Am Dienstag, 29. MÃrz 2005 18:37 schrieb Jeremy Kitchen: > On Tuesday 29 March 2005 10:31 am, Tobias Orlamuende wrote: > > After intensive logging I found out, that chkuser sends something like > > "You are violating my security policy" when CHKUSERRCPTLIMIT and / or > > CHKUSER_WRONGRCPTLIMIT is reached. > > That's fine so far, but the other side is still sending masses of "rcpt > > to". This causes qmail-smtpd to stay open for a very long time until the > > sender finishes sending his spam. > > so? the resources consumed by a single copy of qmail-smtpd hanging around > for some spammer to give up are minimal.
IMHO not :-( qmail-smtpd is running for 40 minutes and counts up (until now) to 105 processes where the oldest one dates from one minute after startup of qmail-smtpd. Load of this Dueal-Opteron (240) is about 100. Timeoutsmtpd is set in control... Most of the started qmail-smtpd's are closed correctly, but some stay open which gives this amount... I am not 100% sure if this problem is caused by chkuser, but for me it looks like. The strange thing is, that most of these open sessions are using STARTTLS. Btw: Anybody made bad experiences with this patch ? http://www.arda.homeunix.net/store/qmail/starttls-2way-auth-20050307.patch I started with Bill Shupp's tls-auth-patch but the loead was even going much higher than now. > > > Wouldn't it make sense to let chkuser terminatie this specific > > qmail-smtpd instance if one of the above limits is reached? > > perhaps, but why? See above. > > > If yes, how could it be implemented? > > just edit the code. Find the place where it flips on the "ok, we're not > accepting anymore" limit... and have it exit. Nice. But for me as somebody who has nearly no knowledge of C it is quite difficult. Maybe you, Jeremy, or somebody else on this list has any hints for the above situation... Greetings Tobias