> On 24 April 2018, at 13:48, Wietse Venema <wie...@porcupine.org> wrote: > > Doug Hardie: >>> On 22 April 2018, at 05:50, Wietse Venema <wie...@porcupine.org> wrote: >>> >>> Doug Hardie: >>>> I understood from the dnsblog man page that each dnsblog process >>>> only lives for a "limited amount of time". I noticed this because >>>> I have over 50 dnsblog processes running on a fairly light duty >>>> postfix server. Some of them are over a week old. At first I >>>> thought they must have been orphaned, but looking through maillog, >>>> I find entries in the last few minutes from the oldest and the >>>> newest. I didn't check all of them, but it appears they are all >>>> in use. Looking at the source for postfix-3.3-20180114 (on web), >>>> it appears dnsblog checks one IP address and then exits. I believe >>>> I can limit the number of dnsblog processes in master.cf (currently >>>> set to 0), but I am not sure that is a good idea. How long are >>>> these processes supposed to live? >>> >>> According to source, dnsblog processes exclude themselves from the >>> max_use limit (max_idle remains in effect). I suppose I turned off >>> max_use because these processes are postscreen helpers. Postscreen >>> was designed to handle a much larger client load than to the rest >>> of Postfix. Under extreme loads like 10000+ connections/second, >>> one does not want to be creating 100+ processes/second, as that >>> would limit scalability. >>> >>> The dnsblog processes still terminate after 100s idle time. On my >>> lightly-loaded server, there currently is no dnsblog process running. > > I think that we can avoid the need for warnings in documentation, > by making the dnsblog service act according to the spirit of the > max_idle and max_use settings, even if it cannot act by the letter. > > With a given max_idle and max_use setting, a process is expected > to terminate within approximately (max_idle * max_use) seconds. > That is, on a low-volume (but not too low) server, a process may > hang around for a few hours (100*100 = 10000 seconds). > > Even if the dnsblog process cannot enforce max_use literally (because > dbsnlog may have to handle a huge number of requests during peak > load), the process could still retire voluntarily after (max_idle > * max_use) seconds, without any negative performance impact. > > I'll look into implementing that.
Either way works for me. I just got confused when I saw the durations of the processes and then read the man page. I thought I had configured something incorrectly as they didn't match. If I had your first response in the man page I would have said ahhh, now I understand. -- Doug
