From owner-freebsd-isp@FreeBSD.ORG Thu Jun 5 10:34:19 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C1D837B401 for ; Thu, 5 Jun 2003 10:34:19 -0700 (PDT) Received: from mail.lambertfam.org (www.lambertfam.org [216.223.208.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C85F43F93 for ; Thu, 5 Jun 2003 10:34:18 -0700 (PDT) (envelope-from lambert@lambertfam.org) Received: from laptop.lambertfam.org (laptop.int.lambertfam.org [10.1.0.2]) by mail.lambertfam.org (Postfix) with ESMTP id 2BF1E34D1F for ; Thu, 5 Jun 2003 13:34:15 -0400 (EDT) Received: by laptop.lambertfam.org (Postfix, from userid 1000) id 1DD0989DD; Thu, 5 Jun 2003 13:33:34 -0400 (EDT) Date: Thu, 5 Jun 2003 13:33:34 -0400 From: Scott Lambert To: freebsd-isp@freebsd.org Message-ID: <20030605173333.GB38860@laptop.lambertfam.org> Mail-Followup-To: freebsd-isp@freebsd.org References: <026c01c32b7f$e694fab0$68c311cc@fortiva> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <026c01c32b7f$e694fab0$68c311cc@fortiva> User-Agent: Mutt/1.4.1i Subject: Re: login class for mail users X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 17:34:19 -0000 On Thu, Jun 05, 2003 at 12:31:21PM -0400, Eric W. Bates wrote: > We're using postfix (Gasp!) and have settled on > procmail-->spamc-->spamd to allow customer control. Good choice. :-) > What happens intermittently (about once every 2-3 days) is spamd will > start spawning multiple copies of itself apparantly for the same > message. Eventually there are 3 or 4 thousand procs and the machine > is hosed. Forensics have been difficult because it happens somewhat > sporatically, and by the time alarms start going off the machine is > locked. That happenes during massive spam runs. > spamd runs as root, out of rc.d; but it spawns copies of itself and > changes uid to the user. If I set spamd's --max-children option; then > spam filtering fails for everyone when this error occurs. If I can > figure out how to gracefully limit procs for the individual user; then > at least filtering should continue to work for everyone else when the > silly thing wedges. Use the --max-children. Spamd *will* occasionally die. Sometimes 20 times in one day here. Usually, during the massive spam runs. You need to run it under something that notices when it dies and spawns another copy of spamd immediately. We are using daemontools. Even in that second or less between restarts of spamd, a suprising amount of spam can slip through untagged. The spamd deaths seem to be related to signal handling issues with some of the perl modules that SpamAssassin uses in conjunction with the --max-children option. It has been coverred on the SATalk mailing list a few times. We only get an average of 60,000 messages per day here. More than 55% of that is spam. -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org