spamassassin/network/SYN performance

Ian FREISLICH ianf at
Mon Feb 25 13:00:09 UTC 2008


I'm trying Spamassassin on that 16 way AMD box I mentioned earlier
and I'm running into problems loading the server.

I'm using 5 servers each opening up to 60 concurrent connections
to spamd to generate the scanning load, but I'm getting this message:

Feb 25 14:08:15 amd64 kernel: Limiting open port RST response from 2979 to 200 packets/sec

Which strangely seems to be controlled by net.inet.icmp.icmplim.

There the comes a time when the system thinks it's being SYN-attacked
or the listen backlog is exhausted and starts rejecting incoming
connections with the above message.

The fastest It's able to process messages is about 1400 per minute.
This figure is about 500 messages a minute less than Debian can
process on the same hardware with the same spamd configuration,
without rejecting any inbound connections at connect time.

Any ideas how to improve things?


Ian Freislich

More information about the freebsd-current mailing list