Article 5015 at 06/05/04 23:37:35 From: rodrigo (at mark) xnet.com.mx Subject: [coba-e:05015] Re: The ongoing QPOPPER Debate

Index: [Article Count Order] [Thread]
Date:  Thu, 4 May 2006 08:48:18 -0600
From:  "Rodrigo Ordonez Licona" <rodrigo (at mark) xnet.com.mx>
Subject:  [coba-e:05015] Re: The ongoing QPOPPER Debate
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAARDhjVlX2aEuqbKE5moo4BsKAAAAQAAAAm8CFNQfXZEqRmppFRlUM7AEAAAAA (at mark) xnet.com.mx>
In-Reply-To:  <006101c66f75$56e85000$1e64a8c0 (at mark) nuonce.net>
X-Mail-Count: 05015

To all 
=====================================
We made that Change to xinetd,  
server_args = in.qpopper -s -R

And also we did the PAM Correction:
#%PAM-1.0
#auth       requisite    /lib/security/pam_nologin.so
#auth       requisite    /lib/security/pam_shells.so
#auth       required    /lib/security/pam_pwdb.so shadow nullok
#account    required    /lib/security/pam_pwdb.so
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth

===================================

The pop authentication seemed to run smoother , 

HOWEVER when 90 users tried to access pop server within one minute all
turned into Hell.

We think PAM under stress fails-slows not pop, Also at failure FTP shows
setcred errors on the LOG(probably unrelated),

Also during this period all login services that use pam, get slow or start
timing out (including openwebmail, ftp, admserv)

This suggestion was given in the past. Probably worked for a Few, but we
think it is stress related(probably TCP), We removed the site whose users
connected within the same minute and the problem went away, But a RAQ 550
could handle the same 90 connections without problem.
=========================================
MICHAEL STAUBER --> any news about your IRC Server and max TCP Connections
problem, in our case it seemed to be Related.

Regards

Rodrigo O
Xnet / Pwworks


-----Original Message-----
From: Brian N. Smith [mailto:brian (at mark) nuonce.net] 
Sent: Jueves, 04 de Mayo de 2006 06:22 a.m.
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:05011] The ongoing QPOPPER Debate

To all,

I have had this problem to.  Yesterday I made a very small change, and I
"think" it seems to have cleared it up some.  KNOCK on wood, but I haven't
received any Active Monitor emails about CPU Utilization, or any complaints
at all.

I know eventually it will be switched to Dovecot, but if anyone wants to try
my "magical" fix.

Edit: /etc/xinetd.d/pop3

Change: server_args = in.qpopper -s
To: server_args = in.qpopper -s -R

The -R says NOT to do a reverse lookup.  Like I said, remarkably it seems to
have fixed it.  I haven't seen 10-15 POP3 processes like I have been seeing.
It seems to have made the box very happy.  If someone who is having the same
problem can try it, and let me know if I am smoking crack, or does this
actually make a big difference?

The only thing that I noticed to, is that PAM is just sometimes really slow.
Any good how-tos on speeding it up?

Thanks,
Brian