On Fri, 21 May 2010, Jean-Paul Natola wrote:
>
> On Fri, 21 May 2010, Bowie Bailey wrote:
>
> > Jean-Paul Natola wrote:
> > > Hi all,
> > >
> > > I am constantly getting the server reached --max children setting entries
> > > in my log
> > >
> > > I started with 10 max children and have been raising it by 2. I am now
> > > at 40 , but still getting the messages (though not as often) how high
> > > can I go given these specs:
> > >
> > > sa 3.3 on freebsd , hardware is a PIV 1.3 ghz with 1 gig of ram 20 gig
> > > 5400 rpm PATA drive, and processing an average of 8000 messages a day.
> > >
> > > When running top I have seen swap usage go as high as ~500M
> >Can you tune your MTA to limit the number of incoming SMTP connections?
>
> These are my mta settings
> smtp_accept_max = 10
> smtp_accept_max_per_host = 5
> smtp_accept_reserve = 0
>
> These are the stats for the week
> Total number of emails processed by the spam filter : 58249
> Number of spams : 54479 ( 93.53%)
> Number of clean messages : 3770 ( 6.47%)
> Average message analysis time : 10.98 seconds
> Average spam analysis time : 6.76 seconds
> Average clean message analysis time : 23.35 seconds
> Average message score : 11.49
> Average spam score : 20.10
> Average clean message score : -13.76
> Total spam volume : 677 Mbytes
> Total clean volume : 579 Mbytes
That box is rather elderly and under-powered by modern standards.
New improved versions of SA and other apps are only going to get
-more- resource hungry. (I'm old enough to remember when putting
a 128KB memory board in a PDP-11/34 was a big upgrade ;).
Let's run the numbers;
1 week = 604800 seconds, 604800/58249 messages in a week
= 10.38 seconds per message.
Your average analysis time is 10.98 seconds.
Thus you could almost run your system in single threaded mode
and be OK. two threads should be plenty, if the incoming arrivals
were evenly distributed. Should be no need for 40 children
ever, unless you're getting hit with a spam flood.
So you are either going to need to upgrade it or protect it by
reducing the number of concurrent messages being processed.
I don't know exim (we use sendmail & postfix) but it looks like
you need to adjust those mta settings to throttle down that
incoming rate.
One other possible problem source, network timeouts. SA makes heavy
use of DNS lookups for various network tests (RBLS, SPF, DKIM, botnet,
etc) as well as optional things like DCC, Razor, etc.
So network (particularly DNS) issues can cause SA to take too long
and timeout. A DNS cache run on your SA box will help that issue
(but of course makes demands on RAM & CPU).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
