qmail at hilbig
Apr 24, 2008, 5:06 PM
Post #4 of 4
(265 views)
Permalink
|
Those files do exist. Using "gstack" I was able to see that calls to
DH_generate were being made. So, digging deeper, the permissions on the
three files dh512.pem, dh1024.pem and rsa512.pem were incorrect. This
happened because I switched to using 'vpopmail' user in my run script and
'vpopmail' did not have permission.
I fixed the permissions, but the problem persists. The problem isn't a
spike during initialization, but sustained high utilization for the duration
of the session.
I just tested POP3-SSL (Courier-IMAP' daemon) to find that the same problem
is occurring.
Maybe my expectations of this server are too high.
-----Original Message-----
From: Kyle Wheeler [mailto:kyle-qmail[at]memoryhole.net]
Sent: Thursday, April 24, 2008 3:26 PM
To: qmail[at]list.cr.yp.to
Subject: Re: smtpd-tls cpu utilization
On Thursday, April 24 at 01:48 PM, quoth D. Hilbig:
> Recently I noticed that just a couple instances of qmail-smtpd were
> bringing the processor utilization to 100% on a dual P3 550MHz
> server with 768mb RAM running CentOS v5.1.
>
> My qmail-smtpd has the combined TLS-AUTH patch applied to it. I
recompiled
> with just AUTH and now processor utilization stays very low -- around 3%.
Read the documentation of the TLS patch. Specifically:
- when a 512 bit RSA key is provided in /var/qmail/control/rsa512.pem,
this key will be used instead of (slow) on-the-fly generation by
qmail-smtpd. Idem for 512 and 1024 DH params in control/dh512.pem
and control/dh1024.pem. `make tmprsadh` does this.
Periodical replacement can be done by crontab:
01 01 * * * /var/qmail/bin/update_tmprsadh > /dev/null 2>&1
~Kyle
--
To sin by silence when they should protest makes cowards of men.
-- Abraham Lincoln
|
