spamassassin/network/SYN performance

From: Ian FREISLICH <ianf_at_clue.co.za>
Date: Mon, 25 Feb 2008 14:59:40 +0200
Hi

I'm trying Spamassassin on that 16 way AMD box I mentioned earlier
and I'm running into problems loading the server.

I'm using 5 servers each opening up to 60 concurrent connections
to spamd to generate the scanning load, but I'm getting this message:

Feb 25 14:08:15 amd64 kernel: Limiting open port RST response from 2979 to 200 packets/sec

Which strangely seems to be controlled by net.inet.icmp.icmplim.

There the comes a time when the system thinks it's being SYN-attacked
or the listen backlog is exhausted and starts rejecting incoming
connections with the above message.

The fastest It's able to process messages is about 1400 per minute.
This figure is about 500 messages a minute less than Debian can
process on the same hardware with the same spamd configuration,
without rejecting any inbound connections at connect time.

Any ideas how to improve things?

Ian

--
Ian Freislich
Received on Mon Feb 25 2008 - 12:00:09 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:28 UTC