Hi Nick.
Thank you.
When concurrent POP3 is low, the loadavg of my server is low too.
My i/o is very high. Is normal?
If any user to connect in POP3, Can he to start a attack to up my I/O?
CPU states: cpu user nice system irq softirq iowait idle
total 10,8% 0,0% 1,0% 0,0% 0,2% 84,8% 2,9%
cpu00 25,1% 0,0% 0,5% 0,0% 0,1% 74,0% 0,0%
cpu01 12,1% 0,0% 0,9% 0,0% 0,3% 86,4% 0,0%
cpu02 4,3% 0,0% 1,7% 0,0% 0,1% 87,8% 5,7%
cpu03 1,5% 0,0% 0,7% 0,0% 0,3% 91,2% 5,9%
Regards,
Joao
----- Original Message -----
From: "Nick Bright" <[EMAIL PROTECTED]>
To: <vchkpw@inter7.com>
Sent: Monday, October 08, 2007 5:07 PM
Subject: Re: [vchkpw] qmail high performance
João Luiz - Terra wrote:
Hi Rick,
In SMTP Totals:
Max Allow 14.2 kSMTP (1422.7%) Average Allow 8345.0 SMTP (834.5%)
Current Allow 8694.0 SMTP (869.4%) Max Deny 11.4 kSMTP (1140.6%)
Average Deny 6337.0 SMTP (633.7%) Current Deny 5181.0 SMTP (518.1%)
What is Deny?
Deny is rejected SMTP sessions, usually due to an RBL rejection but this
can also be due to mailbox full or user not existing if you are using
the CHKUSER patch.
Is "Deny" high?
That doesn't strike me as overly high, over the last 24 hours I've had:
Max Allow 73.7 kSMTP (147.4%) Average Allow 36.5 kSMTP (73.0%) Current
Allow 42.3 kSMTP (84.6%)
Max Deny 54.2 kSMTP (108.4%) Average Deny 21.5 kSMTP (43.0%) Current
Deny 30.4 kSMTP (60.9%)
I wouldn't worry about the denies because they don't cause significant
load - as long as you're rejecting their connections, you don't have the
deal with the load of processing their mail.
Do you want see others logs of qmailmrtg?
Thank you
Joao
----- Original Message ----- From: "Rick Macdougall"
<[EMAIL PROTECTED]>
To: <vchkpw@inter7.com>
Sent: Sunday, October 07, 2007 10:11 AM
Subject: Re: [vchkpw] qmail high performance
Hi,
João Luiz - Terra wrote:
Hi Tren,
Sorry. My english is not good :).
My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb.
I have problems with delivery delay when my server is with many
connections POP3 and SMTP.
I use isoqlog to analyze my email traffic, but I don´t have stats of
POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any
software to analyze POP3 and SMTP log?
qmailmrtg7 is a graphing tool for qmail/pop3/dnscache etc. You can
find it at http://www.inter7.com
When my server is slow, I have:
SMTP concurrent: 40 - 50
POP3 concurrent: 20 - 30
Load Average: 30 - 40
Are you running SA and Clam on the same machine ?
Also, are you running the update_tmprsadh nightly (if your not it has
to generate a new key for every encrypted connection).
I have many SMTP connections with "not existing recipient".
If that message is in the smtpd log, that's fine.
You may also want to look at decreasing your timeoutsmtpd, put 180 or
something similar in /var/qmail/control/timeoutsmtpd to change the
default of 7200 (this will stop the spam zombie who hang around just
using up a connection slot).
My server was very good. Between last monday and last friday it is
very slow.
How can I identify a possible attack?
Hope the above helps.
Regards,
Rick
Esta mensagem foi verificada pelo E-mail Protegido Terra.
Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão:
5.1.00/5135
Proteja o seu e-mail Terra: http://mail.terra.com.br/
Esta mensagem foi verificada pelo E-mail Protegido Terra.
Scan engine: McAfee VirusScan / Atualizado em 08/10/2007 / Versão:
5.1.00/5136
Proteja o seu e-mail Terra: http://mail.terra.com.br/
