Welcome to WebmasterWorld Guest from 54.158.143.40

Forum Moderators: bakedjake

Message Too Old, No Replies

Sendmail Modifications

Reduced Connections

   
2:25 pm on Feb 12, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I have had server load issues for some time now. During peak traffic hours I often see load averages over 6. This load average has been traced to spammers pounding my sendmail with mutilple connections. They seem to be just flooding email addresses hoping that they get one through.

I don't want to spend more money on a server upgrade I just want to stop or sow down the assaults. I have very effective robot banning on my website, but not very good email sender banning. I do run spam assassin, however emails still get through just to be deleted on my pc.

So, I modified my sendmail CF (configuration) file as follows:

# maximum number of children we allow at one time
O MaxDaemonChildren=10

from 30

# load average at which we delay connections; 0 means no limit
O DelayLA=4

from 10

# load average at which we refuse connections
O RefuseLA=6

from 20

# maximum number of children we allow at one time
O MaxDaemonChildren=10

from 30

In summary, I changed my server to stop accepting email connections at a load average of 6 and to delay connections at 4. I reduced the connection to 10 and the children.

Seems to work at the moment - am I missing anything?

[edited by: Edge at 2:28 pm (utc) on Feb. 12, 2008]

3:43 pm on Feb 12, 2008 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



This will work to lower the load on your server during peaks, but it may also delay genuine emails. If you have only short bursts of spam coming in, this is the right solution, but if your general server load stays at 6 for an extended period of time, it may negatively affect your normal email stream because also normal email connections will be refused.

Your main problem is using SpamAssassin after the emails have been loaded. this causes load on sendmail, and on SpamAssassin to scan every mail.

If you already have SpamAssassin configured to automatically block emails from IP addresses which are listed in one of the remote blocklists (spamhaus, etc), you might consider putting that IP check not after sendmail, but before. In this way the email is rejected as soon as the spammer connects to your server and it doesn't consume processing power from sendmail and spamassassin.

Maybe blocking based on remote block lists (RBL) is a feature in sendmail, but to be honest I don't know; I am a qmail user. With my qmail installation I had to use an external small utility called rblsmtpd which fakes to be the real SMTP server until it has checked if the IP address is from a SPAM source. If the IP address is accepted, the SMTP connection is transparently rerouted to my real qmail SMTP server, otherwise the connection is dropped with an error message.