[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Qmail exceedingly slow.

To: Roger Harrell <rharrell@xxxxxxxxxxxxx>, qmail@xxxxxxxxxxxxx
Subject: Re: Qmail exceedingly slow.
From: Christopher Chan <christopher@xxxxxxxxxx>
Date: Mon, 04 Feb 2008 11:53:08 +0800
Delivered-to: de5-qmail@sws5.ornl.gov
Delivered-to: mailing list qmail@list.cr.yp.to
In-reply-to: <7458D65D014B4B4CBF049B9A4C66793E053AB535@34093-EVS1C1.exchange.rackspace.com>
Mailing-list: contact qmail-help@list.cr.yp.to; run by ezmlm
References: <7458D65D014B4B4CBF049B9A4C66793E053AB535@34093-EVS1C1.exchange.rackspace.com>
User-agent: Thunderbird 1.5.0.12 (X11/20071020)

Hello Roger,

Roger Harrell wrote:

I apologize for my last message. I wasn't aware it went out blank.

In any case. I have a qmailrocks type install that has been stable for
about 2 years. Yesterday it suddenly started bogging down horribly. SMTP
connections to the server can not be made reliable so I can no longer
send or receive mail through this server. I really don't have a clue
what's going on. There's nothing in the logs that would indicate a
problem.

What I have: telnet localhost 25 gets a connection but no 220 response.

There are constantly about 50 qmail-smtp child processes running. Some
stick around for 15 minutes long or longer. Two forms:
vpopmail 25951  0.0  0.0   3932   748 ?        S    13:30   0:00
/var/qmail/bin/qmail-smtpd mail.audiblefaith.com
/home/vpopmail/bin/vchkpw /usr/bin/true
vpopmail 26662  0.0  0.0   1460   288 ?        S    13:36   0:00
/usr/local/bin/rblsmtpd -r sbl-xbl.spamhaus.org
/var/qmail/bin/qmail-smtpd mail.audiblefaith.com
/home/vpopmail/bin/vchkpw /usr/bin/true

You might be under a bounce flood or DOS attack. Hard to tell without doing tcpdumps or traces of qmail-smtpd process to see whether the problem is internal or external.

Some SMTP connections go through eventually. I have tried removing rbl references, restarting qmail and rebooting the server with no luck. There are about 100 port 25 connections at any given time: tcp 0 0 74.2.113.58:25 71.234.233.37:3335 SYN_RECV tcp 0 0 74.2.113.58:25 89.79.75.228:2586 SYN_RECV tcp 0 0 74.2.113.58:25 77.199.11.152:1595 SYN_RECV tcp 0 34 74.2.113.58:25 84.223.182.23:1840 LAST_ACK tcp 1 0 74.2.113.58:25 190.42.36.141:15813 CLOSE_WAIT tcp 0 34 74.2.113.58:25 190.2.161.184:4672 LAST_ACK tcp 1 0 74.2.113.58:25 78.144.218.25:4152 CLOSE_WAIT tcp 0 33 74.2.113.58:25 90.177.96.189:3081 ESTABLISHED

More than half are in the SYN_RECV state. The server itself is fine as far as load. 94% idle.

Two of those ips that I checked up on both appear to be dynamic ip pools. One in Italy and the other in France. qmail installations rarely go wrong all of a sudden. It would appear to me that your problem is basically connections from malfunctioning spambots. An external problem. I think it is time for you to get an automated system to firewall/drop miscreants given the number of bad connections you are getting...

Prev by Date: Re: Qmail exceedingly slow.
Next by Date: DJB alternative for pipe()?
Previous by thread: Re: Qmail exceedingly slow.
Next by thread: smtproutes + bad dns = email killed?
Index(es):
- Date
- Thread