From owner-freebsd-questions@FreeBSD.ORG Thu Mar 11 19:57:50 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B94BE16A4CE for ; Thu, 11 Mar 2004 19:57:50 -0800 (PST) Received: from mygirlfriday.info (adsl-65-64-145-209.dsl.stlsmo.swbell.net [65.64.145.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id D40D943D64 for ; Thu, 11 Mar 2004 19:57:49 -0800 (PST) (envelope-from gv-list-freebsdquestions@mygirlfriday.info) Received: (qmail 39192 invoked from network); 12 Mar 2004 03:57:48 -0000 Received: from user204.net795.mo.sprint-hsd.net (HELO major.mygirlfriday.info) (65.41.216.204) by mongo.mygirlfriday.info with AES256-SHA encrypted SMTP; 12 Mar 2004 03:57:48 -0000 Date: Thu, 11 Mar 2004 21:57:30 -0600 From: Gary Organization: Hardly X-Priority: 3 (Normal) Message-ID: <388938962.20040311215730@mygirlfriday.info> To: "Justin Baugh, KSC" Cc: freebsd-questions@freebsd.org In-Reply-To: <40512A99.3050508@discordians.net> References: <40512A99.3050508@discordians.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: Pernicious problem with vfork / qmail / qmail-scanner X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Mar 2004 03:57:50 -0000 Hi KSC, On Thu, 11 Mar 2004 22:12:25 -0500 UTC (3/11/04, 9:12 PM -0600 UTC my time), Justin Baugh, KSC wrote: K> Hello list, K> I am having a hell of a time with qmail/qmail-scanner, and I am hoping K> someone on the list can help me. Normally this setup has worked K> completely fine on any FreeBSD machine I've set it up on. K> I am running a large mailserver which feeds the message to K> qmail-scanner, and then to spamd & a virus scanner (Kaspersky). This is K> a very beefy box (dual 2.4ghz Xeon, 2gb RAM) which should be able to K> handle many, many connections. K> My connection limits on tcpserver are set to 60 concurrent connections. K> concurrencyincoming/remote/local are all appropriate for this value. K> When I suddenly get a number of connections (5-10), or when there are K> more than 15-20 concurrent sessions in progress, I begin to get an error K> message from tcpserver and also from qmail-scanner: "Cannot fork: K> Resource temporarily unavailable". This error means means you`ve run out of memory (RAM + swap). Add RAM or swap, or lower your concurrencies or stop unneeded processes. Have you checked your memory? Qmail-scanner is *very* resource intensive as it is a huge perl program, which then calls KAV, and I have a feeling this is where the problem is.. are you running KAV in daemon mode? I think KAV is where to look.. You can also set up your server to relay mail to a separate server which has KAV and/or spamd and have it run over these, and back to the main server for delivery. K> Using truss, I see that the processes are just sitting there doing K> vfork/nanosleep over and over and over, in a "Resource temporarily K> unavailable" loop. Once the processes get into this state, they don't K> get out of it, and it seems to build up over time (??) - i.e. more and K> more forking errors until everything is hosed. The only way to fix it is K> to kill off all the qmail-scanner processes. K> At the moment I'm not even using softlimit in the qmail startup script K> in order to eliminate it as a cause. tcpserver is set to allow 60 K> concurrent qmail processes; the problems start to occur at about 20 K> processes, or when there is a very sudden increase in the number of K> connections At the moment there are no set limits on resource K> consumption for tcpserver or its children - at least not ones that I am K> setting! K> Return of ulimit as qmaild/qscand (qmail / qmail-scanner users) K> Note, I'm nowhere near these limits: K> What else could be causing these problems? I would be very grateful for K> any assistance anyone can provide! as above... -- Gary