tuning Load Average for sendmail [RefuseLA]
in [Sendmail]
|
Prev: tuning Load Average for sendmail
Next: Getting "non Linux" LA on Linux [was: tuning Load Average for sendmail]
From: Andrzej Adam Filip on 13 May 2010 06:27 RICCARDO <ric.castellani(a)alice.it> wrote: > I'm using sendmail 8.12.10-1.1.1 and amavisd (with linked uvscan) for > my mail server, which process about 700 mail messages a day.There is > no other software on this mail server... > In maillog files I can see "rejecting connections on daemon MTA: load > average: XX" where XX is a number among 12 and 36. It occurs in a > changeable time, 40÷ 240 messages of rejecing connections" a day. > My sendmail.cf says: > > #O QueueLA=8 > #O RefuseLA=12 > #O DelayLA=0 > > Can I modify it in this way ? > What do you think ? > > #O QueueLA=20 > #O RefuseLA=36 > #O DelayLA=0 > > Or I can try to disable uvscan process to reduce load average ? 1) Do you run your sendmail on Linux? YES => Linux count LA unlike other OSes - it counts IO-waiting too Nick stated he usually used RefuseLA between 12 and 20 on non Linux OSes (based on *many* factors). References: pages 139-140 http://www.amazon.com/sendmail-Performance-Tuning-Nick-Christenson/dp/0321115708 http://www.jetcafe.org/~npc/book/sendmail/ 2) Do you use some DNSBLs to block connections from "low reputation" sources before using more "CPU hungry filtering"? Optimizing SMTP mail servers is almost always about *peak* load, it is hardly ever about average load -> your load peaks are quite likely caused by spam peaks (with 700 mails a day). -- [pl>en Andrew] Andrzej Adam Filip : anfi(a)onet.eu : Andrzej.Filip(a)gmail.com http://open-sendmail.sourceforge.net/ http://anfi.homeunix.org/ I never killed a man that didn't deserve it. -- Mickey Cohen
From: RICCARDO on 13 May 2010 15:40 On 13 Mag, 12:27, Andrzej Adam Filip <a...(a)onet.eu> wrote: > RICCARDO <ric.castell...(a)alice.it> wrote: > > I'm using sendmail 8.12.10-1.1.1 and amavisd (with linked uvscan) for > > my mail server, which process about 700 mail messages a day.There is > > no other software on this mail server... > > In maillog files I can see "rejecting connections on daemon MTA: load > > average: XX" where XX is a number among 12 and 36. It occurs in a > > changeable time, 40÷ 240 messages of rejecing connections" a day. > > My sendmail.cf says: > > > #O QueueLA=8 > > #O RefuseLA=12 > > #O DelayLA=0 > > > Can I modify it in this way ? > > What do you think ? > > > #O QueueLA=20 > > #O RefuseLA=36 > > #O DelayLA=0 > > > Or I can try to disable uvscan process to reduce load average ? > > 1) Do you run your sendmail on Linux? > YES => Linux count LA unlike other OSes - it counts IO-waiting too > > Nick stated he usually used RefuseLA between 12 and 20 on non Linux OSes > (based on *many* factors). > > References: > pages 139-140 > http://www.amazon.com/sendmail-Performance-Tuning-Nick-Christenson/dp.... > http://www.jetcafe.org/~npc/book/sendmail/ > > 2) Do you use some DNSBLs to block connections from "low reputation" > sources before using more "CPU hungry filtering"? > > Optimizing SMTP mail servers is almost always about *peak* load, > it is hardly ever about average load -> your load peaks are quite > likely caused by spam peaks (with 700 mails a day). > > -- > [pl>en Andrew] Andrzej Adam Filip : a...(a)onet.eu : Andrzej.Fi...(a)gmail.comhttp://open-sendmail.sourceforge.net/http://anfi.homeunix.org/ > I never killed a man that didn't deserve it. > -- Mickey Cohen 1) Yes I run my sendmail on Linux, Fedora Core 1 Do you think 36 as RefuseLA value is too high ? 2) Yes I'm using some DNSBLs to block connections but using firewall which is before my mail server , even if I have problems with them because it often occurs mail servers, which are used by customers, go to these blacklists. Do you know reliable DNSBL to use ? Have you got suggestions to reduce peak ?
From: Andrzej Adam Filip on 14 May 2010 06:20
RICCARDO <ric.castellani(a)alice.it> wrote: > [...] > 1) Yes I run my sendmail on Linux, Fedora Core 1 > Do you think 36 as RefuseLA value is too high ? Current Fedora Core release and "LA for Linux" has been covered in replies by other people. > 2) Yes I'm using some DNSBLs to block connections but using firewall > which is before my mail server , even if I have problems with them > because it often occurs mail servers, which are used by customers, go > to these blacklists. Do you know reliable DNSBL to use ? > Have you got suggestions to reduce peak ? Could you create list of your customers nets/ip addresses to exclude them from DNSBL checks? [It is possible via "X OK" entries in access table] Have you considered using "variable strength" checks based on "country of origin"? [There are IP_address->country maps available via DNS] e.g. using FEATURE(`anfi/rsdnsbl') you can use "basic checks" for "near by countries"/neighbors, add some check for all other countries and some extra (very picky) checks for "black sheep" countries. -- http://open-sendmail.sourceforge.net/ http://anfi.homeunix.org/ <Stealth> How do I bind a computer to an NIS server? <Joey> Use a rope? -- Seen on #Debian |