> On Mon, October 16, 2006 2:28 pm, Debbie D said:
>
>> this high amount of spam, (BTW scoring at 20-well over 1000) is killing
>> the loads and I have screaming clients..
>>
>> Just this afternoon (again around 12.30) it loaded up again with 312
>> mails.. the web based control panel was reacting so slow I would get 3
>> new ones for every one I managed to delete or deliver (I could not just
>> delete the queue because some were actually valid mails in there) Server
>> loads rose to well over 30, I shut exim - but cpanel was so kind to
>> automagically restart it every time.. tried a reboot from ssh but that
>> just hung.. the tech peeps did it from their end it it worked and brought
>> the loads down so I could delete faster than they came in and now we're
>> back to normal loads and queue
>>
>> I did upgrade to SA 3.1.7 last week - Wed night after a long day of
>> battling the loads.. and that seemed to go well
>>
>> suggestions? Offers of help???
> At this point, you probably need to find some way to blacklist part of
> that load, to keep your server from dealing with it. It may be possible
> to improve SA performance so that you can survive the onslaught, but SA
> does mean that your server has to do something with each email it scans.
>
> A 'quick fix' would actually be to turn SA off. The (spam) messages will
> all go through, but it should mean less load on your system.
>
> Look through the spam sent in those bursts and see if there is any way you
> can identify them *quickly*, preferably by IP addresses. Then block them
> so your server doesn't have to deal with them.
>
> Daniel T. Staal
Daniel I have tried that but apparently they are coming from everywhere all
at once.. I did find one that was really bad and blocked it with IPtables..
but that one continues to show up in my log watch where I would think it
would go away with the entry..
client 12.130.132.229 error sending response: host unreachable: 853
Time(s)
and that is a LOW number for this guy.. it some days its up to 2000 I traced
this and it is a an AT&T IP for some kind of business service they offer
>
> You probably have max children set too high. When a big
> bunch of messages come in, they all run, you don't have
> enough memory, and your system starts swapping like crazy.
> That brings everything on your server to a near halt.
> It reduces throughput, which means you get a backlog, which
> means you get stuck in this state because all the children
> stay active hogging RAM and trying to process the backlog.
>
> The solution is to either expand the RAM so the system can
> really handle that many active children at once, or set the
> maximum number of children to something much lower. Try 2
> or 3 even. It seems like more children would mean more work
> getting done, and that's true, but it's only true up to a point,
> and you've passed that point.
>
> - Logan
OK Logan I will investigate the RAM and see if it needs to be up'd and kick
the maxchild back down to 10 in the mean time.. the other thing I did last
week was
Number of minutes between mail server queue runs (default is 60).:
I lowered it to 90 minutes from 4 hours but obviously that didn't help one
bit
> Is the mail legitimate email?
>
> Meaning does the email come from wherever to *valid email addresses* on
> the
> server or do you have a system that will catch everything at the smtp
> level
> and then sort it out later?
>
> If your server catches everything, the smtp gate should probably be
> fortified with greylisting and invalid email address rejection first.
>
> There is not enough other info for me to recommend further...
>
> Thanks and kind regards,
>
> - rh
99% of the 300+ mails today and last week were addressed to valid users but
I'd say 60%+ was truly spam.. today as I manually delivered from Cpanel's
WHM individually, I tailed the maillog and many of them were scored and
trashed.. but with that said there was several very valid mails to very
valid users.. I have the whole machine set to fail for invalid users which
everyone on the cpanel forums say is much more efficient than blackhole
