Re: process limits (was: Spamassain question, whitelist?)
On Tue, Dec 09, 2003 at 10:51:04AM -0800, Vineet Kumar wrote:
| > > * Karsten M. Self (firstname.lastname@example.org) [031208 16:52]:
| > > > For performance reasons, I also have in /etc/security/limits:
| > > >
| > > > mail hard nproc 30
| > > >
| > > > ...to avoid runaway conditions when large mail loads hit. Mail
| > > > processing will be limited to a max of 30 processes (generally 10 exim
| > > > processes, 10 spamassassin clients, and a bit of overhead), but the
| > > > system as a whole won't be bogged.
| I'm trying to understand this better since I'm interested in setting
| this up on one of my systems, which has, in the past, fallen victim to
| what was essentially a spamassassin fork-bomb (a big sa-learn job
| in the middle of the day, without nice).
What I have done to keep the mail load from blowing my machine away,
which works for whatever is running the load up (spamassassin, virus
scanning, other processes, etc), is the following lines in
/etc/exim.conf (running exim3, there are probably similar options for
---- snip ----
# When this option is set, no message deliveries are ever done if the
# system load average is greater than its value, except for deliveries
# forced with the -M option. If deliver_queue_load_max is not set and
# the load gets this high during a queue run, the run is abandoned.
# There are some operating systems for which Exim cannot determine the
# load average (see chapter 1); for these this option has no effect.
deliver_load_max = 4
# If the system load average is higher than this value, all incoming
# messages are queued, and no automatic deliveries are started. If
# this happens during local or remote SMTP input, all subsequent
# messages on the same connection are queued. Deliveries will
# subsequently be performed by queue running processes, unless the
# load is higher than deliver_load_max. There are some operating
# systems for which Exim cannot determine the load average (see
# chapter 1); for these this option has no effect. See also
# smtp_accept_queue and smtp_load_reserve.
queue_only_load = 4
---- snip ----
Tailor those to whatever keeps your system happy.
I hit the problem after coming home from vacation and having fetchmail
pump 200+ messages into exim in a row. I eventually had to reboot.
There's a fetchmail option to limit how many messages it grabs in one
batch that I now use as well. ("--fetchlimit 50" in
I do also use spamd/spamc, to attack the load problem from one of its