On Friday, May 18 at 01:35 PM, quoth Alex Kirk:
Are you *sure* you aren't using any other patches? For example, if
you're using the SSL patch, this can happen if something goes wrong
with the dk512.pem and dh1024.pem files.
http://forum.swsoft.com/showthread.php?s=2add0886d6e03c00621b94bf45a80858&threadid=40173
I suspect we're going to need to know *exactly* what patches you're using
in order to debug it.
Valid point. I know I've got the TLS patch enabled
Ahh, then I think we have a likely candidate for official culprit
here! Check those .pem files (do they exist, do they have the right
names, do they have the right permissions); I'm guessing that
something is wrong with them.
What happens is that when someone tries to send mail to your server
and requests SSL encryption (e.g. via STARTTLS), if those files aren't
there, the SSL-patched qmail-smtpd will generate the data it expected
to find in those files. Doing that generating can take a while (and a
lot of CPU). Create those files and update them regularly (per the
documentation that comes with the SSL patch), and it'll be *much*
faster.
and I am authenticating to my relay server. To be honest, I forget
exactly which patch I used for that...I got it working very late at
night after several hours of poking at it and trying different
patches, and I was so confused by the time I finished I just threw
my hands up and said "thank goodness it works!" Looks like I have a
"qmail-remote-auth.patch" in my Qmail source directory, so that's
probably it.
Mmm... yich. Well, if it works for you, cool. (It liked breaking on
me.) It's probably got a few dozen little bugs in there, and possibly
a security flaw or two---so if you have the time, I highly recommend
looking into fixing it.
@40000000464db27218ab8764 tcpserver: fatal: unable to bind: address
already used
Hmmm, that's no good. It looks like you have some rogue tcpserver
instances. Make sure your qmail-smtpd run file (/service/qmail-smtpd/run)
is correct (you can post it to the list, if you like).
Gladly:
Okay, nothing obvious wrong with that. I'm thinking perhaps (hoping?)
those may have been temporary and had something to do with all the
kill -9'ing you did.
What's truly bizzare at this point is that the issue has mostly gone
away again. I'm still randomly seeing up to 4 Qmail processes at a
time spinning their wheels, but for the most part, they're actually
winding back down and dying on their own after a few minutes. This
started happening without any changes at all from me.
Well, if I'm right and it is the TLS/SSL patch, then it will only
become a problem when people who support STARTTLS attempt to contact
you. Since many servers do not, it won't be a problem most of the
time.
~Kyle
--
Unthinking respect for authority is the greatest enemy of truth.
-- Albert Einstein
pgpaP67RzkTBx.pgp
Description: PGP signature
|