Doug Hardie:
> I understood from the dnsblog man page that each dnsblog process
> only lives for a "limited amount of time". I noticed this because
> I have over 50 dnsblog processes running on a fairly light duty
> postfix server. Some of them are over a week old. At first I
> thought they must have been orphaned, but looking through maillog,
> I find entries in the last few minutes from the oldest and the
> newest. I didn't check all of them, but it appears they are all
> in use. Looking at the source for postfix-3.3-20180114 (on web),
> it appears dnsblog checks one IP address and then exits. I believe
> I can limit the number of dnsblog processes in master.cf (currently
> set to 0), but I am not sure that is a good idea. How long are
> these processes supposed to live?
According to source, dnsblog processes exclude themselves from the
max_use limit (max_idle remains in effect). I suppose I turned off
max_use because these processes are postscreen helpers. Postscreen
was designed to handle a much larger client load than to the rest
of Postfix. Under extreme loads like 10000+ connections/second,
one does not want to be creating 100+ processes/second, as that
would limit scalability.
The dnsblog processes still terminate after 100s idle time. On my
lightly-loaded server, there currently is no dnsblog process running.
Apparently your server has enough traffic to keep postscreen alive,
and as a consequence, a collection of dnsblog processes.
I suppose you could reduce max_idle, but don't go overboard and
set it to something small like 1s. That would be counterproductive.
Wiemaketse
