Re: Sendmail & Queuing

To: Jason McMullen <jmcmullen@ins-business.com>
Cc: debian-isp@lists.debian.org
Subject: Re: Sendmail & Queuing
From: Rich Puhek <rpuhek@etnsystems.com>
Date: Fri, 12 Dec 2003 09:53:30 -0600
Message-id: <[🔎] 3FD9E47A.4000207@etnsystems.com>
References: <[🔎] 51281EBD0902504288C3CD5590AE06BE012358AF@intranet1.ins.jersey.net>



Jason McMullen wrote:

Good Day All,

I'm running into an odd issue.  We have 2 servers that act as
"front-end" MX hosts running Sendmail.  These servers then smarthost all
mail back to a main server.  This works well at keeping the main server
unloaded due to dictionary attacks and whatnot.  The problem we're
seeing is the MX hosts bogging down when trying to deliver mail to the

main host.

Does anyone have any tried and true methods for getting Sendmail to be a
little "nicer" about its queuing strategy?  Or is the best option qmail
or another MTA?

TIA!

-Jason

You might want to experiment with connection caching, so that the MXservers don't open a new connection to the mail_hub. Something like:

define(`confMCI_CACHE_SIZE',`2')dnl
define(`confMCI_CACHE_TIMEOUT',`120s')dnl

Also may want to sort your queue by host, so that all internal mail getsdelivered in order.

How many messages do you have in the queue on your MX hosts? If you'repushing over 1000, I'd suggest splitting into multiple queue directories.

Do you have host status enabled? If so, your state directory may be theproblem (.com and .net directories may have thousands of entries, whichwas not good on my ext2 filesystem). I have had good luck with making asmall ReiserFS parition for /var/local/state/sendmail.

How are you handling dictionary attacks? just letting the MX'es handletrying to DNS notifies, or do your MX hosts know about valid usernames?

If you have lots of bounces sitting in your queue on your MX hosts dueto spammer dictionary attacks, you can move the DSN messages into a"slow running" queue. Debian's sendmail installation has a method to dothis, or you can do something like:


a) Create a new queue directory (/var/spool/mqueue-slow-retry in my case).

b) Create the following /etc/cron.d/sendmail_slowqueue entry (may needto correct line breaks):


#!/bin/sh
#
# sendmail_slowqueue -- move hanging messages into a slower queue...
#
# 11/12/2003 by rpuhek@etnsystems.com
#

# Every 8 min, move to slower queue...
# (every 8, so that we stagger away from regular queue run... trying
# to prevent getting blocked by queue run.

*/8 * * * * root /usr/share/sendmail/qtool.pl -e'$msg{num_delivery_attempts} >= 3 && ($msg{sender} =~ "\<\>" or$msg{sender} =~ "MAILER-DAEMON")' /var/spool/mqueue-slow-retry/var/spool/mqueue/Q*


#Process the slow queue every 3 hours, instead of default 20 minutes.
# 11/17/03: Changed to run as root (permission problem as smmsp),
# also added QueueSortOrder=host, since most will be undeliverable
# bounce messages anyway. --RAP

5 */3 * * * root /usr/sbin/sendmail -q -L sendmail-slowqueue -OQueueDirectory=/var/spool/mqueue-slow-retry -O QueueSortOrder=host



--Rich

Reply to:

References:
- Sendmail & Queuing
  - From: "Jason McMullen" <jmcmullen@ins-business.com>

Prev by Date: Re: Sendmail & Queuing
Next by Date: 3ware 8506-4 hangs while making filesystem
Previous by thread: Re: Sendmail & Queuing
Next by thread: /etc/lilo.conf and system.map mismatches
Index(es):
- Date
- Thread