. I was suprised to see that we are scanning and rejecting at least 2000 emails a day for spam and about 30 for viruses. IOW, there are more spams than legitimate emails. 'sma' says we are doing about 2700 emails per day. So thanks, Christian, Ari, Chuck, Matthew, Freddie, Lawrence and Steve. All good suggestions. Now...how do I do this in between fixing XP problems? -Jim From owner-freebsd-isp@FreeBSD.ORG Fri Apr 29 21:57:35 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BB4516A4CE for ; Fri, 29 Apr 2005 21:57:35 +0000 (GMT) Received: from materva.diewebmaster.at (materva.diewebmaster.at [80.66.42.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id A405B43D58 for ; Fri, 29 Apr 2005 21:57:34 +0000 (GMT) (envelope-from christian.damm@diewebmaster.at) Received: from localhost (localhost.diewebmaster.at [127.0.0.1]) by materva.diewebmaster.at (Postfix) with ESMTP id C390D21811A; Fri, 29 Apr 2005 23:57:30 +0200 (CEST) Received: from materva.diewebmaster.at ([127.0.0.1]) by localhost (materva.diewebmaster.at [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 43075-02; Fri, 29 Apr 2005 23:57:30 +0200 (CEST) Received: from [192.168.1.11] (unknown [80.66.40.101]) by materva.diewebmaster.at (Postfix) with ESMTP id E3C8F2180E1; Fri, 29 Apr 2005 23:57:29 +0200 (CEST) Message-ID: <4272ADC9.1080002@diewebmaster.at> Date: Fri, 29 Apr 2005 23:57:29 +0200 From: Christian Damm Organization: Die Webmaster User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: jim.durham@nepinc.com References: <200504281032.33822.jimd@nepinc.com> <42714C91.6060705@diewebmaster.at> <200504291129.37348.jimd@nepinc.com> In-Reply-To: <200504291129.37348.jimd@nepinc.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at diewebmaster.at cc: freebsd-isp@freebsd.org Subject: Re: Re: Mail Server recommendation X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 21:57:35 -0000 Jim Durham schrieb: > On Thursday 28 April 2005 04:50 pm, Christian Damm wrote: > >>Jim Durham schrieb: >> >>>Hi, hi jim, >>> >>>We currently have a dual-1.8 Xeon box with 2gb ram and >>>Raid-1 160mhz SCSI's running sendmail/procmail/spamassassin >>>and clamav. >> >>this iron should handle serious load without probs. >> >>1.) how large is your userbase? > > About 500 thats next to nothing - this userbase (smtp, pop3, spam, av) could be handled by an ancient P1 system without any problems (even if your userbase is heavily populated with "powerusers"). > >>2.) do you know the bottleneck? (cpu, i/o, ram etc.) > > I'd say all of the above . hardware is definitely NOT your problem. > >>3.) average mails processed per day? (ham/spam/virus ratio?) > > Average mails per day 2670 > Yesterday produced 29 virus mails found this number is also not worth mentioning. > > I don't have an analyzer script for mailboxes, but.. I did some > creative grepping and found 3493 spam emails received yesterday. > Some went to multiple users, which is why it is higher than the > average/day. > > >>4.) sendmail is slow compared to other modern unix MTA`s > > > I don't think sendmail is the problem.. absolutely, i was assuming around >5k users minimal AND a real config problem (you wrote: "Our place is growing, adding users and so, we need a bigger, faster box."). > > >>5.) procmail and spamassassin are resource hogs > > > This is the problem, along with amavis. Spamassassin seems > slowest. 'ps' would show many, many spamassassin processes > running. Perl is slow. I wish spamassassin was in C ! ...even if spamassassin would be coded in shell script ;-) - your problem is definitely NOT a scripting languages overhead. follow the "mailserver admin`s ABC": 1.) limit the max. allowed connections to your smtpd daemon to a reasonable number (altough your dual xeon iron could handle very much concurrent smtp connections without even "seeing" them, we dont want to risk a big backqueue) 2.) reject as much junk as you can during initial smtp handshake. a.) OF COURSE reject mails to unknown recipients. b.) check for typical NON RFC / illegal or "spammy" behaviour during the smtp handshake (faked helo/ehelo, illegal reverse mx, non existent sender domain etc.) and reject this junk. c.) use some wisely selected RBL`s if your policy allows this. d.) use greylisting if your policy allows this. e.) all of the above cuts your number of mails to process down to a handful of messages - amavis and spamassassin would be very idle. 3.) important: limit your max. allowed amavisd/spamassassin processes! this point is very important in your case (in every case!) - see, modern MTA`s are very good when it comes to queue management - so if your backqueue of mails to process gets a little bit bigger, there is no problem as long as you limit your concurrent amavisd processes to (lets say) a number of four. the point here is all about: process messages fast and fluently with only a few running amavis/spamassassin processes instead of killing the box with many of them. 25 spamassassin processes sloooooow down delivery (your backqueue gets bigger, the system gets unresponsive and swaps etc.) - 5 spamassassin processes let your box "room to breath" and mails "flow" through your system. 4.) also keep an eye on the resources used by your pop3 daemon (imap is another story - very RAM dependent) altough all of the pop3d`s i know are rather resource friendly. > > > Thanks very much for your response > > -Jim > > !DSPAM:427252eb938451284235665! > -- mfg. christian damm technische leitung phone: dw 42 email: christian.damm@diewebmaster.at icq at work: 124464652 die webmaster - flötzerweg 156 - 4030 linz - austria phone: +43-732-381242 fax: +43-732-381242-22 isdn (leonardo): +43-732-381242-33 homepage: www.diewebmaster.at, public email: office@diewebmaster.at From owner-freebsd-isp@FreeBSD.ORG Fri Apr 29 22:05:27 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24D7A16A4CE for ; Fri, 29 Apr 2005 22:05:27 +0000 (GMT) Received: from gak.upnix.net (gak.upnix.net [216.194.85.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id B974D43D4C for ; Fri, 29 Apr 2005 22:05:26 +0000 (GMT) (envelope-from chris@upnix.com) Received: from [192.168.121.123] ([209.82.103.246]) (authenticated bits=0) by gak.upnix.net (8.12.11/8.12.11) with ESMTP id j3TM5P8o017285 for ; Fri, 29 Apr 2005 16:05:25 -0600 (MDT) From: Chris Cameron To: freebsd-isp@freebsd.org Date: Fri, 29 Apr 2005 16:05:15 -0600 User-Agent: KMail/1.8 References: <200504281032.33822.jimd@nepinc.com> <200504281334.48362.jimd@nepinc.com> <42716480.60508@mac.com> In-Reply-To: <42716480.60508@mac.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504291605.15917.chris@upnix.com> Subject: Re: Mail Server recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 22:05:27 -0000 On Thursday 28 April 2005 16:32, Chuck Swiger wrote: > If you are using sendmail, consider switching to store and forward > mode exclusively, and use regular queue runners to help serialize the > mail into a certain # of deliveries at any one time via: > > # limit on number of concurrent queue runners > #O MaxQueueChildren > > Also consider setting up queue groups, and splitting up your mail > into at least two piles: your internal mail, and everyone else, > although creating a few more groups for common list traffic helps. I'd just like to say that this isn't the silver-bullet it ought to be, and will be pretty much worthless if this mail server is as busy as it's being made out to be. If the amount of mail in your queue is bigger than the number of queue runners you allow to run at any given time, sendmail will leak memory like mad. I have a script that HUPs sendmail every morning due to this. This is made all the worse by the fact that during peak times queue runners will get gummed up on undeliverable mail, and prevent the next bunch of queue runners from going, making the back log in the queue all the bigger. > Or consider switching to an MTA like postfix, which provides very > good control over how many child processes can go on via master.cf... Probably his best bet. Any new mail accounts at my site are going on a different server running qmail. Chris From owner-freebsd-isp@FreeBSD.ORG Fri Apr 29 22:35:19 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ECB1716A4CE for ; Fri, 29 Apr 2005 22:35:19 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.89]) by mx1.FreeBSD.org (Postfix) with ESMTP id A686A43D4C for ; Fri, 29 Apr 2005 22:35:19 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin07-en2 [10.13.10.152]) id j3TMZHe0015569; Fri, 29 Apr 2005 15:35:18 -0700 (PDT) Received: from [10.1.1.245] (nfw1.codefab.com [199.103.21.225]) (authenticated bits=0) by mac.com (Xserve/smtpin07/MantshX 4.0) with ESMTP id j3TMZGRr017599; Fri, 29 Apr 2005 15:35:17 -0700 (PDT) In-Reply-To: <200504291605.15917.chris@upnix.com> References: <200504281032.33822.jimd@nepinc.com> <200504281334.48362.jimd@nepinc.com> <42716480.60508@mac.com> <200504291605.15917.chris@upnix.com> Mime-Version: 1.0 (Apple Message framework v622) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <530a295f97287fc69e26d467534eef1b@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Fri, 29 Apr 2005 18:35:14 -0400 To: Chris Cameron X-Mailer: Apple Mail (2.622) cc: freebsd-isp@freebsd.org Subject: Re: Mail Server recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2005 22:35:20 -0000 On Apr 29, 2005, at 6:05 PM, Chris Cameron wrote: > On Thursday 28 April 2005 16:32, Chuck Swiger wrote: >> # limit on number of concurrent queue runners >> #O MaxQueueChildren >> >> Also consider setting up queue groups, and splitting up your mail >> into at least two piles: your internal mail, and everyone else, >> although creating a few more groups for common list traffic helps. > > I'd just like to say that this isn't the silver-bullet it ought to be, > and will be pretty much worthless if this mail server is as busy as > it's being made out to be. Apparently, the OP is only seeing a few thousand messages per day, and has a total of 500 user accounts. You can handle that easily on less hardware than he has, although splitting the load between a reader box and a MX/virus/spam-scanner would help a great deal. > If the amount of mail in your queue is bigger than the number of queue > runners you allow to run at any given time, sendmail will leak memory > like mad. I have a script that HUPs sendmail every morning due to this. The amount of queued up mail is almost always larger than the number of queue runners. You only need one runner per queue (and by default, there is only one queue). This is a seperate matter from sendmail leaking memory. What OS, which sendmail version? > This is made all the worse by the fact that during peak times queue > runners will get gummed up on undeliverable mail, and prevent the next > bunch of queue runners from going, making the back log in the queue all > the bigger. The undeliverable mail (spam and spam bounces) is best handled by rejecting the mail before it is accepted, using RBL's, local rulesets, greylisting, and so forth, depending on what the local policy permits. However, if you set up multiple queue groups as I'd recommended above, most of your "real mail" will go into a different queue than generic spam. Who cares whether it takes 5 minutes or 50 to iterate through today's list of 200 undeliverable messages, so long as legitimate mail isn't delayed significantly? >> Or consider switching to an MTA like postfix, which provides very >> good control over how many child processes can go on via master.cf... > > Probably his best bet. Any new mail accounts at my site are going on a > different server running qmail. qmail hasn't caused me any problems, though I don't run it myself. I've had a few interoperability issues with exim, but these were trivial compared with the poor sods running Exchange as their MX. I expect that I'll still be dealing with sendmail for as long as I administer mail servers, and that's OK, but I was pleased when Apple switched to using Postfix with MacOS X, and I wouldn't mind seeing other systems follow that path. -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Sat Apr 30 10:33:27 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0B98F16A4CE for ; Sat, 30 Apr 2005 10:33:27 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id A844043D5F for ; Sat, 30 Apr 2005 10:33:26 +0000 (GMT) (envelope-from etechnix@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so1130088wri for ; Sat, 30 Apr 2005 03:33:26 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=gqXBraLZPZbXcSzrWBrVMvKQlxVOc/eQchrQ8AMsWnSKa0JBUr5HmWoTOE5ZT038VhhZanpKjW1OkJEZGCYjBVJqb7fiRSpCtyvV/L8+IxL695ypILhaZIw9Iit3YCqSpUukliQupT/rW8F5tqrfK3VsyfjeKDK5z2/CWZu03tE= Received: by 10.54.125.20 with SMTP id x20mr1771148wrc; Sat, 30 Apr 2005 03:33:26 -0700 (PDT) Received: by 10.54.89.1 with HTTP; Sat, 30 Apr 2005 03:33:26 -0700 (PDT) Message-ID: Date: Sat, 30 Apr 2005 15:33:26 +0500 From: Etechnix Support To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: PPPoE Problem X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Etechnix Support List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Apr 2005 10:33:27 -0000 HI ALL,=20 I am running PPPoED with freebsd 5.3 STABLE and 4.11 STABLE, i have Wireless users who connect to my PPPoE server and also some LAN users who also connect to it, but i am facing a very strange problem with both of my servers, whenever a user connects from LAN, the wireless users gets disconnected by the server and the Log displayes as the dc request was originated by the wireless users itself ? any clue ? any configurations ? here is my ppp.conf #################### set log Chat Command Phase hdlc lqm ipcp =20 enable pap =20 allow mode direct =20 enable proxy =20 disable ipv6cp =20 set mru maximum 1450 =20 set mtu maximum 1450 =20 enable mschapv2 mppe disable deflate pred1 deny deflate pred1 set mppe 128 * set timeout never=20 set speed sync set cd 5! enable echo set ifaddr 192.168.0.1 192.168.0.50-192.168.0.254 255.255.255.255 set radius /etc/radius.conf =20 accept dns =20 set filter in 0 deny tcp dst eq 135 set filter out 0 deny tcp src eq 135 set filter in 1 deny udp dst eq 135 set filter out 1 deny udp src eq 135 set filter in 2 deny tcp dst eq 137 set filter out 2 deny tcp src eq 137 set filter in 3 deny udp dst eq 137 set filter out 3 deny udp src eq 137 set filter in 4 deny tcp dst eq 139 set filter out 4 deny tcp src eq 139 set filter in 5 deny udp dst eq 139 set filter out 5 deny udp src eq 139 set filter in 6 deny tcp dst eq 445 set filter out 6 deny tcp src eq 445 set filter in 7 deny udp dst eq 445 set filter out 7 deny udp src eq 445 set filter in 8 deny tcp dst eq 138 set filter out 8 deny tcp src eq 138 set filter in 9 deny udp dst eq 138 set filter out 9 deny udp src eq 138 set filter out 11 permit 0/0 0/0 set filter in 11 permit 0/0 0/0 #################### --=20 Regards Etechnix