under heavy load dccd cannot answer dccproc ?

Vernon Schryver vjs@calcite.rhyolite.com
Tue Oct 23 16:17:14 UTC 2001


> From: Levent Serinol <lserinol@yahoo.com>

> I have tried dccd with qmail by testing 700 local
> deliveries and using procmail and piping mail via
> dccproc and my test machine reported following errors.
> Is there any way to run dccd to accept 700 queries or
> more at once (for ex. in a second) ?
>
> Oct 22 17:50:03 gemini dccproc[3330]: [ID 702911
> mail.error] no answer from 212.xxx.xxx.xxx
> (212.xxx.xxx.xxx,6277)

700 mail messags/second is more than 2,500,000 per hour or 60,000,000
mail messages per day.

At 700 requests/second, the rate limiting machinery should have been
invoked.  Are there any messages in your logs like 
"xx requests/sec are too many"?
If not, you've found an upper bound on the performce of fork()/exec(),
dccproc, dccd, or something else on your system.

You might have simply overflowed the kernel socket buffer.
700 UDP packets is at least 140 KBytes.  A burst of 700 requests
after things were quiet would probably suddently inflate the RTT,
and so each of the dccproc clients would have quickly sent 3 
retransmissions.  That would try to stuff 400 KBytes into the 
socket buffer.  Dccd asks a socket buffer of 1 MByte or whatever
the kernel will allow, whichever is smaller.  What is the maximum
RCVBUF value for your system?

There must be some limit on the request rate to defend against denial
of service attacks and or buggy clients (e.g. an infinite loop in the MTA).
What do you think the limit should be?  I think 700/second is far too
high for almost all installations, and if you really need that rate,
I'll have to make the rate limit machinery configurable.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.