Re: process limits (was: Spamassain question, whitelist?)

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: process limits (was: Spamassain question, whitelist?)
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Tue, 9 Dec 2003 18:06:52 -0800
Message-id: <[🔎] 20031210020652.GP16029@ix.netcom.com>
Mail-followup-to: Debian User List <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20031209185126.GB21183@doorstop.net>
References: <[🔎] 20031208151917.GP9275@ix.netcom.com> <[🔎] 20031208154739.GA6505@teddy.fas.com> <[🔎] 20031209005149.GA16029@ix.netcom.com> <[🔎] 20031209024404.GB12473@doorstop.net> <[🔎] 20031209034605.GE16029@ix.netcom.com> <[🔎] 20031209185126.GB21183@doorstop.net>

on Tue, Dec 09, 2003 at 10:51:26AM -0800, Vineet Kumar (vineet@doorstop.net) wrote:
> * Karsten M. Self (kmself@ix.netcom.com) [031208 19:46]:
> > on Mon, Dec 08, 2003 at 06:44:04PM -0800, Vineet Kumar (vineet@doorstop.net) wrote:
> > > * Karsten M. Self (kmself@ix.netcom.com) [031208 16:52]:
> > > > For performance reasons, I also have in /etc/security/limits:
> > > > 
> > > >     mail            hard    nproc           30
> > > > 
> > > > ...to avoid runaway conditions when large mail loads hit.  Mail
> > > > processing will be limited to a max of 30 processes (generally 10 exim
> > > > processes, 10 spamassassin clients, and a bit of overhead), but the
> > > > system as a whole won't be bogged.
> > > 
> > > So you have spamc running as mail, and not as the destination user
> > > account?  
> > 
> > No.
> 
> As I understand the line you gave above, that limits the number of
> processes being run as the mail user.  (I'm not using
> /etc/security/limits.conf ; this is my understanding from reading the
> comments in that file.)  

Correct.

> So how does this work?  Is it that spamd forks for each client, and
> that's running as mail, and that's where the limit comes into play?

Yes.

> It looks like spamd's default behavior is to run as root.  

This is true, but its children run as 'mail'.  I think.

What I know is that the above config *does* keep a box from spawning
endless processes in response to spam swarms.


> ISTR it needs this to be able to maintain users' ~/.spamassassin files
> (auto-whitelists, Bayes DBs, etc.).

Possibly handed to the children by the root process?  I'm not sure of
the guts here.

> I'm trying to understand this better since I'm interested in setting
> this up on one of my systems, which has, in the past, fallen victim to
> what was essentially a spamassassin fork-bomb (a big sa-learn job in
> the middle of the day, without nice).

The above should help.

> good times,
> Vineet
> -- 
> http://www.doorstop.net/
> -- 
> One nation, indivisible, with equality, liberty, and justice for all.

Amen ;-)


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Unless you are very rich and very eccentric, you will not enjoy the
   luxury of having a computer in your own home.
     -- Ed Yourdon, _Techniques of Program Structure and Design_, 1975

Attachment: pgpVi0KEbEYed.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: process limits (was: Spamassain question, whitelist?)
  - From: Bill Goudie <bgoudie@mail.com>

References:
- Re: Spamassain question, whitelist?
  - From: "Karsten M. Self" <kmself@ix.netcom.com>
- Re: Spamassain question, whitelist?
  - From: stan <stanb@panix.com>
- Re: Spamassain question, whitelist?
  - From: "Karsten M. Self" <kmself@ix.netcom.com>
- Re: Spamassain question, whitelist?
  - From: Vineet Kumar <vineet@doorstop.net>
- Re: Spamassain question, whitelist?
  - From: "Karsten M. Self" <kmself@ix.netcom.com>
- process limits (was: Spamassain question, whitelist?)
  - From: Vineet Kumar <vineet@doorstop.net>

Prev by Date: RE: Initrd problems
Next by Date: Re: Installing Debian question.
Previous by thread: process limits (was: Spamassain question, whitelist?)
Next by thread: Re: process limits (was: Spamassain question, whitelist?)
Index(es):
- Date
- Thread