on Tue, Dec 09, 2003 at 10:51:26AM -0800, Vineet Kumar ([EMAIL PROTECTED]) wrote: > * Karsten M. Self ([EMAIL PROTECTED]) [031208 19:46]: > > on Mon, Dec 08, 2003 at 06:44:04PM -0800, Vineet Kumar ([EMAIL PROTECTED]) wrote: > > > * Karsten M. Self ([EMAIL PROTECTED]) [031208 16:52]: > > > > For performance reasons, I also have in /etc/security/limits: > > > > > > > > mail hard nproc 30 > > > > > > > > ...to avoid runaway conditions when large mail loads hit. Mail > > > > processing will be limited to a max of 30 processes (generally 10 exim > > > > processes, 10 spamassassin clients, and a bit of overhead), but the > > > > system as a whole won't be bogged. > > > > > > So you have spamc running as mail, and not as the destination user > > > account? > > > > No. > > As I understand the line you gave above, that limits the number of > processes being run as the mail user. (I'm not using > /etc/security/limits.conf ; this is my understanding from reading the > comments in that file.)
Correct. > So how does this work? Is it that spamd forks for each client, and > that's running as mail, and that's where the limit comes into play? Yes. > It looks like spamd's default behavior is to run as root. This is true, but its children run as 'mail'. I think. What I know is that the above config *does* keep a box from spawning endless processes in response to spam swarms. > ISTR it needs this to be able to maintain users' ~/.spamassassin files > (auto-whitelists, Bayes DBs, etc.). Possibly handed to the children by the root process? I'm not sure of the guts here. > I'm trying to understand this better since I'm interested in setting > this up on one of my systems, which has, in the past, fallen victim to > what was essentially a spamassassin fork-bomb (a big sa-learn job in > the middle of the day, without nice). The above should help. > good times, > Vineet > -- > http://www.doorstop.net/ > -- > One nation, indivisible, with equality, liberty, and justice for all. Amen ;-) Peace. -- Karsten M. Self <[EMAIL PROTECTED]> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Unless you are very rich and very eccentric, you will not enjoy the luxury of having a computer in your own home. -- Ed Yourdon, _Techniques of Program Structure and Design_, 1975
pgp00000.pgp
Description: PGP signature
