[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

process limits (was: Spamassain question, whitelist?)

* Karsten M. Self (kmself@ix.netcom.com) [031208 19:46]:
> on Mon, Dec 08, 2003 at 06:44:04PM -0800, Vineet Kumar (vineet@doorstop.net) wrote:
> > * Karsten M. Self (kmself@ix.netcom.com) [031208 16:52]:
> > > For performance reasons, I also have in /etc/security/limits:
> > > 
> > >     mail            hard    nproc           30
> > > 
> > > ...to avoid runaway conditions when large mail loads hit.  Mail
> > > processing will be limited to a max of 30 processes (generally 10 exim
> > > processes, 10 spamassassin clients, and a bit of overhead), but the
> > > system as a whole won't be bogged.
> > 
> > So you have spamc running as mail, and not as the destination user
> > account?  
> No.

As I understand the line you gave above, that limits the number of
processes being run as the mail user.  (I'm not using
/etc/security/limits.conf ; this is my understanding from reading the
comments in that file.)  So how does this work?  Is it that spamd forks
for each client, and that's running as mail, and that's where the limit
comes into play?  It looks like spamd's default behavior is to run as
root.  ISTR it needs this to be able to maintain users' ~/.spamassassin
files (auto-whitelists, Bayes DBs, etc.).

I'm trying to understand this better since I'm interested in setting
this up on one of my systems, which has, in the past, fallen victim to
what was essentially a spamassassin fork-bomb (a big sa-learn job
in the middle of the day, without nice).

good times,
One nation, indivisible, with equality, liberty, and justice for all.

Attachment: signature.asc
Description: Digital signature

Reply to: