On 03/31/2014 10:19 PM, Simon Hobson wrote:
Chris Adams <[email protected]> wrote:
There are 4 VMs for outbound postfix, and 4 separate VMs for policyd
(each are load-balanced). There's a separate dedicated MySQL server
that everything talks to.
I've been looking at my logs, and I see other instances of the quota
being reset to 1, not just under this spam flood, although under
moderate rates. For example, one user had the quota go from 1 to 38
between 03:10:03 and 03:11:02, and then at 03:11:03 it went back to 1.
That user's limit is 50 messages per 30 minutes; the "reset to 1"
behavior is not consistent; a little later that user hit their 50 and
got rejects.
I do see the entries in the session_tracking table. I don't know why
the Quotas module didn't see them.
I'm just wondering if there's a race condition where multiple servers are
updating the quota, and one update overrides another ?
I believe the updates are done += and -= style with the delta, not
updating the actual value with value = x
ref:
https://gitlab.devlabs.linuxassist.net/policyd/policyd/blob/master/cbp/modules/Quotas.pm#L269
I have a smaller 'cluster' of 3 machines which are all Xen PV guests, sharing a
backend. I run one instance of PolicyD on the backend and originally had my
Postfix instances accessing the single MySQL instance on the backend as well.
it all worked perfectly under the loads I was able to impose as tests - then it
all fell apart when I tried making it live.
Once under real tests, I found that MySQL lookups were failing and so there
were random mail rejections - so I had to revert back to the old server. I've
put slave MySQL instances on each host, but as yet haven't found the
out-of-hours time (or TBH, inclination to do OOH work) to try making it live
again.
Very odd indeed, I'm aware of some very large installations using
combinations of mailservers with policyd on them and dedicated mysql
servers. Do you perhaps have any logs with errors in them?
-N
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
