Re: [vchkpw] qmail high performance
WOW your iowait state is WAY too high. Seems to me like you probably need to make some hard drive changes. What is your current drive configuration? Please be as specific as possible. If it helps, I'll describe my configuration: I'm using three RAID arrays. Two are RAID1 and one is RAID10, with one RAID1 and the RAID10 on an LSI MegaRAID SATA 300-X8 (six drives, 160GB SATA-II). The other RAID1 is a pair of 15,000 RPM Ultra 320 SCSI drives using linux software RAID1. The SATA RAID1 contains / The SATA RAID10 contains /usr/local/vpopmail/domains The SCSI RAID1 contains /tmp and some other working directories Here are my load numbers at the random moment I went and copied them. This can fluctuate anywhere from a little more heavily used than this, to 95% idle (for reference it's a dual 2Ghz Xeon): top - 12:49:26 up 138 days, 3:59, 1 user, load average: 2.31, 2.78, 2.30 Tasks: 238 total, 2 running, 233 sleeping, 0 stopped, 3 zombie Cpu0: 23.6% us, 15.9% sy, 0.0% ni, 58.0% id, 2.1% wa, 0.4% hi, 0.0% si Cpu1: 34.4% us, 10.5% sy, 0.0% ni, 54.2% id, 1.0% wa, 0.0% hi, 0.0% si Cpu2: 25.4% us, 10.9% sy, 0.0% ni, 62.4% id, 1.4% wa, 0.0% hi, 0.0% si Cpu3: 17.3% us, 11.9% sy, 0.0% ni, 68.4% id, 2.3% wa, 0.0% hi, 0.0% si Mem: 2074860k total, 2043580k used,31280k free, 254412k buffers Swap: 4194296k total,38020k used, 4156276k free, 887628k cached --- - Nick Bright Network Administrator Terra World Tel 888-332-1616 x 315 Fax 620-332-1201 João Luiz - Terra wrote: Hi Nick. Thank you. When concurrent POP3 is low, the loadavg of my server is low too. My i/o is very high. Is normal? If any user to connect in POP3, Can he to start a attack to up my I/O? CPU states: cpuusernice systemirq softirq iowaitidle total 10,8%0,0%1,0% 0,0% 0,2% 84,8%2,9% cpu00 25,1%0,0%0,5% 0,0% 0,1% 74,0%0,0% cpu01 12,1%0,0%0,9% 0,0% 0,3% 86,4%0,0% cpu024,3%0,0%1,7% 0,0% 0,1% 87,8%5,7% cpu031,5%0,0%0,7% 0,0% 0,3% 91,2%5,9% Regards, Joao - Original Message - From: Nick Bright [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Monday, October 08, 2007 5:07 PM Subject: Re: [vchkpw] qmail high performance João Luiz - Terra wrote: Hi Rick, In SMTP Totals: Max Allow 14.2 kSMTP (1422.7%) Average Allow 8345.0 SMTP (834.5%) Current Allow 8694.0 SMTP (869.4%) Max Deny 11.4 kSMTP (1140.6%) Average Deny 6337.0 SMTP (633.7%) Current Deny 5181.0 SMTP (518.1%) What is Deny? Deny is rejected SMTP sessions, usually due to an RBL rejection but this can also be due to mailbox full or user not existing if you are using the CHKUSER patch. Is Deny high? That doesn't strike me as overly high, over the last 24 hours I've had: Max Allow 73.7 kSMTP (147.4%) Average Allow 36.5 kSMTP (73.0%) Current Allow 42.3 kSMTP (84.6%) Max Deny 54.2 kSMTP (108.4%) Average Deny 21.5 kSMTP (43.0%) Current Deny 30.4 kSMTP (60.9%) I wouldn't worry about the denies because they don't cause significant load - as long as you're rejecting their connections, you don't have the deal with the load of processing their mail. Do you want see others logs of qmailmrtg? Thank you Joao - Original Message - From: Rick Macdougall [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 10:11 AM Subject: Re: [vchkpw] qmail high performance Hi, João Luiz - Terra wrote: Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? qmailmrtg7 is a graphing tool for qmail/pop3/dnscache etc. You can find it at http://www.inter7.com When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 Are you running SA and Clam on the same machine ? Also, are you running the update_tmprsadh nightly (if your not it has to generate a new key for every encrypted connection). I have many SMTP connections with not existing recipient. If that message is in the smtpd log, that's fine. You may also want to look at decreasing your timeoutsmtpd, put 180 or something similar in /var/qmail/control/timeoutsmtpd to change the default of 7200 (this will stop the spam zombie who hang around just using up a connection slot). My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Hope the above helps. Regards, Rick Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br
Re: [vchkpw] qmail high performance
Hi Tren, Thank you! I´m testing the sysstat Regards, Joao - Original Message - From: Tren Blackburn [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Monday, October 08, 2007 11:51 PM Subject: RE: [vchkpw] qmail high performance -Original Message- From: João Luiz - Terra [mailto:[EMAIL PROTECTED] Sent: Monday, October 08, 2007 3:13 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] qmail high performance Hi Nick. Thank you. When concurrent POP3 is low, the loadavg of my server is low too. My i/o is very high. Is normal? If any user to connect in POP3, Can he to start a attack to up my I/O? CPU states: cpuusernice systemirq softirq iowait idle total 10,8%0,0%1,0% 0,0% 0,2% 84,8% 2,9% cpu00 25,1%0,0%0,5% 0,0% 0,1% 74,0% 0,0% cpu01 12,1%0,0%0,9% 0,0% 0,3% 86,4% 0,0% cpu024,3%0,0%1,7% 0,0% 0,1% 87,8% 5,7% cpu031,5%0,0%0,7% 0,0% 0,3% 91,2% 5,9% Regards, Joao How many hard drives are in this server? Are they in RAID at all? It's looking that most of your high load average is due to waiting on IO. This is solved by adding more drives to increase available IO bandwidth. You should become familiar with two utilities, vmstat and iostat. If you're using a redhat derived linux, install the sysstat rpm to gain access to iostat. Between these two utilities you should be able to figure out where your problems are coming from and how to resolve them. Regards, Tren Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 08/10/2007 / Versão: 5.1.00/5136 Proteja o seu e-mail Terra: http://mail.terra.com.br/
Re: [vchkpw] qmail high performance
Hi Rick, Thank you. I installed qmailmrtg7. I don´t running SA and Clam when my server is slow. [EMAIL PROTECTED] cat /var/qmail/control/simcontrol :clam=no,spam=no,spam_passthru=no,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif Also, are you running the update_tmprsadh nightly (if your not it has to generate a new key for every encrypted connection). How can I know if my qmail is to generate a new key for every encrypted connection? Is this? 01 01 * * * root /var/qmail/bin/dh_key 21 /dev/null You may also want to look at decreasing your timeoutsmtpd, put 180 or something similar in /var/qmail/control/timeoutsmtpd to change the default of 7200 (this will stop the spam zombie who hang around just using up a connection slot). I use timeoutsmtpd with 60. Regards, Joao - Original Message - From: Rick Macdougall [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 10:11 AM Subject: Re: [vchkpw] qmail high performance Hi, João Luiz - Terra wrote: Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? qmailmrtg7 is a graphing tool for qmail/pop3/dnscache etc. You can find it at http://www.inter7.com When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 Are you running SA and Clam on the same machine ? Also, are you running the update_tmprsadh nightly (if your not it has to generate a new key for every encrypted connection). I have many SMTP connections with not existing recipient. If that message is in the smtpd log, that's fine. You may also want to look at decreasing your timeoutsmtpd, put 180 or something similar in /var/qmail/control/timeoutsmtpd to change the default of 7200 (this will stop the spam zombie who hang around just using up a connection slot). My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Hope the above helps. Regards, Rick Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/
Re: [vchkpw] qmail high performance
Hi Rick, In SMTP Totals: Max Allow 14.2 kSMTP (1422.7%) Average Allow 8345.0 SMTP (834.5%) Current Allow 8694.0 SMTP (869.4%) Max Deny 11.4 kSMTP (1140.6%) Average Deny 6337.0 SMTP (633.7%) Current Deny 5181.0 SMTP (518.1%) What is Deny? Is Deny high? Do you want see others logs of qmailmrtg? Thank you Joao - Original Message - From: Rick Macdougall [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 10:11 AM Subject: Re: [vchkpw] qmail high performance Hi, João Luiz - Terra wrote: Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? qmailmrtg7 is a graphing tool for qmail/pop3/dnscache etc. You can find it at http://www.inter7.com When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 Are you running SA and Clam on the same machine ? Also, are you running the update_tmprsadh nightly (if your not it has to generate a new key for every encrypted connection). I have many SMTP connections with not existing recipient. If that message is in the smtpd log, that's fine. You may also want to look at decreasing your timeoutsmtpd, put 180 or something similar in /var/qmail/control/timeoutsmtpd to change the default of 7200 (this will stop the spam zombie who hang around just using up a connection slot). My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Hope the above helps. Regards, Rick Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/
Re: [vchkpw] qmail high performance
I had the same problems under high load on a similarly configured machine (2.0Ghz instead of 2.4Ghz, but other than that about the same). When I installed the external big todo patches it helped A LOT, but I still have some delay in delivery. However it is much more acceptable as messages can be delayed one to two minutes, instead of fifteen to twenty minutes. Usually things go through fairly instantly. The single best performance enhancer you could do would be the external todo patch, from my point of view. I also found that the chkuser patch also helped a LOT, I highly recommend using that patch as well. For reference, I'm not using Bill's toaster, but rather my own custom brew. Another load reducing method is to use a much faster anti-spam product, but you will most likely have to pay for that. I suggest MPPd (messagepartners.com) I've been using it for several years with the Cloudmark plugin and it is much more effective than spamassassin, with hundreds of times lower load on the system. --- - Nick Bright Network Administrator Terra World Tel 888-332-1616 x 315 Fax 620-332-1201 João Luiz - Terra wrote: Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 I have many SMTP connections with not existing recipient. My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Thank you Joao - Original Message - From: Tren Blackburn [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, October 06, 2007 8:02 PM Subject: RE: [vchkpw] qmail high performance Hi Joao; From: João Luiz - Terra [mailto:[EMAIL PROTECTED] Sent: Saturday, October 06, 2007 3:22 PM To: vchkpw@inter7.com Subject: [vchkpw] qmail high performance Hello, I am working with qmail toaster by http://www.shupp.org/toaster/. Is it the better performance instalation? My server is very slowly :( You'll need to give something specific here. Bill Shupps Toaster is widely popular. I use it myself and have no issues with performance. What are the specifications of the hardware you've implemented it on. What specifically is performing slow? Is there anything else on this server? Approximately how many mailboxes are housed on this server? How many deliveries per second/minute/hour/day (whatever is easiest to convey) and do you have any idea what your peak concurrent deliveries are? You need to provide as much information as possible before asking such a general question. Regards, Tren Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/ begin:vcard fn:Nick Bright n:Bright;Nick org:Terra World Communications, LLC adr:Suite #11;;200 ARCO Place;Independence;KS;67301;USA email;internet:[EMAIL PROTECTED] title:Network Administrator tel;work:888-332-1616 tel;fax:620-332-1201 x-mozilla-html:FALSE url:http://home.terraworld.net version:2.1 end:vcard
Re: [vchkpw] qmail high performance
João Luiz - Terra wrote: Hi Rick, In SMTP Totals: Max Allow 14.2 kSMTP (1422.7%) Average Allow 8345.0 SMTP (834.5%) Current Allow 8694.0 SMTP (869.4%) Max Deny 11.4 kSMTP (1140.6%) Average Deny 6337.0 SMTP (633.7%) Current Deny 5181.0 SMTP (518.1%) What is Deny? Deny is rejected SMTP sessions, usually due to an RBL rejection but this can also be due to mailbox full or user not existing if you are using the CHKUSER patch. Is Deny high? That doesn't strike me as overly high, over the last 24 hours I've had: Max Allow 73.7 kSMTP (147.4%) Average Allow 36.5 kSMTP (73.0%) Current Allow 42.3 kSMTP (84.6%) Max Deny 54.2 kSMTP (108.4%) Average Deny 21.5 kSMTP (43.0%) Current Deny 30.4 kSMTP (60.9%) I wouldn't worry about the denies because they don't cause significant load - as long as you're rejecting their connections, you don't have the deal with the load of processing their mail. Do you want see others logs of qmailmrtg? Thank you Joao - Original Message - From: Rick Macdougall [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 10:11 AM Subject: Re: [vchkpw] qmail high performance Hi, João Luiz - Terra wrote: Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? qmailmrtg7 is a graphing tool for qmail/pop3/dnscache etc. You can find it at http://www.inter7.com When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 Are you running SA and Clam on the same machine ? Also, are you running the update_tmprsadh nightly (if your not it has to generate a new key for every encrypted connection). I have many SMTP connections with not existing recipient. If that message is in the smtpd log, that's fine. You may also want to look at decreasing your timeoutsmtpd, put 180 or something similar in /var/qmail/control/timeoutsmtpd to change the default of 7200 (this will stop the spam zombie who hang around just using up a connection slot). My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Hope the above helps. Regards, Rick Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/ begin:vcard fn:Nick Bright n:Bright;Nick org:Terra World Communications, LLC adr:Suite #11;;200 ARCO Place;Independence;KS;67301;USA email;internet:[EMAIL PROTECTED] title:Network Administrator tel;work:888-332-1616 tel;fax:620-332-1201 x-mozilla-html:FALSE url:http://home.terraworld.net version:2.1 end:vcard
Re: [vchkpw] qmail high performance
I just wonder if anyone have tested Trend Micro for AV. I know it's a pay AV but just wonder.. Thanks Nick Bright wrote: I had the same problems under high load on a similarly configured machine (2.0Ghz instead of 2.4Ghz, but other than that about the same). When I installed the external big todo patches it helped A LOT, but I still have some delay in delivery. However it is much more acceptable as messages can be delayed one to two minutes, instead of fifteen to twenty minutes. Usually things go through fairly instantly. The single best performance enhancer you could do would be the external todo patch, from my point of view. I also found that the chkuser patch also helped a LOT, I highly recommend using that patch as well. For reference, I'm not using Bill's toaster, but rather my own custom brew. Another load reducing method is to use a much faster anti-spam product, but you will most likely have to pay for that. I suggest MPPd (messagepartners.com) I've been using it for several years with the Cloudmark plugin and it is much more effective than spamassassin, with hundreds of times lower load on the system. --- - Nick Bright Network Administrator Terra World Tel 888-332-1616 x 315 Fax 620-332-1201 João Luiz - Terra wrote: Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 I have many SMTP connections with not existing recipient. My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Thank you Joao - Original Message - From: Tren Blackburn [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, October 06, 2007 8:02 PM Subject: RE: [vchkpw] qmail high performance Hi Joao; From: João Luiz - Terra [mailto:[EMAIL PROTECTED] Sent: Saturday, October 06, 2007 3:22 PM To: vchkpw@inter7.com Subject: [vchkpw] qmail high performance Hello, I am working with qmail toaster by http://www.shupp.org/toaster/. Is it the better performance instalation? My server is very slowly :( You'll need to give something specific here. Bill Shupps Toaster is widely popular. I use it myself and have no issues with performance. What are the specifications of the hardware you've implemented it on. What specifically is performing slow? Is there anything else on this server? Approximately how many mailboxes are housed on this server? How many deliveries per second/minute/hour/day (whatever is easiest to convey) and do you have any idea what your peak concurrent deliveries are? You need to provide as much information as possible before asking such a general question. Regards, Tren Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/ !DSPAM:470a8edd117907257416469!
Re: [vchkpw] qmail high performance
are you using tcpserver ? how you are starting qmail ? Itamar Reis Peixoto e-mail/msn: [EMAIL PROTECTED] skype: itamarjp icq: 81053601 +55 11 4063 5033 - Original Message - From: João Luiz - Terra [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 10:01 AM Subject: Re: [vchkpw] qmail high performance Hi Itamar, I disable the spamassassin and clamav when my server is slow. Regards, Joao - Original Message - From: Itamar Reis Peixoto [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 9:29 PM Subject: Re: [vchkpw] qmail high performance your load is very high you're using spamassassin ? Itamar Reis Peixoto e-mail/msn: [EMAIL PROTECTED] skype: itamarjp icq: 81053601 +55 11 4063 5033 - Original Message - From: João Luiz - Terra [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 1:09 AM Subject: Re: [vchkpw] qmail high performance Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 I have many SMTP connections with not existing recipient. My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Thank you Joao - Original Message - From: Tren Blackburn [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, October 06, 2007 8:02 PM Subject: RE: [vchkpw] qmail high performance Hi Joao; From: João Luiz - Terra [mailto:[EMAIL PROTECTED] Sent: Saturday, October 06, 2007 3:22 PM To: vchkpw@inter7.com Subject: [vchkpw] qmail high performance Hello, I am working with qmail toaster by http://www.shupp.org/toaster/. Is it the better performance instalation? My server is very slowly :( You'll need to give something specific here. Bill Shupps Toaster is widely popular. I use it myself and have no issues with performance. What are the specifications of the hardware you've implemented it on. What specifically is performing slow? Is there anything else on this server? Approximately how many mailboxes are housed on this server? How many deliveries per second/minute/hour/day (whatever is easiest to convey) and do you have any idea what your peak concurrent deliveries are? You need to provide as much information as possible before asking such a general question. Regards, Tren Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/ Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/
Re: [vchkpw] qmail high performance
Hi Itamar, I use tcpserver. The qmail is starting after reboot automatically. Is correct? Regards, Joao - Original Message - From: Itamar Reis Peixoto [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Tuesday, October 09, 2007 1:45 PM Subject: Re: [vchkpw] qmail high performance are you using tcpserver ? how you are starting qmail ? Itamar Reis Peixoto e-mail/msn: [EMAIL PROTECTED] skype: itamarjp icq: 81053601 +55 11 4063 5033 - Original Message - From: João Luiz - Terra [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 10:01 AM Subject: Re: [vchkpw] qmail high performance Hi Itamar, I disable the spamassassin and clamav when my server is slow. Regards, Joao - Original Message - From: Itamar Reis Peixoto [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 9:29 PM Subject: Re: [vchkpw] qmail high performance your load is very high you're using spamassassin ? Itamar Reis Peixoto e-mail/msn: [EMAIL PROTECTED] skype: itamarjp icq: 81053601 +55 11 4063 5033 - Original Message - From: João Luiz - Terra [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 1:09 AM Subject: Re: [vchkpw] qmail high performance Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 I have many SMTP connections with not existing recipient. My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Thank you Joao - Original Message - From: Tren Blackburn [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, October 06, 2007 8:02 PM Subject: RE: [vchkpw] qmail high performance Hi Joao; From: João Luiz - Terra [mailto:[EMAIL PROTECTED] Sent: Saturday, October 06, 2007 3:22 PM To: vchkpw@inter7.com Subject: [vchkpw] qmail high performance Hello, I am working with qmail toaster by http://www.shupp.org/toaster/. Is it the better performance instalation? My server is very slowly :( You'll need to give something specific here. Bill Shupps Toaster is widely popular. I use it myself and have no issues with performance. What are the specifications of the hardware you've implemented it on. What specifically is performing slow? Is there anything else on this server? Approximately how many mailboxes are housed on this server? How many deliveries per second/minute/hour/day (whatever is easiest to convey) and do you have any idea what your peak concurrent deliveries are? You need to provide as much information as possible before asking such a general question. Regards, Tren Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/ Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/ Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 08/10/2007 / Versão: 5.1.00/5136 Proteja o seu e-mail Terra: http://mail.terra.com.br/
Re: [vchkpw] qmail high performance
Hi Nick. Thank you. When concurrent POP3 is low, the loadavg of my server is low too. My i/o is very high. Is normal? If any user to connect in POP3, Can he to start a attack to up my I/O? CPU states: cpuusernice systemirq softirq iowaitidle total 10,8%0,0%1,0% 0,0% 0,2% 84,8%2,9% cpu00 25,1%0,0%0,5% 0,0% 0,1% 74,0%0,0% cpu01 12,1%0,0%0,9% 0,0% 0,3% 86,4%0,0% cpu024,3%0,0%1,7% 0,0% 0,1% 87,8%5,7% cpu031,5%0,0%0,7% 0,0% 0,3% 91,2%5,9% Regards, Joao - Original Message - From: Nick Bright [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Monday, October 08, 2007 5:07 PM Subject: Re: [vchkpw] qmail high performance João Luiz - Terra wrote: Hi Rick, In SMTP Totals: Max Allow 14.2 kSMTP (1422.7%) Average Allow 8345.0 SMTP (834.5%) Current Allow 8694.0 SMTP (869.4%) Max Deny 11.4 kSMTP (1140.6%) Average Deny 6337.0 SMTP (633.7%) Current Deny 5181.0 SMTP (518.1%) What is Deny? Deny is rejected SMTP sessions, usually due to an RBL rejection but this can also be due to mailbox full or user not existing if you are using the CHKUSER patch. Is Deny high? That doesn't strike me as overly high, over the last 24 hours I've had: Max Allow 73.7 kSMTP (147.4%) Average Allow 36.5 kSMTP (73.0%) Current Allow 42.3 kSMTP (84.6%) Max Deny 54.2 kSMTP (108.4%) Average Deny 21.5 kSMTP (43.0%) Current Deny 30.4 kSMTP (60.9%) I wouldn't worry about the denies because they don't cause significant load - as long as you're rejecting their connections, you don't have the deal with the load of processing their mail. Do you want see others logs of qmailmrtg? Thank you Joao - Original Message - From: Rick Macdougall [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 10:11 AM Subject: Re: [vchkpw] qmail high performance Hi, João Luiz - Terra wrote: Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? qmailmrtg7 is a graphing tool for qmail/pop3/dnscache etc. You can find it at http://www.inter7.com When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 Are you running SA and Clam on the same machine ? Also, are you running the update_tmprsadh nightly (if your not it has to generate a new key for every encrypted connection). I have many SMTP connections with not existing recipient. If that message is in the smtpd log, that's fine. You may also want to look at decreasing your timeoutsmtpd, put 180 or something similar in /var/qmail/control/timeoutsmtpd to change the default of 7200 (this will stop the spam zombie who hang around just using up a connection slot). My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Hope the above helps. Regards, Rick Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/ Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 08/10/2007 / Versão: 5.1.00/5136 Proteja o seu e-mail Terra: http://mail.terra.com.br/
RE: [vchkpw] qmail high performance
-Original Message- From: João Luiz - Terra [mailto:[EMAIL PROTECTED] Sent: Monday, October 08, 2007 3:13 PM To: vchkpw@inter7.com Subject: Re: [vchkpw] qmail high performance Hi Nick. Thank you. When concurrent POP3 is low, the loadavg of my server is low too. My i/o is very high. Is normal? If any user to connect in POP3, Can he to start a attack to up my I/O? CPU states: cpuusernice systemirq softirq iowait idle total 10,8%0,0%1,0% 0,0% 0,2% 84,8% 2,9% cpu00 25,1%0,0%0,5% 0,0% 0,1% 74,0% 0,0% cpu01 12,1%0,0%0,9% 0,0% 0,3% 86,4% 0,0% cpu024,3%0,0%1,7% 0,0% 0,1% 87,8% 5,7% cpu031,5%0,0%0,7% 0,0% 0,3% 91,2% 5,9% Regards, Joao How many hard drives are in this server? Are they in RAID at all? It's looking that most of your high load average is due to waiting on IO. This is solved by adding more drives to increase available IO bandwidth. You should become familiar with two utilities, vmstat and iostat. If you're using a redhat derived linux, install the sysstat rpm to gain access to iostat. Between these two utilities you should be able to figure out where your problems are coming from and how to resolve them. Regards, Tren
Re: [vchkpw] qmail high performance
The single best performance enhancer you could do would be the external todo patch, from my point of view. Depends on the filesystem. If the filesystem has indexed directory support, ext-todo should be sufficient. Otherwise, you need the big-ext-todo patch.
Re: [vchkpw] qmail high performance
Hi Itamar, I disable the spamassassin and clamav when my server is slow. Regards, Joao - Original Message - From: Itamar Reis Peixoto [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 9:29 PM Subject: Re: [vchkpw] qmail high performance your load is very high you're using spamassassin ? Itamar Reis Peixoto e-mail/msn: [EMAIL PROTECTED] skype: itamarjp icq: 81053601 +55 11 4063 5033 - Original Message - From: João Luiz - Terra [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 1:09 AM Subject: Re: [vchkpw] qmail high performance Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 I have many SMTP connections with not existing recipient. My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Thank you Joao - Original Message - From: Tren Blackburn [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, October 06, 2007 8:02 PM Subject: RE: [vchkpw] qmail high performance Hi Joao; From: João Luiz - Terra [mailto:[EMAIL PROTECTED] Sent: Saturday, October 06, 2007 3:22 PM To: vchkpw@inter7.com Subject: [vchkpw] qmail high performance Hello, I am working with qmail toaster by http://www.shupp.org/toaster/. Is it the better performance instalation? My server is very slowly :( You'll need to give something specific here. Bill Shupps Toaster is widely popular. I use it myself and have no issues with performance. What are the specifications of the hardware you've implemented it on. What specifically is performing slow? Is there anything else on this server? Approximately how many mailboxes are housed on this server? How many deliveries per second/minute/hour/day (whatever is easiest to convey) and do you have any idea what your peak concurrent deliveries are? You need to provide as much information as possible before asking such a general question. Regards, Tren Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/ Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/
Re: [vchkpw] qmail high performance
Hi, João Luiz - Terra wrote: Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? qmailmrtg7 is a graphing tool for qmail/pop3/dnscache etc. You can find it at http://www.inter7.com When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 Are you running SA and Clam on the same machine ? Also, are you running the update_tmprsadh nightly (if your not it has to generate a new key for every encrypted connection). I have many SMTP connections with not existing recipient. If that message is in the smtpd log, that's fine. You may also want to look at decreasing your timeoutsmtpd, put 180 or something similar in /var/qmail/control/timeoutsmtpd to change the default of 7200 (this will stop the spam zombie who hang around just using up a connection slot). My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Hope the above helps. Regards, Rick
[vchkpw] qmail high performance
Hello, I am working with qmail toaster by http://www.shupp.org/toaster/. Is it the better performance instalation? My server is very slowly :( Thank you Joao
RE: [vchkpw] qmail high performance
Hi Joao; From: João Luiz - Terra [mailto:[EMAIL PROTECTED] Sent: Saturday, October 06, 2007 3:22 PM To: vchkpw@inter7.com Subject: [vchkpw] qmail high performance Hello, I am working with qmail toaster by http://www.shupp.org/toaster/. Is it the better performance instalation? My server is very slowly :( You'll need to give something specific here. Bill Shupps Toaster is widely popular. I use it myself and have no issues with performance. What are the specifications of the hardware you've implemented it on. What specifically is performing slow? Is there anything else on this server? Approximately how many mailboxes are housed on this server? How many deliveries per second/minute/hour/day (whatever is easiest to convey) and do you have any idea what your peak concurrent deliveries are? You need to provide as much information as possible before asking such a general question. Regards, Tren
Re: [vchkpw] qmail high performance
Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 I have many SMTP connections with not existing recipient. My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Thank you Joao - Original Message - From: Tren Blackburn [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, October 06, 2007 8:02 PM Subject: RE: [vchkpw] qmail high performance Hi Joao; From: João Luiz - Terra [mailto:[EMAIL PROTECTED] Sent: Saturday, October 06, 2007 3:22 PM To: vchkpw@inter7.com Subject: [vchkpw] qmail high performance Hello, I am working with qmail toaster by http://www.shupp.org/toaster/. Is it the better performance instalation? My server is very slowly :( You'll need to give something specific here. Bill Shupps Toaster is widely popular. I use it myself and have no issues with performance. What are the specifications of the hardware you've implemented it on. What specifically is performing slow? Is there anything else on this server? Approximately how many mailboxes are housed on this server? How many deliveries per second/minute/hour/day (whatever is easiest to convey) and do you have any idea what your peak concurrent deliveries are? You need to provide as much information as possible before asking such a general question. Regards, Tren Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/
Re: [vchkpw] qmail high performance
your load is very high you're using spamassassin ? Itamar Reis Peixoto e-mail/msn: [EMAIL PROTECTED] skype: itamarjp icq: 81053601 +55 11 4063 5033 - Original Message - From: João Luiz - Terra [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Sunday, October 07, 2007 1:09 AM Subject: Re: [vchkpw] qmail high performance Hi Tren, Sorry. My english is not good :). My server is dual xeon 2.4 with 2 Gb RAM and HD SCSI 73 Gb. I have problems with delivery delay when my server is with many connections POP3 and SMTP. I use isoqlog to analyze my email traffic, but I don´t have stats of POP3 and connections with my SMTP (RBL, no delivery, ...). Exists any software to analyze POP3 and SMTP log? When my server is slow, I have: SMTP concurrent: 40 - 50 POP3 concurrent: 20 - 30 Load Average: 30 - 40 I have many SMTP connections with not existing recipient. My server was very good. Between last monday and last friday it is very slow. How can I identify a possible attack? Thank you Joao - Original Message - From: Tren Blackburn [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Saturday, October 06, 2007 8:02 PM Subject: RE: [vchkpw] qmail high performance Hi Joao; From: João Luiz - Terra [mailto:[EMAIL PROTECTED] Sent: Saturday, October 06, 2007 3:22 PM To: vchkpw@inter7.com Subject: [vchkpw] qmail high performance Hello, I am working with qmail toaster by http://www.shupp.org/toaster/. Is it the better performance instalation? My server is very slowly :( You'll need to give something specific here. Bill Shupps Toaster is widely popular. I use it myself and have no issues with performance. What are the specifications of the hardware you've implemented it on. What specifically is performing slow? Is there anything else on this server? Approximately how many mailboxes are housed on this server? How many deliveries per second/minute/hour/day (whatever is easiest to convey) and do you have any idea what your peak concurrent deliveries are? You need to provide as much information as possible before asking such a general question. Regards, Tren Esta mensagem foi verificada pelo E-mail Protegido Terra. Scan engine: McAfee VirusScan / Atualizado em 05/10/2007 / Versão: 5.1.00/5135 Proteja o seu e-mail Terra: http://mail.terra.com.br/
