exim / amavis-ng overload
Hi group,
Had my system offline for about 36 hours to try out fai (on a different
drive). After this period, sunday evening, already late, I reconnected
my original drive, started the server and watched the connection coming
up. Many, many mails were downloaded (thanks to this fine group, :-) and
almost immediately, my server became irresponsive. I managed to squeeze
in and run top which came on after three minutes and saw my load
increase from 20 to 30 to 50 to 77.81. I had a few exim processes and
_lots_ of amavis processes running. My server started killing processes
(out of memory) and I decided to power down (using the button, nothing
else worked). I think I know what went wrong: there was no limit of
running exim processes. Each process started amavis to scan for viruses
and my server came to a dead stop. I disabled amavis and my mail came
right through. Apparently, delivery _is_ limited because I had only one
spamassassin running from my user's procmail at a time.
Two (groups of) questions:
1. What can I do when my server overloads like this? Logging in was
_very_ difficult or not possible (timeout of 60 seconds on login
prompt...)
2. How do I limit the number of exim processes? Exim is run from inetd
and the infopages showed me that smtp_accept_max will not work. Is
this indeed a problem? Should I run exim as a separate daemon and
enable smtp_accept_max (or keep it at default 20, better than no
limit...)? Is every server which runs exim from inetd vulnerable to
this (whether deliberate or not) DoS attack?
Thanks!
David
Reply to: