Description petre rodan (RETIRED) 2005-07-08 02:44:48 UTC

load average skyrockets even with a very low mail trafic, but it does deliver the mails eventually

this server had a working qmail-1.03-r15.

all the mails received in this example are to be delivered localy and received over SMTPTLS, no AUTH whatsoever


seeker / # uptime
 12:22:38 up 2 days, 40 min,  1 user,  load average: 0.14, 0.19, 0.14
seeker / # date
Fri Jul  8 12:22:40 EEST 2005
seeker / # svcinit qmail-send start
Authenticating prodan.
Password: 
/service/qmail-send/log started
/service/qmail-send started
seeker / # svcinit qmail-smtpd start
Authenticating prodan.
Password: 
/service/qmail-smtpd/log started
/service/qmail-smtpd started
seeker / # date
Fri Jul  8 12:30:40 EEST 2005
seeker / # uptime
 12:30:45 up 2 days, 48 min,  2 users,  load average: 13.16, 6.98, 2.96
seeker / # ps ax -o%cpu -opid -ocommand |grep qmail | sort
 0.0  7551 grep qmail
 0.0 15289 qmail-send
 0.0 17532 qmail-clean
 0.0 18328 tail -f /var/log/qmail/qmail-send/current
 0.0 19399 supervise qmail-send
 0.0 20539 /usr/bin/multilog t s2500000 n10 /var/log/qmail/qmail-send
 0.0 21280 /usr/bin/multilog t s2500000 n10 /var/log/qmail/qmail-smtpd
 0.0 22049 /usr/bin/tcpserver -p -v -R -x /etc/tcprules.d/tcp.qmail-smtp.cdb -c 40 -u 201 -g 200 0.0.0.0 smtp /var/qmail/bin/qmail-smtpd
 0.0 23652 qmail-lspawn ./.maildir/
 0.0 26228 qmail-rspawn
 0.0 27469 supervise qmail-smtpd
 7.2  5158 /var/qmail/bin/qmail-smtpd
 7.3  7921 /var/qmail/bin/qmail-smtpd
 7.6 20467 /var/qmail/bin/qmail-smtpd
 7.8 10627 /var/qmail/bin/qmail-smtpd
 7.8 22013 /var/qmail/bin/qmail-smtpd
 7.9 29254 /var/qmail/bin/qmail-smtpd
 8.1  5756 /var/qmail/bin/qmail-smtpd
 8.3 25904 /var/qmail/bin/qmail-smtpd
 8.3 28656 /var/qmail/bin/qmail-smtpd
 8.7 24089 /var/qmail/bin/qmail-smtpd
 9.8 16819 /var/qmail/bin/qmail-smtpd
10.8 19313 /var/qmail/bin/qmail-smtpd
11.1  4396 /var/qmail/bin/qmail-smtpd
12.5  5021 /var/qmail/bin/qmail-smtpd
13.1 27638 /var/qmail/bin/qmail-smtpd
15.0 28591 /var/qmail/bin/qmail-smtpd
seeker / # openssl x509 -in /var/qmail/control/servercert.pem -text |head -n 77
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 31 (0x1f)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=RO, O=AVIRA, OU=sysadmin, CN=AVIRA Registration Authority/emailAddress=admin@avira.com
        Validity
            Not Before: May 24 07:12:56 2005 GMT
            Not After : May 24 07:12:56 2006 GMT
        Subject: C=RO, O=AVIRA, OU=Internet, CN=seeker.avira.com/serialNumber=31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:b1:0d:fa:6e:6a:b6:d8:4f:74:bb:52:08:eb:27:
                    22:d9:79:55:74:71:2f:82:f8:f3:a7:c1:f8:e5:23:
                    16:9e:dd:23:34:f5:d8:bb:a7:f3:00:73:ce:34:28:
                    3b:62:f8:41:f7:88:03:db:35:d5:20:36:1b:55:5d:
                    bd:61:22:53:3c:47:3e:e5:6b:51:e3:2f:0c:b1:74:
                    39:2d:b0:27:f4:8f:c2:20:7c:2c:4d:27:f1:95:94:
                    ec:1d:d4:f0:66:a7:00:b0:ea:91:19:f5:4f:72:57:
                    84:e7:96:78:d2:86:4d:2d:1f:4b:07:3f:4e:47:8a:
                    3b:ad:3d:fb:d1:73:9c:f7:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Certificate Policies: 
                Policy: 1.2.3.3.4
                Policy: 1.2.3.3.5
                Policy: 1.2.3.3.6
                Policy: 1.2.3.3.7
                  CPS: http://some.url.org/cps

            Netscape Cert Type: 
                SSL Client, SSL Server
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication, TLS Web Server Authentication, Microsoft Server Gated Crypto, Nets
cape Server Gated Crypto
            Netscape Comment: 
                Mail-Server of AVIRA
            X509v3 Subject Key Identifier: 
                CA:C5:AF:AB:2A:4D:90:31:B5:32:46:F1:F4:EE:55:C5:DC:69:CD:8C
            X509v3 Authority Key Identifier: 
                keyid:11:22:B4:A3:04:EB:A5:C1:E4:0E:3F:2F:AE:37:89:8E:5F:75:3C:60
                DirName:/C=RO/O=AVIRA/OU=sysadmin/CN=AVIRA Registration Authority/emailAddress=admin@avira.com
                serial:F3:86:A2:11:33:2A:7C:43

            X509v3 Subject Alternative Name: 
                IP Address:193.226.114.20, DNS:seeker.avira.com, email:admin@avira.com
            X509v3 Issuer Alternative Name: 
                email:admin@avira.com
            Netscape CA Revocation Url: 
                http://ra.avira.local/pub/crl/cacrl.crl
            Netscape Revocation Url: 
                http://ra.avira.local/pub/crl/cacrl.crl
            X509v3 CRL Distribution Points: 
                URI:http://ra.avira.local/pub/crl/cacrl.crl

    Signature Algorithm: sha1WithRSAEncryption
        90:ff:61:81:e3:1c:d2:42:ab:35:75:bc:53:f9:c5:ed:1a:64:
        ce:ca:43:56:51:e8:7d:c8:5d:9a:f7:f3:cf:9c:c8:b2:e2:cb:
        b5:1e:e2:a8:6b:ad:05:86:85:61:b7:b1:00:be:47:5f:bb:1f:
        0a:13:c3:e7:ab:37:59:e8:31:c8:fc:55:1d:a0:7a:57:4d:9d:
        f8:7c:a2:42:1c:e9:37:c4:de:a1:29:92:10:09:70:f3:81:65:
        b1:e6:11:19:c2:b3:70:db:6e:50:9e:4f:80:f3:a3:7e:a4:54:
        33:51:d2:b0:29:20:4b:9b:ed:ec:2d:07:e2:94:92:5c:41:b8:
        4f:83:cc:35:c1:fd:31:0c:b3:12:f3:91:b0:34:b3:db:0f:45:
        1a:a0:03:8a:75:0f:45:21:90:d4:a5:46:eb:86:64:6f:d0:06:
        73:9e:6e:74:22:e8:1c:0f:17:c8:8d:89:48:17:0c:8f:17:bd:
        76:7f:bf:bc:43:36:61:b8:0b:02:22:1a:1a:a1:a3:30:30:47:
        27:e4:64:1c:68:5e:30:68:bc:15:61:53:ef:7d:05:36:41:e9:
        ab:51:a5:8b:20:87:03:62:f4:fa:f7:7c:c9:16:3e:72:f4:f7:
        be:3c:b9:f5:1e:92:db:02:bc:c4:4c:68:69:6a:81:4c:d2:5e:
        59:08:6e:f8
-----BEGIN CERTIFICATE-----
seeker / # emerge -pv qmail

These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild   R   ] mail-mta/qmail-1.03-r16  -logmail -mailwrapper -noauthcram -notlsbeforeauth +selinux +ssl 0 kB 

Total size of downloads: 0 kB

seeker / # emerge info
Portage 2.0.51.22-r1 (selinux/2004.1/x86, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.11-hardened-r15-avira i686)
=================================================================
System uname: 2.6.11-hardened-r15-avira i686 Intel(R) Xeon(TM) CPU 2.40GHz
Gentoo Base System version 1.6.12
dev-lang/python:     2.2.3-r5, 2.3.5
sys-apps/sandbox:    1.2.9
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.6.8.1-r1, 2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=i686 -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/alias /var/qmail/control /var/service"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=i686 -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox selinux sfperms strict"
GENTOO_MIRRORS="ftp://ftp.lug.ro/gentoo http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage_2"
SYNC="rsync://193.226.114.19/gentoo-portage"
USE="crypt curl fam gd gdbm hardened hardenedphp libwww ncurses nls pam perl pic pie png python readline selinux ssl tcpd x86 zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS