homepage Welcome to WebmasterWorld Guest from 54.161.202.234
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Sendmail Modifications
Reduced Connections
Edge




msg:3572817
 2:25 pm on Feb 12, 2008 (gmt 0)

I have had server load issues for some time now. During peak traffic hours I often see load averages over 6. This load average has been traced to spammers pounding my sendmail with mutilple connections. They seem to be just flooding email addresses hoping that they get one through.

I don't want to spend more money on a server upgrade I just want to stop or sow down the assaults. I have very effective robot banning on my website, but not very good email sender banning. I do run spam assassin, however emails still get through just to be deleted on my pc.

So, I modified my sendmail CF (configuration) file as follows:

# maximum number of children we allow at one time
O MaxDaemonChildren=10

from 30

# load average at which we delay connections; 0 means no limit
O DelayLA=4

from 10

# load average at which we refuse connections
O RefuseLA=6

from 20

# maximum number of children we allow at one time
O MaxDaemonChildren=10

from 30

In summary, I changed my server to stop accepting email connections at a load average of 6 and to delay connections at 4. I reduced the connection to 10 and the children.

Seems to work at the moment - am I missing anything?

[edited by: Edge at 2:28 pm (utc) on Feb. 12, 2008]

 

lammert




msg:3572892
 3:43 pm on Feb 12, 2008 (gmt 0)

This will work to lower the load on your server during peaks, but it may also delay genuine emails. If you have only short bursts of spam coming in, this is the right solution, but if your general server load stays at 6 for an extended period of time, it may negatively affect your normal email stream because also normal email connections will be refused.

Your main problem is using SpamAssassin after the emails have been loaded. this causes load on sendmail, and on SpamAssassin to scan every mail.

If you already have SpamAssassin configured to automatically block emails from IP addresses which are listed in one of the remote blocklists (spamhaus, etc), you might consider putting that IP check not after sendmail, but before. In this way the email is rejected as soon as the spammer connects to your server and it doesn't consume processing power from sendmail and spamassassin.

Maybe blocking based on remote block lists (RBL) is a feature in sendmail, but to be honest I don't know; I am a qmail user. With my qmail installation I had to use an external small utility called rblsmtpd which fakes to be the real SMTP server until it has checked if the IP address is from a SPAM source. If the IP address is accepted, the SMTP connection is transparently rerouted to my real qmail SMTP server, otherwise the connection is dropped with an error message.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved