cleanup services cpu overload

SysAdmin EM Fri, 01 Oct 2021 09:42:32 -0700

Hello,

I have three servers with Postfix and all day they were with a lot of CPU
use and it is not normal for this to happen.


top - 11:56:16 up 199 days, 56 min,  6 users,  load average: 40,12, 31,17,
21,94
Tasks: 578 total,  46 running, 528 sleeping,   0 stopped,   4 zombie
%Cpu0  : 88,1 us,  5,9 sy,  0,0 ni,  0,0 id,  0,0 wa,  0,0 hi,  5,9 si,
 0,0 st
%Cpu1  : 99,0 us,  1,0 sy,  0,0 ni,  0,0 id,  0,0 wa,  0,0 hi,  0,0 si,
 0,0 st
%Cpu2  : 95,0 us,  5,0 sy,  0,0 ni,  0,0 id,  0,0 wa,  0,0 hi,  0,0 si,
 0,0 st
%Cpu3  : 99,0 us,  1,0 sy,  0,0 ni,  0,0 id,  0,0 wa,  0,0 hi,  0,0 si,
 0,0 st
%Cpu4  : 99,0 us,  1,0 sy,  0,0 ni,  0,0 id,  0,0 wa,  0,0 hi,  0,0 si,
 0,0 st
%Cpu5  : 99,0 us,  1,0 sy,  0,0 ni,  0,0 id,  0,0 wa,  0,0 hi,  0,0 si,
 0,0 st
%Cpu6  : 97,0 us,  3,0 sy,  0,0 ni,  0,0 id,  0,0 wa,  0,0 hi,  0,0 si,
 0,0 st
%Cpu7  :100,0 us,  0,0 sy,  0,0 ni,  0,0 id,  0,0 wa,  0,0 hi,  0,0 si,
 0,0 st
KiB Mem : 32808916 total, 13956116 free,  8732080 used, 10120720 buff/cache
KiB Swap:  7812092 total,  7696636 free,   115456 used. 21859016 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND


26482 postfix   20   0  242836 156608   3408 R  2,1  0,5   0:59.19 cleanup


24968 postfix   20   0  241688 155464   3408 R  2,5  0,5   1:14.43 cleanup


25337 postfix   20   0  241488 155048   3400 R  2,0  0,5   1:09.51 cleanup


32606 postfix   20   0  240892 154600   3408 S  0,0  0,5   0:19.89 cleanup


27027 postfix   20   0  240804 154576   3408 R  2,1  0,5   0:57.33 cleanup


24575 postfix   20   0  240948 154396   3400 S  0,5  0,5   1:22.03 cleanup


19231 postfix   20   0  240212 153976   3400 R  2,1  0,5   2:07.90 cleanup


10572 postfix   20   0  240128 153820   3400 R  2,4  0,5   3:30.41 cleanup


 1921 postfix   20   0  240004 153716   3408 R  2,0  0,5   0:11.37 cleanup


  607 postfix   20   0  239756 153200   3400 R  1,4  0,5   0:16.62 cleanup


32393 postfix   20   0  238692 152460   3400 R  2,2  0,5   0:29.58 cleanup


25986 postfix   20   0  238452 152156   3400 R  0,1  0,5   1:16.30 cleanup


18941 postfix   20   0  237952 151612   3400 R  2,1  0,5   2:14.73 cleanup


 3396 postfix   20   0  237764 151484   3408 S  1,7  0,5   0:05.36 cleanup


 1933 postfix   20   0  237768 151480   3408 S  1,6  0,5   0:11.48 cleanup


 3104 postfix   20   0  237520 151228   3400 S  1,5  0,5   0:07.83 cleanup


 3238 postfix   20   0  237516 151228   3408 S  1,7  0,5   0:07.14 cleanup


22020 postfix   20   0  237704 151208   3408 R  2,0  0,5   1:51.85 cleanup


 1883 postfix   20   0  237224 150940   3408 R  2,5  0,5   0:12.96 cleanup


25044 postfix   20   0  237112 150776   3408 R  2,6  0,5   1:28.17 cleanup


25319 postfix   20   0  236920 150696   3408 R  2,1  0,5   1:27.55 cleanup


30583 postfix   20   0  236772 150532   3400 R  2,0  0,5   0:44.22 cleanup


 3161 postfix   20   0  236956 150528   3400 S  0,0  0,5   0:06.26 cleanup


 3136 postfix   20   0  236864 150448   3408 R  2,0  0,5   0:05.43 cleanup


 3116 postfix   20   0  236868 150440   3408 R  2,1  0,5   0:07.13 cleanup


 1909 postfix   20   0  236652 150420   3400 R  2,4  0,5   0:17.12 cleanup


 1897 postfix   20   0  236836 150408   3400 R  1,1  0,5   0:11.67 cleanup


32002 postfix   20   0  236536 150308   3400 R  2,5  0,5   0:29.71 cleanup

### version

mail_version = 2.10.1


#### main.cf
default_process_limit = 500

## Default 10 MB, subimos a 70 MB (lo mismo que el exim)
message_size_limit = 73400320

## Para aceptar desde backend Linux
mynetworks = 127.0.0.1/32 [::1]/128 172.17.0.0/16 10.0.0.0/8

## Round-robin de transports
transport_maps = tcp:127.0.0.1:23000
127.0.0.1:23000_time_limit = 3600s

## Cantidad de conexiones entrantes (Por defecto 2000)
smtpd_client_connection_count_limit = 2500

## Habilitar TLS - Recepcion
smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5
smtp_tls_protocols = !SSLv2:!SSLv3
smtp_tls_mandatory_protocols = !SSLv2:!SSLv3
smtpd_tls_cert_file = /etc/pki/tls/certs/linux.ferozo.com.pem
smtpd_tls_key_file = /etc/pki/tls/private/linux.ferozo.com.key
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/ssl/smtpd_ssl_cache
## Defaults cuando smtpd_tls_security_level = may
###smtpd_tls_ciphers = medium
###smtpd_tls_protocols = !SSLv2, !SSLv3
## Falta investigar si es necesario excluir ciphers debiles
###smtpd_tls_exclude_ciphers = MD5, DES

## Habilitar TLS - Envio
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/lib/postfix/ssl/smtp_ssl_cache
## Defaults cuando smtp_tls_security_level = may
###smtp_tls_ciphers = medium
###smtp_tls_protocols = !SSLv2, !SSLv3
## Falta investigar si es necesario excluir ciphers debiles
###smtp_tls_exclude_ciphers = MD5, DES

### Chequeo para remover cuentas mal formadas
smtpd_helo_required     = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
unknown_address_reject_code  = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code   = 554

## Reducimos el tiempo en que reporta el error a 0
smtpd_error_sleep_time = 0

## Limite de destinatarios por conversacion SMTP
smtpd_recipient_limit = 20

## Restricciones en helo
smtpd_helo_restrictions =  permit_mynetworks,
                           reject_non_fqdn_helo_hostname,
                           reject_invalid_helo_hostname,
                           permit

## Restricciones de sender    ## No enviar nunca desde ciertos sender
smtpd_sender_restrictions =   check_sender_access
 hash:/etc/postfix/sender_bloqueados,
                              ## Rechaza correos en caso que el dominio no
cumpla con la RFC
                              reject_non_fqdn_sender,
                              ## Rechaza sender que no cumplan con MX o DNS
                              reject_unknown_sender_domain,
                              ## Permitir backend
                              permit_mynetworks,
                              permit


## Restricciones de rcpt       ## No enviar nunca a ciertos destinatarios
smtpd_recipient_restrictions = check_recipient_access mysql:/etc/postfix/
mysql-virtual-recipient-access.cf
regexp:/etc/postfix/regex_destinatarios_bloqueados
                               ## Comprobamos si el destino admite el
pipeling, aguardamos la autorizacion
                               reject_unauth_pipelining,
                               ## Verificar dominios antes de mandarles
                               ### reject_unknown_recipient_domain,
                               ## Verificar fdqn rcpt ( el dominio a enviar
debe cumplir con las normas RFC )
                               reject_non_fqdn_recipient
                               ## Verificar destinatarios antes de mandarles
                               ### reject_unverified_recipient,
                               ## Permitir backend
                               permit_mynetworks,
                               ## Rechazar el resto
                               reject_unauth_destination
                               ## postfwd
#                               check_policy_service inet:127.0.0.1:20040

#smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:20040

## Change this setting into 550 when you trust Postfix's judgments
unverified_recipient_reject_code = 550

# Throttle limit policy mail (global)
initial_destination_concurrency = 2
default_destination_concurrency_limit = 10
default_destination_recipient_limit = 10
default_destination_rate_delay = 0s

## Rebotar luego de 5 horas (default 5d)
bounce_queue_lifetime  = 5h
maximal_queue_lifetime = 5h

## Tiempos en cola
queue_run_delay = 300s
minimal_backoff_time = 15m
maximal_backoff_time =  3h

## Chequeo de header
header_checks = regexp:/etc/postfix/header_checks

## Chequeos de body
body_checks = regexp:/etc/postfix/body_checks

Any ideas or help trying to figure this out?

cleanup services cpu overload

Reply via email to