login class for mail users

[Scott Lambert]

On Thu, Jun 05, 2003 at 12:31:21PM -0400, Eric W. Bates wrote:
> We're using postfix (Gasp!) and have settled on
> procmail-->spamc-->spamd to allow customer control.

Good choice. :-)

> What happens intermittently (about once every 2-3 days) is spamd will
> start spawning multiple copies of itself apparantly for the same
> message.  Eventually there are 3 or 4 thousand procs and the machine
> is hosed. Forensics have been difficult because it happens somewhat
> sporatically, and by the time alarms start going off the machine is
> locked.

That happenes during massive spam runs.

> spamd runs as root, out of rc.d; but it spawns copies of itself and
> changes uid to the user.  If I set spamd's --max-children option; then
> spam filtering fails for everyone when this error occurs.  If I can
> figure out how to gracefully limit procs for the individual user; then
> at least filtering should continue to work for everyone else when the
> silly thing wedges.

Use the --max-children.  Spamd *will* occasionally die.  Sometimes 20
times in one day here.  Usually, during the massive spam runs.  You need
to run it under something that notices when it dies and spawns another
copy of spamd immediately.

We are using daemontools.  Even in that second or less between restarts
of spamd, a suprising amount of spam can slip through untagged.

The spamd deaths seem to be related to signal handling issues with some
of the perl modules that SpamAssassin uses in conjunction with the
--max-children option.  It has been coverred on the SATalk mailing list
a few times.

We only get an average of 60,000 messages per day here.  More than 55%
of that is spam.

-- 
Scott Lambert                    KC5MLE                       Unix SysAdmin
lambert at lambertfam.org