Yikes!

april 15, 2009

I was archiving off my 2008 email last night (I know, running a bit late).  I figured that it would be a lot faster doing it via Squirrelmail for some reason -- most likely just my tired brain making irrationale decisions.  
I started to archive and it was running fine, then it got slower.  Then it got a lot slower.  Then it came to a grinding halt, when I looked on my VPS, I saw that my swap space was all used up and I had exhausted all the memory (360MB is quite limiting, now I know).

So, what did I discover?

  1. Squirrelmail, because it can't keep a state, opens one IMAP authentication session per thing you do.  Since I was doing lots of stuff at once, it kept opening authentication sessions with dovecot.  Dovecot, set to take lots of sessions kept opening them up at 5MB a pop.
  2. SpamAssassin + mysql backend for Bayes is quite heavy.  When a cron'd task to learn spam from users' folders kicked off at the same time I was sorting through mail, this sucked up lots of RAM.
  3. Apache is setup for gobbling RAM.  Lots of modules loaded and lots of children fired up by default.
I ended up having to reboot the VPS and start tweaking for lower memory requirements.  I lowered the number of children that Apache starts up with and also the max number that it can have running.  I turned on Apache's keep-alive function and change the time-out period to two seconds.  I also went through and disabled a bunch of modules (webdav?  Not using it, don't need it.  Etc.)

SpamAssassin is running as a daemon, so I cut down the number of children for SpamAssassin from five to one (in CentOS edit /etc/sysconfig/spamassassin).  I set the max-spare to one also. Checks coming from exim are queued for SpamAssassin if things get busy -- but, using zen.spamhaus.org in exim as an RBL to deny known spammers helps cut down the need for SpamAssassin to scan mail.

I tweaked some settings in /etc/my.cnf to lessen memory usage.

And, for dovecot, I setup caching for logins.  I set the login_processes_count to two and login_max_processes_count to six since this is only a small mail server.  I also set login_process_per_connection to "no".  This makes things a tidbit less secure, but allows dovecot to not create processes for each login.

I guess I could work on switching to lighttpd and move away from apache.  We will see about that.