Perhaps someone has
seen this before so I ask: Recently I rebuilt a relay using RedHat 8.0. Went
with the latest version of SA at the time and I'm starting to see spamc
intermittently fail. Iptables has been ruled out as being connected with this.
(Was my first suspicion.)
Basically I see
spamc connections coming up in a "trapped" FIN_WAIT2 state. They will sit there
and eventually fill up instances of qmail to where it stops taking requests off
the network. (Note also that I'm running spamc from qmail-qfilter which is
called through the qmail-queue patch. I am not currently able to attribute any
of this to qmail.)
The netstat below
and ps output is about all I've been able to gather so far. If anyone has any
ideas on ways to trace this issue, let me know. The only hypothesis I can build
thus far as that a particularly malformed mail is causing spamd to trip up and
the spamc sessions to hang, but that's all conjecture.
Thanks in advance
for any ideas people may have,
-James
[root@boink root]#
netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 mail.boink1.com:smtp mailxx.boink1.com:1810 ESTABLISHED
tcp 0 0 boink:1212 boink:1318 CLOSE_WAIT
tcp 0 0 mail.boink.com:ssh 12.4.0.210:2058 ESTABLISHED
tcp 12120 0 boink:1212 boink:1378 CLOSE_WAIT
tcp 0 0 boink:1318 boink:1212 FIN_WAIT2
tcp 0 0 boink:1378 boink:1212 FIN_WAIT2
tcp 0 0 boink:1373 boink:1212 TIME_WAIT
tcp 0 0 boink:1372 boink:1212 TIME_WAIT
tcp 0 0 boink:1375 boink:1212 TIME_WAIT
tcp 0 0 boink:1374 boink:1212 TIME_WAIT
tcp 0 0 mail.boink1.com:1376 12.4.0.3:smtp TIME_WAIT
tcp 0 0 mail.boink1.com:1377 12.4.0.3:smtp TIME_WAIT
tcp 0 0 mail.boink1.com:smtp mailxx.boink1.com:1425 TIME_WAIT
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 mail.boink1.com:smtp mailxx.boink1.com:1810 ESTABLISHED
tcp 0 0 boink:1212 boink:1318 CLOSE_WAIT
tcp 0 0 mail.boink.com:ssh 12.4.0.210:2058 ESTABLISHED
tcp 12120 0 boink:1212 boink:1378 CLOSE_WAIT
tcp 0 0 boink:1318 boink:1212 FIN_WAIT2
tcp 0 0 boink:1378 boink:1212 FIN_WAIT2
tcp 0 0 boink:1373 boink:1212 TIME_WAIT
tcp 0 0 boink:1372 boink:1212 TIME_WAIT
tcp 0 0 boink:1375 boink:1212 TIME_WAIT
tcp 0 0 boink:1374 boink:1212 TIME_WAIT
tcp 0 0 mail.boink1.com:1376 12.4.0.3:smtp TIME_WAIT
tcp 0 0 mail.boink1.com:1377 12.4.0.3:smtp TIME_WAIT
tcp 0 0 mail.boink1.com:smtp mailxx.boink1.com:1425 TIME_WAIT
[jbly@boink jbly]$ ps -ef | grep qmail
qs 5515 1 0 Oct25 ? 00:00:02 qmail-send
ql 5517 5515 0 Oct25 ? 00:00:01 splogger qmail
root 5518 5515 0 Oct25 ? 00:00:00 qmail-lspawn |preline procmail
qr 5519 5515 0 Oct25 ? 00:00:00 qmail-rspawn
qq 5520 5515 0 Oct25 ? 00:00:00 qmail-clean
qd 20837 5516 0 10:56 ? 00:00:00 /var/mail/bin/qmail-smtpd
qd 20838 20837 0 10:56 ? 00:00:00 /var/mail/bin/qmail-qfilter /usr
qd 21093 5516 0 11:16 ? 00:00:00 /var/mail/bin/qmail-smtpd
qd 21094 21093 0 11:16 ? 00:00:00 /var/mail/bin/qmail-qfilter /usr
qd 21097 5516 0 11:16 ? 00:00:00 /var/mail/bin/qmail-smtpd
qd 21098 21097 0 11:16 ? 00:00:00 /var/mail/bin/qmail-qfilter /usr
jbly 21138 21105 0 11:16 pts/0 00:00:00 grep qmail
qd 21139 5516 0 11:16 ? 00:00:00 /var/mail/bin/qmail-smtpd
[jbly@boink jbly]$ ps -ef | grep spam
spamd 910 1 0 Oct24 ? 00:00:37 /usr/bin/perl /usr/bin/spamd -u
qd 20839 20838 0 10:56 ? 00:00:00 /usr/bin/spamc -p 1212
spamd 20840 910 6 10:56 ? 00:01:21 /usr/bin/perl /usr/bin/spamd -u
qd 21095 21094 0 11:16 ? 00:00:00 /usr/bin/spamc -p 1212
spamd 21096 910 3 11:16 ? 00:00:01 /usr/bin/perl /usr/bin/spamd -u
qd 21099 21098 0 11:16 ? 00:00:00 /usr/bin/spamc -p 1212
spamd 21100 910 0 11:16 ? 00:00:00 /usr/bin/perl /usr/bin/spamd -u
qd 21141 21140 0 11:16 ? 00:00:00 /usr/bin/spamc -p 1212
spamd 21142 910 0 11:16 ? 00:00:00 /usr/bin/perl /usr/bin/spamd -u
qd 21145 21144 0 11:17 ? 00:00:00 /usr/bin/spamc -p 1212
spamd 21146 910 2 11:17 ? 00:00:00 /usr/bin/perl /usr/bin/spamd -u
jbly 21148 21105 0 11:17 pts/0 00:00:00 grep spam
