Atomicorp

Just a reminder/tip in case it helps someone:

One of the first things I usually do when setting up a Plesk server that uses qmail is to change instances=unlimited to something sensible in /etc/xinetd.d/smtp_psa

On our current batch of installations, I negelcted to do that even though it is in the checklist.

Anyway, for about an hour a day, a botnet has been using a domain we host as a fake from address on their crap, so a lot of bounces have been hitting our systems.

It didn't cause any significant issues until just now, when the load on two of them passed 100 and things started to fall over from the sheer number of spamassassin and clamav processes that were tryin to run at the same time.

Setting instances=2 (until things settle) and restarting xinetd fixed the probem immediately.

I'm surprised this hasn't happened in the past, to be honest. But I rather suspect this particular botnet has just gone into overdrive or is using this domain more.

I'll also have to check their SPF records -- not sure if they have created any - this domain belongs to a very nice, tech-savvy customer who has set most thing up themselves. I'm not sure if the SPF records will do much good in this instance but we'll see.

How many instances do you normally run?


edit:
I also fount the setting

per_source = 1

in another thread: https://www.atomicorp.com/forum/viewtop ... 90fa307f81

You can also limit based on the load average. However, please do note that these changes are overwritten by Plesk during upgrades. It would be ideal if Plesk added a feature to control these settings (as well as IMAP/POP limits) via the admin panel.

We usually use 10. But it depends on how busy your system is.
I suspect you could set it much lower.

Personally I'd set it to as low as you can go at a peak time of day without seeing a warning about limits beinf reached in /var/log/messages, then maybe add 2 to that figure. Keep an eye on things and as long as you don't see any limit reached messages too often, then that's probably as high as you want to go.

If you end up adding lots of new users on that system and the rate of incoming email increases, you may need to increase by 1 or 2.

Restart xinetd for these changes to come into effect.

The setting for load is very useful but I suspect it may not prevent an out of memory (or low memory) condition.

The instances value is, in a way, akin to the maxclients setting in Apache. You can set it surprisingly low since there tends not to be as many connections in one instant as you might imagine. Of course with qmail, unlike Apache, the process can sometimes be tied up for 5 to 10 seconds while spamassassin/clamav and various dnsbl checks do their thing, so in this case you may need a higher figure than you might think at first.

Thanks! Will give it a try!