I’ve just moved all my sites on to a new install of Ubuntu on one of my VPses. This site and In Photos are now on the same server again and the VPS has finally calmed down.
Between configuring Apache (turn off keep alives, and reduce the number of child processes), installing xcache and the WordPress object cache and configuring it, and configuring MySQL I totally forgot about Postfix.
I did install Postgrey of course but when Blacknight switched the ocaoimh.ie web and mail traffic to this server things started to go screwy.
Load average shot up, I thought it was Apache and spent quite some time playing with the number of processes, all to no avail. I didn’t immediately notice the large number of smtp processes when I did a “ps auxw”. I was looking at Apache.
What was happening was a rumplestiltskin attack on my server. Rogue bots all over the Internet try to send spam emails to mail servers using randomly generated addresses in the hope of guessing a correct one. It happens all the time, and I had configured Postfix correctly in the past, but I had forgot this time.
So, if your server is suffering under the strain of too many Postfix smtp processes open up /etc/postfix/master.cf and look for the smtp line:
smtp inet n – – – – smtpd
Change the last dash to a number, try small first, depending on how much mail traffic your server gets. I changed mine to 3, restarted Postfix, and the server is humming along nicely now. Postfix was actually using up more resources than Apache during those attacks! It’s unfortunate that Ubuntu (and probably every other dist of Linux) allows unlimited number of smtp processes.
Oh, I’m hosted at Linode. Yes that’s an affiliate link, but I’ve been using them for years and been very happy with them.
Isn’t the real email delayed with this configuration? If your server is under attack with a lot of incoming connections, limiting the number of processes would result in blocking real smtp servers from connecting to you.
I think a better configuration would be to limit the number of incoming smtp connections made form one ip in a certain time interval from the firewall. That would limit the attacks but still let the real email messages in without delay.
You might also want to consider using DNS block lists before accepting a connection but I don’t know how to do this with postfix.
Yes, email could potentially be delayed. Unfortunately the attacks come from bot farms so it’s different IPs for most of the connections. It looks like postscreen may do some sort of IP filtering so that’s something I need to look at. Thanks for the suggestion Mihai.
I haven’t really noticed email getting delayed however, and I’ve limited the smtp processes for a long time. (The only delay is postgrey which is intentional for new email addresses)
I’d recommend APC above xcache… has less tendency to segfault and blow up as an object cache. Lucid includes the latest release, which works very nicely with PHP 5.3.
I’m getting loads of these attacks every day Donncha but I haven’t seen Postfix go crazy on me yet.
In the past week my server has received 6968 mails and rejected 49560. I use zen.spamhaus.org blacklist to block some connections in realtime. I haven’t bothered with installing Postgrey as it turned out to be a nuisance for my clients.
Jeff – I’ve heard the opposite. APC has barfed in the past on kses.php and someone posted to the supercache forum that APC caused seg faults while using WP Super Cache.
Robert – I guess the combination of 15 or so Apache processes and lots of smtp attempts are too much for this VPS. Adding this limit smoothes things out, but I might give that blacklist a go. Thanks for the suggestion!
I’m new to VPS hosting and I’m getting a server setup for a WordPress MU installation. I’m just curious what size VPS you use. I’ve spent a lot of time optimizing Apache and MySQL and I am trying to understand how much RAM I will need. I understand it is different in every case, but I’m trying to get some general ideas. Thanks!
$ apt-get –purge remove postfix
block all the associated ports and outsource your mail to another server ~ http://dev.gzet.net/2010/05/postfix-not/