[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Upgrade a mail server

On Tue, 19 Feb 2002 10:38, Craig Sanders wrote:
> > > I have a debian 2.1 email server, with sendmail as smtp server, and
> > > qpopper as POP3 server. This box hosts several domains (about 100
> > > different domains, using virtual hosting), with a total of 1300
> > > users. Because the auth method is based on /etc/passwd, I have 1300
> > > unix user accounts, one per mailbox, of course.
> > >
> > > This is becomming not scalable, and I want to start to use a mail
> > > server with auth based on sql, using MySQL for example. I am
> > > thinking in use a debian woody( I'll wait till woody becomes
> > > stable), with sendmail as smtp server, but I am not sure about the
> > > pop3 daemon I have to use.
> >
> > /etc/passwd should scale to 1300 users, using nscd should solve any
> > problems there.  But chances are that changing how you look up user
> > names won't make any noticable difference in performance.
> yes, /etc/passwd scales up to several thousand accounts - at least 5000
> or 10000 depending on how good your hardware is.

I expect that /etc/passwd would cause performance problems before 10K users.  
I used to run a machine with 27K users, it ran like a dog (load average was 
always >30, the system was not responsive, commands like "ls -l /tmp" would 
take noticable amounts of time to complete).  When I configured it to use 
hashed indexes to /etc/passwd (this was on AIX which does it much better than 
Linux) the load average dropped to between 0.5 and 4 (depending on the time 
of day), CPU usage was often less than 100%, and everything was responsive!

>  you don't need nscd,
> just hashed map files for /etc/{passwd,group,shadow).  there's a
> Makefile in /var/lib/misc which handles that.

The problem is that the utility programs like passwd(1) aren't smart enough 
to update the hash, and the libraries that read from the hashes aren't smart 
enough to check the time stamps and use /etc/passwd if it's more recent.  AIX 
does this much better.

> i'd love to convert it over to Maildir/ but haven't yet found any way
> that doesn't involve many hours of downtime while converting the
> mailboxes from mbox format to Maildir.
> one of these days i'll have the time to sit down and work out a good
> solution to the problem.  i've got some ideas but no time to work them
> out.

Conversion doesn't require system down-time.  Firstly you create Maildir 
directories.  Then you can convert the mail server to Maildir delivery in a 
matter of minutes, then you run a conversion script to convert mbox files to 
Maildir (may take hours or even a day depending on system speed and size of 
the spool).  When you think it's about half done you change the POP and IMAP 
servers to read from Maildir instead of mbox.  The end result is that there 
is a matter of minutes of actual down time, and for some users it will appear 
that their mail has been delayed (there are no guarantees about delivery time 

Signatures >4 lines are rude.  If you send email to me or to a mailing list
that I am subscribed to which has >4 lines of legalistic junk at the end
then you are specifically authorizing me to do whatever I wish with the
message (the sig won't be read).

Reply to: