Sendmail Queuing?
Anyone seen any odd queuing by Sendmail (or the ability to change how it queues)? Say the primary MX for a host is down and we attempt to send mail to a domain that it handles mail for. For example: ;; ANSWER SECTION: necinc.com. 19h32m42s IN MX 100 mail.wam.net. necinc.com. 19h32m42s IN MX 200 mail2.wam.net. necinc.com. 19h32m42s IN MX 10 mailgate.necinc.com. Now, if i force sendmail to run a queue for this host: sendmail -v -qRnecinc.com I receive this: Running /var/spool/mqueue/h7KKJwrA001233 (sequence 1 of 1) [EMAIL PROTECTED]... Connecting to mailgate.necinc.com. via esmtp... [EMAIL PROTECTED]... Deferred: Operation timed out with mailgate.necinc.com. It dumps that back message back into the queue. It'll keep that up for 6-8 hours THEN attempt to deliver to the higher weighted MX hosts which are up and accept. Shouldn't sendmail realize that the one host is down on the initial delivery attempt and try the next highest? I could see if we couldn't reach all three hosts, but if just one is down, there is no reason sendmail should queue the message for 8 hours before attempting another host. -Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Sendmail Queuing?
Anyone seen any odd queuing by Sendmail (or the ability to change how it queues)? Say the primary MX for a host is down and we attempt to send mail to a domain that it handles mail for. For example: ;; ANSWER SECTION: necinc.com. 19h32m42s IN MX 100 mail.wam.net. necinc.com. 19h32m42s IN MX 200 mail2.wam.net. necinc.com. 19h32m42s IN MX 10 mailgate.necinc.com. Now, if i force sendmail to run a queue for this host: sendmail -v -qRnecinc.com I receive this: Running /var/spool/mqueue/h7KKJwrA001233 (sequence 1 of 1) [EMAIL PROTECTED]... Connecting to mailgate.necinc.com. via esmtp... [EMAIL PROTECTED]... Deferred: Operation timed out with mailgate.necinc.com. It dumps that back message back into the queue. It'll keep that up for 6-8 hours THEN attempt to deliver to the higher weighted MX hosts which are up and accept. Shouldn't sendmail realize that the one host is down on the initial delivery attempt and try the next highest? I could see if we couldn't reach all three hosts, but if just one is down, there is no reason sendmail should queue the message for 8 hours before attempting another host. -Jason
Re: Sendmail Queuing
Jason, On Tue, Dec 02, 2003 at 10:19:07AM -0500, Jason McMullen wrote: I'm running into an odd issue. We have 2 servers that act as front-end MX hosts running Sendmail. These servers then smarthost all mail back to a main server. This works well at keeping the main server unloaded due to dictionary attacks and whatnot. The problem we're seeing is the MX hosts bogging down when trying to deliver mail to the main host. Does anyone have any tried and true methods for getting Sendmail to be a little nicer about its queuing strategy? Or is the best option qmail or another MTA? Make sure that SingleThreadDelivery is turned off on the MX. On the smarthost however make sure it's not dropping connections too early. Look at the the REFUSE_LA and QUEUE_LA (sendmail must have the correct LA_TYPE compiled in). Also look at the CONNECTION_RATE_THROTTLE and MAX_DAEMON_CHILDREN parameters. It may also help to pay attention to which host is resolving what. Hope this helps. -- Henk Roose - [EMAIL PROTECTED] CWI - Centrum voor Wiskunde en Informatica Centre for Mathematics and Computer Science Amsterdam (NL) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail Queuing
Jason McMullen wrote: Good Day All, I'm running into an odd issue. We have 2 servers that act as front-end MX hosts running Sendmail. These servers then smarthost all mail back to a main server. This works well at keeping the main server unloaded due to dictionary attacks and whatnot. The problem we're seeing is the MX hosts bogging down when trying to deliver mail to the main host. Does anyone have any tried and true methods for getting Sendmail to be a little nicer about its queuing strategy? Or is the best option qmail or another MTA? TIA! -Jason You might want to experiment with connection caching, so that the MX servers don't open a new connection to the mail_hub. Something like: define(`confMCI_CACHE_SIZE',`2')dnl define(`confMCI_CACHE_TIMEOUT',`120s')dnl Also may want to sort your queue by host, so that all internal mail gets delivered in order. How many messages do you have in the queue on your MX hosts? If you're pushing over 1000, I'd suggest splitting into multiple queue directories. Do you have host status enabled? If so, your state directory may be the problem (.com and .net directories may have thousands of entries, which was not good on my ext2 filesystem). I have had good luck with making a small ReiserFS parition for /var/local/state/sendmail. How are you handling dictionary attacks? just letting the MX'es handle trying to DNS notifies, or do your MX hosts know about valid usernames? If you have lots of bounces sitting in your queue on your MX hosts due to spammer dictionary attacks, you can move the DSN messages into a slow running queue. Debian's sendmail installation has a method to do this, or you can do something like: a) Create a new queue directory (/var/spool/mqueue-slow-retry in my case). b) Create the following /etc/cron.d/sendmail_slowqueue entry (may need to correct line breaks): #!/bin/sh # # sendmail_slowqueue -- move hanging messages into a slower queue... # # 11/12/2003 by [EMAIL PROTECTED] # # Every 8 min, move to slower queue... # (every 8, so that we stagger away from regular queue run... trying # to prevent getting blocked by queue run. */8 * * * * root /usr/share/sendmail/qtool.pl -e '$msg{num_delivery_attempts} = 3 ($msg{sender} =~ \\ or $msg{sender} =~ MAILER-DAEMON)' /var/spool/mqueue-slow-retry /var/spool/mqueue/Q* #Process the slow queue every 3 hours, instead of default 20 minutes. # 11/17/03: Changed to run as root (permission problem as smmsp), # also added QueueSortOrder=host, since most will be undeliverable # bounce messages anyway. --RAP 5 */3 * * * root /usr/sbin/sendmail -q -L sendmail-slowqueue -O QueueDirectory=/var/spool/mqueue-slow-retry -O QueueSortOrder=host --Rich -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail Queuing
Jason, On Tue, Dec 02, 2003 at 10:19:07AM -0500, Jason McMullen wrote: I'm running into an odd issue. We have 2 servers that act as front-end MX hosts running Sendmail. These servers then smarthost all mail back to a main server. This works well at keeping the main server unloaded due to dictionary attacks and whatnot. The problem we're seeing is the MX hosts bogging down when trying to deliver mail to the main host. Does anyone have any tried and true methods for getting Sendmail to be a little nicer about its queuing strategy? Or is the best option qmail or another MTA? Make sure that SingleThreadDelivery is turned off on the MX. On the smarthost however make sure it's not dropping connections too early. Look at the the REFUSE_LA and QUEUE_LA (sendmail must have the correct LA_TYPE compiled in). Also look at the CONNECTION_RATE_THROTTLE and MAX_DAEMON_CHILDREN parameters. It may also help to pay attention to which host is resolving what. Hope this helps. -- Henk Roose - [EMAIL PROTECTED] CWI - Centrum voor Wiskunde en Informatica Centre for Mathematics and Computer Science Amsterdam (NL)
Re: Sendmail Queuing
Jason McMullen wrote: Good Day All, I'm running into an odd issue. We have 2 servers that act as front-end MX hosts running Sendmail. These servers then smarthost all mail back to a main server. This works well at keeping the main server unloaded due to dictionary attacks and whatnot. The problem we're seeing is the MX hosts bogging down when trying to deliver mail to the main host. Does anyone have any tried and true methods for getting Sendmail to be a little nicer about its queuing strategy? Or is the best option qmail or another MTA? TIA! -Jason You might want to experiment with connection caching, so that the MX servers don't open a new connection to the mail_hub. Something like: define(`confMCI_CACHE_SIZE',`2')dnl define(`confMCI_CACHE_TIMEOUT',`120s')dnl Also may want to sort your queue by host, so that all internal mail gets delivered in order. How many messages do you have in the queue on your MX hosts? If you're pushing over 1000, I'd suggest splitting into multiple queue directories. Do you have host status enabled? If so, your state directory may be the problem (.com and .net directories may have thousands of entries, which was not good on my ext2 filesystem). I have had good luck with making a small ReiserFS parition for /var/local/state/sendmail. How are you handling dictionary attacks? just letting the MX'es handle trying to DNS notifies, or do your MX hosts know about valid usernames? If you have lots of bounces sitting in your queue on your MX hosts due to spammer dictionary attacks, you can move the DSN messages into a slow running queue. Debian's sendmail installation has a method to do this, or you can do something like: a) Create a new queue directory (/var/spool/mqueue-slow-retry in my case). b) Create the following /etc/cron.d/sendmail_slowqueue entry (may need to correct line breaks): #!/bin/sh # # sendmail_slowqueue -- move hanging messages into a slower queue... # # 11/12/2003 by [EMAIL PROTECTED] # # Every 8 min, move to slower queue... # (every 8, so that we stagger away from regular queue run... trying # to prevent getting blocked by queue run. */8 * * * * root /usr/share/sendmail/qtool.pl -e '$msg{num_delivery_attempts} = 3 ($msg{sender} =~ \\ or $msg{sender} =~ MAILER-DAEMON)' /var/spool/mqueue-slow-retry /var/spool/mqueue/Q* #Process the slow queue every 3 hours, instead of default 20 minutes. # 11/17/03: Changed to run as root (permission problem as smmsp), # also added QueueSortOrder=host, since most will be undeliverable # bounce messages anyway. --RAP 5 */3 * * * root /usr/sbin/sendmail -q -L sendmail-slowqueue -O QueueDirectory=/var/spool/mqueue-slow-retry -O QueueSortOrder=host --Rich
Sendmail Queuing
Good Day All, I'm running into an odd issue. We have 2 servers that act as front-end MX hosts running Sendmail. These servers then smarthost all mail back to a main server. This works well at keeping the main server unloaded due to dictionary attacks and whatnot. The problem we're seeing is the MX hosts bogging down when trying to deliver mail to the main host. Does anyone have any tried and true methods for getting Sendmail to be a little nicer about its queuing strategy? Or is the best option qmail or another MTA? TIA! -Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]