Dan Wilder wrote:
We have a dedicated server with a single AMD Duron 600 with 384M RAM, 10G IDE HD. 384M swap, which does not seem to come into play.
Linux-2.4.24 kernel.
Razor2 is disabled but network tests are on, some extra RBLs, plus the same extra rule sets. SA 2.63. --max-children 30. Common Bayes Db located on hard drive local to the dedicated SA server. From local.cf:
Ouch! your --max-children could be a problem. In my experience, once spamd starts swapping, you're in big trouble. You might have been able to survive the Razor problems you mention below if -m was lower.
In my case, guessed at an initial number of children based on the memory usage of one spamd process, then I fine tuned that value after observing the server under high load. I started with 30, which was occasionally swapping at high loads, and ended up at 27.
Ugh, yes, keep the bayes (plus any razor-related stuff) on local drives. I'm even pondering a small partition mounted with noatime (any one with thoughts on bayes and a noatime mount?)bayes_learn_to_journal 1 bayes_path /var/lib/spamassassin/bayes bayes_file_mode 777
and sa-learn run from crontab once an hour.
Previously we'd used individual Bayes DBs but found the NFS load imposed for the user directories was sometimes excessive and in addition maintaining the individual Bayes DBs through various upgrade-related breakages was taking too much sysadmin effort.
Razor server slowness or outages had previously appeared to have
been associated with process load spiraling out of control. We have not observed that since we turned off Razor2.
Screening about 12,000 messages/24h, roughly 2600 detected as ham, the remainder spam. Some of the worst spamsites are prescreened using an RBL at the MTA level.
Same here, RBLs at the MTA helps greatly!
The box never seems to break into a sweat. I'm running a monitor
script which looks for rapid increase of swapspace used and restarts
spamd if it finds this. So far the script has not triggered even
once in several months. "sar -q" run daily never sees load average in excess of 2.0 on either the one-minute or the five-minute periods.
Why not just set the max-children limit to prevent swapping? That would seem gentler, since the 20+ messages currently being processed will get through, and if you get lucky, other messages will come through eventually as well.
Ideally, spamd would hold off forking if not enough free memory was available. I can't find any portable way to determine free RAM, though.
--Rich
