Re: OpenSMTPD with filter-spamassassin / max-children

2016-04-20 Thread ML mail 
Thanks for the precisions regarding max-inflight. That would be great if there 
could be a max session limit which would simply return a temporary failure when 
too busy. Maybe for a next version of OpenSMTPD...


On Wednesday, April 20, 2016 8:51 AM, Gilles Chehade  wrote:
On Tue, Apr 19, 2016 at 06:23:18PM +0200, Joerg Jung wrote:
> > Am 18.04.2016 um 16:56 schrieb ML mail :
> >
> > I have configured OpenSMTPD on OpenBSD 5.9 with the filter-spamassassin as a
> relay for a few of my webapp servers and have the problem when a webapp
> suddently sends over 30 mails at the same time. Basically the problem is that
> as I have configured spamd with 30 as max-children, as soon as I receive 30
> mails at the same time OpenSMTPD stops answering because all spamd childs are
> in busy state. This means that as long as all spamd child are in busy state I
> can not receive any more mails during that time.
> 
> So you get what you configured/requested.
> 
> > So in theory I would just raise the max-children setting of spamassassin but
> then it just postpones the problem really... so is there maybe another way to
> deal better with that issue?
> 
> Not really.
> 
> If these are your own web servers they
> will not send spam, right?
> So considering skip the filtering for them?
> 
> There is a max-inflight limit in smtpd.conf(5)
> which you may want to lower (below your 30).
> 

Generally speaking, I'd really avoid playing with max-inflight, it is a
scheduler knob from developers to developers.

Tweaking it for one particular case means it is tweaked for all cases.



> Also, the most recent git head of -extras contains
> a limit option which restricts the messages piped
> to spamassassin based on their size. The idea is:
> fewer/smaller mails are checked (fast),
> assuming that larger ones are rarely spam.
> 

much better strategy, maybe it should also contain a max session count
to tempfail incoming mail if there are already enough pending sessions
I don't know.

What I know is that max-inflight is not THE solution for sure.


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: OpenSMTPD with filter-spamassassin / max-children

2016-04-20 Thread Gilles Chehade 
On Tue, Apr 19, 2016 at 06:23:18PM +0200, Joerg Jung wrote:
> > Am 18.04.2016 um 16:56 schrieb ML mail :
> >
> > I have configured OpenSMTPD on OpenBSD 5.9 with the filter-spamassassin as a
> relay for a few of my webapp servers and have the problem when a webapp
> suddently sends over 30 mails at the same time. Basically the problem is that
> as I have configured spamd with 30 as max-children, as soon as I receive 30
> mails at the same time OpenSMTPD stops answering because all spamd childs are
> in busy state. This means that as long as all spamd child are in busy state I
> can not receive any more mails during that time.
> 
> So you get what you configured/requested.
> 
> > So in theory I would just raise the max-children setting of spamassassin but
> then it just postpones the problem really... so is there maybe another way to
> deal better with that issue?
> 
> Not really.
> 
> If these are your own web servers they
> will not send spam, right?
> So considering skip the filtering for them?
> 
> There is a max-inflight limit in smtpd.conf(5)
> which you may want to lower (below your 30).
> 

Generally speaking, I'd really avoid playing with max-inflight, it is a
scheduler knob from developers to developers.

Tweaking it for one particular case means it is tweaked for all cases.


> Also, the most recent git head of -extras contains
> a limit option which restricts the messages piped
> to spamassassin based on their size. The idea is:
> fewer/smaller mails are checked (fast),
> assuming that larger ones are rarely spam.
> 

much better strategy, maybe it should also contain a max session count
to tempfail incoming mail if there are already enough pending sessions
I don't know.

What I know is that max-inflight is not THE solution for sure.


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: OpenSMTPD with filter-spamassassin / max-children

2016-04-20 Thread ML mail 
Thanks for the pointer to limit scheduler max-inflight that sounds exactly what 
I need. I checked the smtpd.conf man page and it looks like there are no 
default values so I am guessing here that the default is unlimited. I will have 
a try at it.

Regarding spamd in theory you are right I would not need a spam filter for 
sending mails from various web apps, but I simply can not trust web apps from 
third-parties, e.g. a WordPress website gets hacked and is abused to send mails 
in mass... by the way I also use the filter-clamav, you never know.

Regards
ML



On Tuesday, April 19, 2016 6:30 PM, Joerg Jung  wrote:
> Am 18.04.2016 um 16:56 schrieb ML mail :
>
> I have configured OpenSMTPD on OpenBSD 5.9 with the filter-spamassassin as a
relay for a few of my webapp servers and have the problem when a webapp
suddently sends over 30 mails at the same time. Basically the problem is that
as I have configured spamd with 30 as max-children, as soon as I receive 30
mails at the same time OpenSMTPD stops answering because all spamd childs are
in busy state. This means that as long as all spamd child are in busy state I
can not receive any more mails during that time.

So you get what you configured/requested.


> So in theory I would just raise the max-children setting of spamassassin but
then it just postpones the problem really... so is there maybe another way to
deal better with that issue?

Not really.

If these are your own web servers they
will not send spam, right?
So considering skip the filtering for them?

There is a max-inflight limit in smtpd.conf(5)
which you may want to lower (below your 30).

Also, the most recent git head of -extras contains
a limit option which restricts the messages piped
to spamassassin based on their size. The idea is:
fewer/smaller mails are checked (fast),
assuming that larger ones are rarely spam.

Re: OpenSMTPD with filter-spamassassin / max-children

2016-04-19 Thread Joerg Jung 
> Am 18.04.2016 um 16:56 schrieb ML mail :
>
> I have configured OpenSMTPD on OpenBSD 5.9 with the filter-spamassassin as a
relay for a few of my webapp servers and have the problem when a webapp
suddently sends over 30 mails at the same time. Basically the problem is that
as I have configured spamd with 30 as max-children, as soon as I receive 30
mails at the same time OpenSMTPD stops answering because all spamd childs are
in busy state. This means that as long as all spamd child are in busy state I
can not receive any more mails during that time.

So you get what you configured/requested.

> So in theory I would just raise the max-children setting of spamassassin but
then it just postpones the problem really... so is there maybe another way to
deal better with that issue?

Not really.

If these are your own web servers they
will not send spam, right?
So considering skip the filtering for them?

There is a max-inflight limit in smtpd.conf(5)
which you may want to lower (below your 30).

Also, the most recent git head of -extras contains
a limit option which restricts the messages piped
to spamassassin based on their size. The idea is:
fewer/smaller mails are checked (fast),
assuming that larger ones are rarely spam.

OpenSMTPD with filter-spamassassin / max-children

2016-04-18 Thread ML mail 
Hello,

I have configured OpenSMTPD on OpenBSD 5.9 with the filter-spamassassin as a 
relay for a few of my webapp servers and have the problem when a webapp 
suddently sends over 30 mails at the same time. Basically the problem is that 
as I have configured spamd with 30 as max-children, as soon as I receive 30 
mails at the same time OpenSMTPD stops answering because all spamd childs are 
in busy state. This means that as long as all spamd child are in busy state I 
can not receive any more mails during that time.

So in theory I would just raise the max-children setting of spamassassin but 
then it just postpones the problem really... so is there maybe another way to 
deal better with that issue?

Regards
ML