On Tue, Dec 09, 2003 at 06:06:52PM -0800, Karsten M. Self wrote: > on Tue, Dec 09, 2003 at 10:51:26AM -0800, Vineet Kumar ([EMAIL PROTECTED]) wrote: > > * Karsten M. Self ([EMAIL PROTECTED]) [031208 19:46]: > > > on Mon, Dec 08, 2003 at 06:44:04PM -0800, Vineet Kumar ([EMAIL PROTECTED]) wrote: > > > > * Karsten M. Self ([EMAIL PROTECTED]) [031208 16:52]: > > > > > For performance reasons, I also have in /etc/security/limits: > > > > > > > > > > mail hard nproc 30 > > > > > > > > > > ...to avoid runaway conditions when large mail loads hit. Mail > > > > > processing will be limited to a max of 30 processes (generally 10 exim > > > > > processes, 10 spamassassin clients, and a bit of overhead), but the > > > > > system as a whole won't be bogged. > > > > > > > > So you have spamc running as mail, and not as the destination user > > > > account? > > > > > > No. > > > > As I understand the line you gave above, that limits the number of > > processes being run as the mail user. (I'm not using > > /etc/security/limits.conf ; this is my understanding from reading the > > comments in that file.) > > Correct. > > > So how does this work? Is it that spamd forks for each client, and > > that's running as mail, and that's where the limit comes into play? > > Yes. > > > It looks like spamd's default behavior is to run as root. > > This is true, but its children run as 'mail'. I think.
My understanding is that spamc will change its uid from root to the calling user if "-u" is not given. For example, I call spamc from procmail without "-u". Spamd logs: Dec 9 21:05:02 zeus spamd[1807]: connection from localhost [127.0.0.1] at port 43665 Dec 9 21:05:02 zeus spamd[20562]: info: setuid to bill succeeded Dec 9 21:05:02 zeus spamd[20562]: processing message <[EMAIL PROTECTED]> for bill:1000. And while in action: UID PID PPID C STIME TTY TIME CMD root 1807 1 0 Dec03 ? 00:00:10 /usr/sbin/spamd --create-prefs --max-children 10 --auto-whitelist -H -d --pidfile=/var/run/spamd.pid bill 20696 20682 0 21:16 ? 00:00:00 formail -s procmail bill 20697 20696 0 21:16 ? 00:00:00 procmail bill 20698 20697 1 21:16 ? 00:00:00 procmail bill 20699 20698 0 21:16 ? 00:00:00 spamc bill 20700 1807 47 21:16 ? 00:00:00 /usr/sbin/spamd --create-prefs --max-children 10 --auto-whitelist -H -d --pidfile=/var/run/spamd.pid So: formail -> procmail -> procmail -> spamc -> spamd(1807) -> spamd(20700) Your earlier posts suggest to me you are doing the same. Correct? > What I know is that the above config *does* keep a box from spawning > endless processes in response to spam swarms. Well, you've place the resource control at the begginning of the pipeline and indirectly control the number of spamd runs, I think. The number of spamd runs, however, still remains unlimited by the system but restricted by the max-children arguement, right? -- OS/2 must die! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
