Qmail update for 3.35 broken toaster-watcher.conf

ljimber · March 08, 2004, 07:00:27 AM

All, I upgraded qmail only :

"
install Mail::Toaster 3.35
update toaster-watcher.conf
services stop
toaster_setup.pl -s qmail
services start
toaster-watcher.pl
"

Now I am getting this every 5 minutes.

BuildSmtpRun: your smtpd_max_memory_per_connection and smtpd_max_connections settings in toaster-watcher.conf have exceeded your smtpd_max_memory setting. I am reducing the connections to 6 to compensate. You should fix your settings.

My toaster-watcher.conf:

smtpd_max_memory_per_connection = 40 # in megabytes
smtpd_max_connections = 50
smtpd_max_memory = 256

Any ideas?

Thanks,

L.

ljimber · March 09, 2004, 06:30:05 AM

OK, not sure why it needs to be changed after the upgrade.

These settings work.

mtpd_max_memory_per_connection = 30 # in megabytes
smtpd_max_connections = 10
smtpd_max_memory = 500

L.

davidcl · March 09, 2004, 09:57:24 AM

I'm confused about this change also. Matt, can you clarify?

I'm not sure why max_memory needs to be >= max_memory_per_connection * max_connections. Does each SMTP connection automatically use it's maximum amount of memory?

matt · March 09, 2004, 11:20:28 AM

Quote:

I'm not sure why max_memory needs to be >= max_memory_per_connection * max_connections. Does each SMTP connection automatically use it's maximum amount of memory?

No, but it certainly can. The max_memory settings is designed to do exactly that, limit the maximum amount of memory that can be consumed by smtp processes.

If you want to run more SMTP processes and each one can use up to 50MB, simply bump up the max_memory. It should be made very obvious to the newbie sysadmin that they could be begging for trouble the next time a virus is running around in the wild.

That's been a planned feature for a while, I just got around to adding the code to enforce it.

Matt[/quote]

davidcl · March 09, 2004, 12:17:07 PM

Frequently in these situations I have to "use the source" since Matt's explanations don't always clear up the answers to my questions. After reading the toaster code, I think I understand. smtpd_max_memory has no function other than generating this warning message. Is that correct?

Previously, I thought smtpd_max_memory was some system-level throttle that kept too many huge smtpd sessions from running.

It would be handy if there was such a throttle, but there's no such thing-- just the concurrent connection limit set by tcpserver, and the per-connection RAM limit set by softlimit.

Suppose my machine has 1024MB of RAM. It's primarily a mail exchanger, so I want to allow SMTP processes to use 750MB of my RAM, leaving just a touch over 256MB for other processes. I set my smtpd_max_memory to 750.

To avoid any one particular smtp connection from overwhelming my machine, I set smtpd_max_memory_per_connection to 50MB. This is a VERY important setting, because softlimit/qmail will start soft-bouncing mail if the smtpd processes exceed this value.

I should now set smtpd_max_connections to 15. (15 * 50 = 750).

But, by watching "top" while sending messages through my box, my best guess is that a typical SMTP session never exceeds 30 MB of memory. This means I can safely accept 25 simultaneous connections (25 * 30 = 750). So I would prefer to set my smtpd_max_connections to 25.

If I want to be able to accept 25 simultaneous connections, AND I want to be able to give each connection 50 MB, I have to accept the mathematical truth that these connections might someday use up to 1250MB. It's likely that in normal operation, even at 25 simultaneous connections, the memory usage by smtpd processes would not exceed 750MB. However, if someone decided to DOS my server, they could cause it to slow to a crawl by creating massive swapping activity, because the smtpd connections would try to use 1250MB of RAM, and I only have 1024MB.

So I'll probably strike a balance by decreasing my connection limit to 20, and my max memory per connection to 40MB, and I'll assume that this will cover most incoming mail. Then I can safely set my smtpd_max_memory to 800MB, and toaster-watcher will not yell at me, and I won't be at significant risk of my server being DOS'd by too many simultaneous SMTP sessions.

Matt, am I understanding all this correctly?

If so, may I suggest that instead of having all three settings in toaster-watcher.conf, just calculate the smtpd_max_connections value from the other two settings. Otherwise people are likely to make the same mistake I made, and assume there's some system-wide throttle on RAM use. The connection limit IS the system-wide throttle.

matt · March 09, 2004, 12:48:08 PM

davidcl

Frequently in these situations I have to "use the source" since Matt's explanations don't always clear up the answers to my questions. After reading the toaster code, I think I understand. smtpd_max_memory has no function other than generating this warning message. Is that correct?

Precisely.

davidcl

Matt, am I understanding all this correctly?

If so, may I suggest that instead of having all three settings in toaster-watcher.conf, just calculate the smtpd_max_connections value from the other two settings. Otherwise people are likely to make the same mistake I made, and assume there's some system-wide throttle on RAM use. The connection limit IS the system-wide throttle.

You have understood it exactly correct David. Your suggestion is fine, but I think it would generate as much or more confusion than this does. If someone puts smtpd_max_connections = 50 in their .conf file and only 15 show up in the run file, they are going to be justfiably confused. I suppose we could put a note in the run file explaining that we lowered the connection number and how to change it, but is that any less confusing than the way it is now?

I think the user should have direct control over those values but they also need to understand the implications of the settings, which has become clear that those implications are not obvious to the causual observer.

My goal is to help users understand the implications of those settings. Thus, if they want to have 50 simultaneous connections, they'll have to bump their max_mem up to an extremely high value.

Matt

davidcl · March 09, 2004, 12:52:31 PM

Fair enough.

Now that I understand this, I'll update the docs.

matt · March 09, 2004, 12:57:21 PM

davidcl

Fair enough.

Now that I understand this, I'll update the docs.

Well hey, if there's a better way to make the admin aware of what those settings are doing, I'm all ears. Now that you've done such a great job of explaining it, I'll just put your explanation in the error message that is spat out. That should make it clear enough to the end user. Smile

davidcl · March 09, 2004, 01:10:35 PM

One thing that would make this clearer is to include sane values in toaster-watcher.conf-dist.

Currently the dist file has:
smtpd_max_memory_per_connection = 25 # in megabytes
smtpd_max_connections = 50
smtpd_max_memory = 256

Perhaps it should be:
smtpd_max_memory_per_connection = 25 # in megabytes
smtpd_max_connections = 10
smtpd_max_memory = 250

...or some other set of values that actually multiply out in a reasonable way.