On Wed, 11 May 2005 14:00:15 -0400
Matt Sergeant <[EMAIL PROTECTED]> wrote:
> > Deep recursion on subroutine "Qpsmtpd::run_hooks" at \
> > .../lib/Qpsmtpd.pm line 54.
> > It only happens with >150 or so simultaneous connections. It gets
> > worse,
> > but I think less than linearly, up to 1100 connections. I haven't
> > tried
> > beyond 1100.
>
> How are you creating that many connections? If I had a tool to test
> with I could try it out...
I figured your spamtrap would be the perfect way to load test.
It's embarrassing, but what the heck. I'd been having scaling issues with
forkserver (memory and cpu), so I shook pollserver out to where I was ready
to deploy it and made plans to do so. Then our semi-regular ddos attack
started up again so I started deploying pollserver early, intending a mix
of pollservers and forkservers to ride out the ddos. Then the ddos got
worse, and worse, so I switched to pollservers entirely. BTW, my biggest
cpu load is when pollserver accepts connections. It got worse and worse,
and I tinkered and tinkered. Eventually I discovered that I was saying
"450 FQDN required in the envelope sender" to rcpt whenever the sender was
<>. I fixed that (patch attached), and a few hours later, my cpu could
breathe again.
At peak, I was pegging the cpu with around 2200 connections per pollserver
(two per machine, 2.8GHz P4 HT, two machines). Denying connections just
makes the cpu work harder. My cpus got a little relief when I pushed
maxconn up from 200 to 1100, then to 2200. I'm now running about 220*4
connections comfortably (though with Deep recursion warnings).
Brian
--- plugins/require_resolvable_fromhost 2005-05-05 01:39:41.000000000 -0600
+++ plugins/require_resolvable_fromhost 2005-05-11 14:22:42.000000000 -0600
@@ -58,6 +58,7 @@
if (!$transaction->notes('resolvable')) {
my $sender = $transaction->sender;
+ return DECLINED if $sender->format eq "<>";
return (DENYSOFT,
($sender->host
? "Could not resolve ". $sender->host
