From owner-freebsd-current@FreeBSD.ORG  Mon Feb 25 13:00:09 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 71FA016A403
	for <current@freebsd.org>; Mon, 25 Feb 2008 13:00:09 +0000 (UTC)
	(envelope-from ianf@clue.co.za)
Received: from munchkin.clue.co.za (munchkin.clue.co.za [66.219.59.160])
	by mx1.freebsd.org (Postfix) with ESMTP id 4048413C459
	for <current@freebsd.org>; Mon, 25 Feb 2008 13:00:09 +0000 (UTC)
	(envelope-from ianf@clue.co.za)
DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=20070313; d=clue.co.za;
	h=Received:Received:Received:To:Subject:From:X-Attribution:Date:Message-Id;
	b=QH+h0ou5LafFsRBS8eAhIBGXwXS2tQuMYaoDLq18HBjh+rRS5AN4hlRl7ay/Yzt7ZZSQJUl8v7Xm8phPj6TWsSHSwaFtHIz5Lezv6oXW1yITQU2BuvrUufsZOIvonqn/EbOz6hNNzySFvMkKSYQDVXBDKQKfbhY+S+FWpFdwL3IvTdGKjeYb1TnDJwFu59IZ8veFKSZ0FZfprOkCf/QFsxRRgCiN+UvlIRNMunMSo5Rl9LeVOavoAxVZE92bXB4y;
Received: from uucp by munchkin.clue.co.za with local-rmail (Exim 4.67)
	(envelope-from <ianf@clue.co.za>) id 1JTcwC-0006mC-FL
	for current@freebsd.org; Mon, 25 Feb 2008 13:00:08 +0000
Received: from ianf.clue.co.za ([10.0.0.6] helo=clue.co.za)
	by urchin.clue.co.za with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.67)
	(envelope-from <ianf@clue.co.za>) id 1JTcvm-0000W0-5V
	for current@freebsd.org; Mon, 25 Feb 2008 12:59:42 +0000
Received: from localhost ([127.0.0.1] helo=clue.co.za)
	by clue.co.za with esmtp (Exim 4.69 (FreeBSD))
	(envelope-from <ianf@clue.co.za>) id 1JTcvl-0001cp-08
	for current@freebsd.org; Mon, 25 Feb 2008 14:59:41 +0200
To: current@freebsd.org
From: Ian FREISLICH <ianf@clue.co.za>
X-Attribution: BOFH
Date: Mon, 25 Feb 2008 14:59:40 +0200
Message-Id: <E1JTcvl-0001cp-08@clue.co.za>
Cc: 
Subject: spamassassin/network/SYN performance
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Feb 2008 13:00:09 -0000

Hi

I'm trying Spamassassin on that 16 way AMD box I mentioned earlier
and I'm running into problems loading the server.

I'm using 5 servers each opening up to 60 concurrent connections
to spamd to generate the scanning load, but I'm getting this message:

Feb 25 14:08:15 amd64 kernel: Limiting open port RST response from 2979 to 200 packets/sec

Which strangely seems to be controlled by net.inet.icmp.icmplim.

There the comes a time when the system thinks it's being SYN-attacked
or the listen backlog is exhausted and starts rejecting incoming
connections with the above message.

The fastest It's able to process messages is about 1400 per minute.
This figure is about 500 messages a minute less than Debian can
process on the same hardware with the same spamd configuration,
without rejecting any inbound connections at connect time.

Any ideas how to improve things?

Ian

--
Ian Freislich