Re: server stops responding / smtpd client count

Tue, 04 May 2010 09:41:01 -0700 

P.A wrote:


Hi


during times of high mail load, spam attacks usually, I sometimes run 
into an issue where postfix will stop responding or becomes extremely 
slow on the stmp port. In turn this causes my pop/imap server 
(dovecot) to stop responding or to become extremely slow as well.


When I stop postfix, the pop/imap server go back to normal.


I have 3 email filter servers that scan the email before delivering it 
to the postfix server. When the problem occurred I did notice with 
netstat that there was a huge number of established connections on 
port 25 with the mail filter servers on the postfix server.



The thing that I don’t understand is that before the problem occurred 
I had “smtpd_client_connection_count_limit = 30” which was working 
with no issues . When the problem started to occur I saw exceed errors 
on the mail log, basically connection numbers over that limit of 30. I 
was seeing upwards of 70 connections per email filter host.



When this started happening ports 25/110/143 became extremely slow. My 
question is if I have a smtp client limit why do still see so many 
established connections with netstat. Shouldn’t postfix stop the extra 
connections? (the email filter servers are not part of $mynetworks)


Why is postfix slowing down my pop/imap server when this occurs?


This is extremely busy server with plenty of CPU and memory, what is a 
reasonable smtpd count limit that will not overwhelm the server?



FYi, when I changed that smtpd client connection to 100, the problem 
went away and all was good again.


mail_version = 2.6.5

250-PIPELINING

250-SIZE 26000000

250-VRFY

250-ETRN

250-AUTH LOGIN CRAM-MD5 PLAIN DIGEST-MD5

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

Thanks Paul


You might start here: http://www.postfix.org/STRESS_README.html There 
are other parameters affecting this as well. I don't remember what they 
all are, but simply not allowing so many smtpd's when there are spam 
attacks with many attempted incoming connections, will not be enough to 
alleviate the load of the attack and may worsen the situtation unless 
used in conjunction with other measures. Your other services are slow 
because your server is obviously under heavy load, including the TCP 
stack. You see all of the connections because they are coming in at a 
high rate and even though postfix may have closed them, they are still 
waiting for the final tcp handshake which closes the connection and for 
the kernel tcp stack to clear them out.



Nataraj























					Reply via email to