[BUGS] [root: seaholm security check output]

jonathan michaels jlm at caamora.com.au
Wed Jan 23 19:30:23 EST 2008 

On Wed, Jan 23, 2008 at 01:51:15PM +1100, Jerahmy Pocott wrote:
> On 23/01/2008, at 8:02 AM, jonathan michaels wrote:
> 
> > one of teh things that bothers me me is that this full table
> > issue seems to be trancient, i am starting to think that it is
> > being caused by a system user, as in teh mail handler itself
> > that is causing teh proc table full errors, can this happen ??
> >
> > if this actually the case than how can i go about protection
> > teh system as it exists now from what could be a potential
> > 'driven to destruction' overload situation ??
> 
> Yes that was my concern when reading your original post..
> 
> It's all very well to increase the proc table if there is a legitimate  
> need, but just increasing could hide an error else where that is  
> actually causing the table to fill.
> 
> The box is the MX for the domain? Do you know how if it's sendmail  
> thats fulling the table? I guess it probably is..
> 
> You don't have anything like 'ForkEachJob' defined?

not unless it is the standard release, i have not changed
anything

> 
> The values you could play with are:
> 
> MaxDaemonChildren=
> ConnectionRateThrottle=
> 
> Which limit the amount of incoming connections sendmail accepts. The  
> first being the upper limit and the second being how many per second.  


> I'm not sure of the volume of mail you get, but if the table filling  

at this point in time its just a dozen or so mailinglists and
my own personal mail which runs at 1 or two a week <grin> on
average

> is due to say a flood of incoming connections the throttle value is  
> probably enough and would still allow legitimate connections, while  
> setting the max children could make it more difficult for legitimate  
> connections in the event of a flood but would make sure you never  

for single posts because it would cause teh spam to choke the
sendmail and it would then cause sendmail to be 'too busy' to
accept the legitimate incoming and refuse it with a 4XX
'please try again' failure ??

this is ok i think

> spawned too many processes..
> 
> That's assuming the issue is with incoming connections of course..

is there a definitive way of finding out, as far as i can tell
teh machine is pretty quiesent, it dose nothing 'special' just
run sendmail to collect mail from 4 local hosts process and
send out as well as teh processing of teh incoming, the "NOQUEUE"
failures as well as teh 'lost input channel" o suppose these
also require thier own child and so a place at teh 'table' ?

so if these increase than it is a problem, yes ?

would a faster cpu help ?

regards/thanks/appreciations .. most graciously

jonathan

-- 
================================================================
powered by ..
QNX, OS9 and freeBSD  --  http://caamora com au/operating system
==== === appropriate solution in an inappropriate world === ====

More information about the BUGS mailing list