On the weekend, I tested opendkim-2.3.1 in production on our e-mail
server, temporarily replacing opendkim-2.0.2. This was with
sendmail-8.14.4 on a Solaris 10 x86 server with 16 cores and 64 gigs
of memory. The new version is built with poll() support, arlib in
use, and the patch to disable EOH feedback.
The test appeared to be successful. When I watched with `prstat',
opendkim's thread count tracked the thread count of the other two
filters (dcc and j-chkmail) quite closely. I also ran a `ps' command
every ten minutes that recorded virtual memory size and the thread
count. Memory size followed the thread count up and down, presumably
because each thread requires some memory, but there was no evidence of
a steady increase. In fact, the thread count was so volatile that it
was unlikely that the ten-minute sampling captured it well. Here's
the peak that was recorded:
USER PID PPID VSZ RSS NLWP COMMAND
Sat Apr 9 16:58:00 CDT 2011
daemon 16259 1 12080 9424 36 opendkim -x /etc/mail/opendkim.conf
Sat Apr 9 17:08:00 CDT 2011
daemon 16259 1 25960 23300 445 opendkim -x /etc/mail/opendkim.conf
Sat Apr 9 17:18:00 CDT 2011
daemon 16259 1 14240 11588 20 opendkim -x /etc/mail/opendkim.conf
We do have the maximum SMTP children set to 600 in sendmail; that
should also be the upper limit for the thread count of the filters.
Once all of the filters can handle more threads, I'd like to increase
that limit.
I also collected some of the errors above the warning level recorded
in syslog during this test. I assume all of these are normal, caused
by SMTP peer misbehavior or misconfiguration. Any that result from
internal faults in opendkim might be interesting, though. Here are
the unique messages:
Apr 9 19:44:16 electra opendkim[16259]: [ID 537040 mail.error] p3A0iFDn003907: ADSP query: multiple DNS replies for '_adsp._domainkey.bloomberg.com'
Apr 9 19:50:03 electra opendkim[16259]: [ID 537040 mail.error] p3A0nxXA005256: ADSP query: '_adsp._domainkey.126.com' reply was unresolved CNAME
Apr 9 19:53:15 electra opendkim[16259]: [ID 467235 mail.error] p3A0qbIY006123: key retrieval failed (s=1000073432, d=auth.ccsend.com): '1000073432._domainkey.auth.ccsend.com' query timed out
Apr 9 17:40:04 electra opendkim[16259]: [ID 130828 mail.error] p39Me2DJ029461: syntax error: missing parameter(s) in signature data
Apr 9 18:27:09 electra opendkim[16259]: [ID 467235 mail.error] p39NR84H012052: key retrieval failed (s=default, d=magtrip.info): 'default._domainkey.magtrip.info' record not found
Apr 9 18:28:54 electra opendkim[16259]: [ID 130828 mail.error] p39NSsWP012882: syntax error: missing parameter(s) in signature data
Apr 9 17:08:12 electra opendkim[16259]: [ID 184845 mail.error] p39M1OTW016852: Authentication-Results header add failed
Apr 9 17:08:12 electra opendkim[16259]: [ID 109917 mail.error] OpenDKIM Filter, mi_rd_cmd: read returned -1: Connection reset by peer
Apr 9 17:15:09 electra opendkim[16259]: [ID 816085 mail.warning] p39MF9YW022545: failed to parse Authentication-Results: header
I'll test this again soon during the week to get a higher load.
--
-Gary Mills- -Unix Group- -Computer and Network Services-
Received on Mon Apr 11 2011 - 19:51:17 PST