Date: Thu, 5 Jun 2003 11:14:51 -0600 From: "Wolfpaw - Dale Corse" <admin-lists@wolfpaw.net> To: "Eric W. Bates" <ericx@vineyard.net>, "Wolfpaw - Dale Corse" <admin-lists@wolfpaw.net>, <freebsd-isp@freebsd.org> Subject: RE: login class for mail users Message-ID: <AJENJFOLCLAHHIIGCCHNEELIGNAA.admin-lists@wolfpaw.net> In-Reply-To: <026c01c32b7f$e694fab0$68c311cc@fortiva>
index | next in thread | previous in thread | raw e-mail
Could someone be attacking the port spamd is on? You should only need one spamd I think.. that's all we have going.. looks like: spamc 18863 0.0 0.8 25396 4180 ? S May24 1:18 perl /usr/local/bin/spamd -L -x -d -u spamc and anything it spawns would run as spamc.. you may want to consider maybe replacing spamd with a script that invokes a limited shell (lshell maybe?) and that way.. you could limit how many it can spawn.. perhaps you can write a script to check and see if there is a spam error and restart spamd.. not sure.. mine doesn't have this problem :( Hope something helps :) D. -------------------------------- Dale Corse System Administrator Wolfpaw Services Inc. http://www.wolfpaw.net (780) 474-4095 > -----Original Message----- > From: Eric W. Bates [mailto:ericx@vineyard.net] > Sent: Thursday, June 05, 2003 10:31 AM > To: Wolfpaw - Dale Corse; freebsd-isp@freebsd.org > Subject: Re: login class for mail users > > > We're using postfix (Gasp!) and have settled on > procmail-->spamc-->spamd to allow customer control. > > What happens intermittently (about once every 2-3 days) is > spamd will start spawning multiple copies of itself > apparantly for the same message. Eventually there are 3 or > 4 thousand procs and the machine is hosed. Forensics have > been difficult because it happens somewhat sporatically, > and by the time alarms start going off the machine is locked. > > spamd runs as root, out of rc.d; but it spawns copies of > itself and changes uid to the user. If I set spamd's > --max-children option; then spam filtering fails for > everyone when this error occurs. If I can figure out how > to gracefully limit procs for the individual user; then at > least filtering should continue to work for everyone else > when the silly thing wedges. > > I suspect that a 'mailuser' might not address the problem; > because I think the process is spawned before EUID is demoted. > > ----- Original Message ----- > From: "Wolfpaw - Dale Corse" <admin-lists@wolfpaw.net> > To: "Eric W. Bates" <ericx@vineyard.net>; <freebsd-isp@freebsd.org> > Sent: Thursday, June 05, 2003 11:43 AM > Subject: RE: login class for mail users > > > > Actually.. just to mention something. I don't have the class you > > seek.. but I have noticed something about spamassassin. We were > > using qmail-scanner-queue to process mail with it.. and it works > > excellent.. except that its a massive waste of system resources. > > > > I would do the following before setting any limits (which should > > be there anyway).. it worked well for us: > > > > A) Make sure your mail servers use spamc, not spamassassin > > B) Use the following as a processing script replacement for > > qmail-queue: > > > > #!/bin/sh > > /usr/local/bin/spamc | /var/qmail/bin/qmail-queue > > > > Perl is a horrible resource hog at startup time.. one should avoid > > running large numbers of perl scripts over and over again at all > > costs I would say. It is excellent for some things.. but mail is > > not one of them, IMO :) > > > > Obviously, if your not using qmail (Gasp?!) this doesn't apply :) > > > > Just my 2 cents. :) > > D. > > -------------------------------- > > Dale Corse > > System Administrator > > Wolfpaw Services Inc. > > http://www.wolfpaw.net > > (780) 474-4095 > > > > > -----Original Message----- > > > From: owner-freebsd-isp@freebsd.org > > > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of Eric W. Bates > > > Sent: Thursday, June 05, 2003 9:09 AM > > > To: freebsd-isp@freebsd.org > > > Subject: login class for mail users > > > > > > > > > Anyone have a login class for mail users which they have > > > found sets reasonable limits? > > > > > > I've found I need to cap SpamAssassin. > > > > > > Thanks. > > > > > > > > > Eric W. Bates > > > ericx@vineyard.net > >help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AJENJFOLCLAHHIIGCCHNEELIGNAA.admin-lists>