* Karsten M. Self (kmself@ix.netcom.com) [031208 19:46]: > on Mon, Dec 08, 2003 at 06:44:04PM -0800, Vineet Kumar (vineet@doorstop.net) wrote: > > * Karsten M. Self (kmself@ix.netcom.com) [031208 16:52]: > > > For performance reasons, I also have in /etc/security/limits: > > > > > > mail hard nproc 30 > > > > > > ...to avoid runaway conditions when large mail loads hit. Mail > > > processing will be limited to a max of 30 processes (generally 10 exim > > > processes, 10 spamassassin clients, and a bit of overhead), but the > > > system as a whole won't be bogged. > > > > So you have spamc running as mail, and not as the destination user > > account? > > No. As I understand the line you gave above, that limits the number of processes being run as the mail user. (I'm not using /etc/security/limits.conf ; this is my understanding from reading the comments in that file.) So how does this work? Is it that spamd forks for each client, and that's running as mail, and that's where the limit comes into play? It looks like spamd's default behavior is to run as root. ISTR it needs this to be able to maintain users' ~/.spamassassin files (auto-whitelists, Bayes DBs, etc.). I'm trying to understand this better since I'm interested in setting this up on one of my systems, which has, in the past, fallen victim to what was essentially a spamassassin fork-bomb (a big sa-learn job in the middle of the day, without nice). good times, Vineet -- http://www.doorstop.net/ -- One nation, indivisible, with equality, liberty, and justice for all.
Attachment:
signature.asc
Description: Digital signature