Flexible smtpd daemon written in Perl

Douglas Hunter | 1 May 2008 21:45

async and tls

Howdy,

First, thank you all for such a fantastic piece of software.

I've recently been exploring using async for our production mail servers.

We use the tls plugin, which I understand hasn't been re-written for the 
async server yet.

First I tried the patch here: 
http://www.nntp.perl.org/group/perl.qpsmtpd/2007/10/msg7423.html, but 
then read this message: 
http://www.nntp.perl.org/group/perl.qpsmtpd/2007/10/msg7471.html.

The following patch seems to work for me, but I'm a bit concerned that 
I'm being naive [grin].

Thanks again!

-- Douglas

Attachment (tls-async.patch): text/x-patch, 1473 bytes

Chris Babcock | 1 May 2008 23:20

Re: async and tls

Douglas Hunter wrote:
> Howdy,
> 
> First, thank you all for such a fantastic piece of software.
> 
> I've recently been exploring using async for our production mail servers.
> 

Why?  Are you having issues with the other modes of operation?

Async (at this point) is best suited to systems with very high 
performance and concurrency requirements.  If your system can run 
without using async, the other modes are simpler to implement and better 
tested.

-Chris

Matt Sergeant | 1 May 2008 23:31

Re: async and tls

On 1-May-08, at 5:20 PM, Chris Babcock wrote:

> Douglas Hunter wrote:
>> Howdy,
>> First, thank you all for such a fantastic piece of software.
>> I've recently been exploring using async for our production mail  
>> servers.
>
> Why?  Are you having issues with the other modes of operation?
>
> Async (at this point) is best suited to systems with very high  
> performance and concurrency requirements.  If your system can run  
> without using async, the other modes are simpler to implement and  
> better tested.

On the other hand I'm happy to have people putting -async to use, as  
that's the best way we'll find bugs. It's very stable for us in  
"production" albeit on a spamtrap rather than serving real mail. And  
there are a few others on this list that appear to be using it in  
production on non-spamtrap environments.

Matt.

Douglas Hunter | 1 May 2008 23:55

Re: async and tls

Chris Babcock wrote:
> Douglas Hunter wrote:
>> Howdy,
>>
>> First, thank you all for such a fantastic piece of software.
>>
>> I've recently been exploring using async for our production mail servers.
>>
> 
> Why?  Are you having issues with the other modes of operation?
> 

Yes, there are too many concurrent connections coming into our mail 
server for the forkserver to handle given the iron it runs on, and we're 
periodically bouncing mail.

> Async (at this point) is best suited to systems with very high 
> performance and concurrency requirements.  If your system can run 
> without using async, the other modes are simpler to implement and better 
> tested.

True, and thanks for the feedback.  Async is also cool! [grin]  (Yes, 
I'm that guy who also runs Apache2 with the experimental event MPM).

I think a modern IO event loop will help me, even if the first thing it 
shows me is that I need to optimize my plugins [grin].

Thanks,

-- Douglas

(Continue reading)

Fred Moyer | 2 May 2008 00:09

Re: async and tls

Douglas Hunter wrote:
> Chris Babcock wrote:
>> Douglas Hunter wrote:
>>> Howdy,
>>>
>>> First, thank you all for such a fantastic piece of software.
>>>
>>> I've recently been exploring using async for our production mail 
>>> servers.
>>>
>>
>> Why?  Are you having issues with the other modes of operation?
>>
> 
> Yes, there are too many concurrent connections coming into our mail 
> server for the forkserver to handle given the iron it runs on, and we're 
> periodically bouncing mail.

You might want to try the prefork server as an intermediate solution 
before you get async completely dialed in.

Douglas Hunter | 2 May 2008 04:31

Re: async and tls

Matt Sergeant wrote:
> On 1-May-08, at 5:20 PM, Chris Babcock wrote:
> 
>> Async (at this point) is best suited to systems with very high 
>> performance and concurrency requirements.  If your system can run 
>> without using async, the other modes are simpler to implement and 
>> better tested.
> 
> On the other hand I'm happy to have people putting -async to use, as 
> that's the best way we'll find bugs. It's very stable for us in 
> "production" albeit on a spamtrap rather than serving real mail. And 
> there are a few others on this list that appear to be using it in 
> production on non-spamtrap environments.
> 

I should add that all of my tests with async proved it to be quite 
stable for our uses, with the exception of the tls plugin, which we knew 
to need work from following the list traffic.

I only tested STARTTLS from the default port with the patch I supplied, 
but that seemed to work well.  I'm just not confident enough with my 
async-fu to recommend that patch to other folks until it gets some more 
action and community vetting.  But the tls plugin isn't a problem with 
async, it's something we all know needs to be upgraded in order to work 
with async.

Thanks for the async server, and if there is anything other than trying 
to use it live that I can do to help it out, please let me know.

Thanks again,

(Continue reading)

Chris Lewis | 2 May 2008 05:13

Re: async and tls

Douglas Hunter wrote:

> I only tested STARTTLS from the default port with the patch I supplied, 
> but that seemed to work well.  I'm just not confident enough with my 
> async-fu to recommend that patch to other folks until it gets some more 
> action and community vetting.  But the tls plugin isn't a problem with 
> async, it's something we all know needs to be upgraded in order to work 
> with async.

As a FYI, TLS with async is also an issue for us.  I'll be testing your 
patch on a VERY large spamtrap in the next little while.

Douglas Hunter | 2 May 2008 22:27

Re: async and tls

Chris Lewis wrote:
> 
> As a FYI, TLS with async is also an issue for us.  I'll be testing your 
> patch on a VERY large spamtrap in the next little while.

Very cool.  As I understand the code in IO::Socket::SSL::start_SSL, the 
patch I provided forces blocking on the socket being upgraded, which 
could defeat the purpose of the patch if there are slow clients being 
upgraded.

Maybe this is why there were previous statements on this list explaining 
that it might not be too simple to upgrade the connection to SSL using 
async.

I'll continue to dig, and hopefully figure out how to unblock the SSL 
negotiation.

Thanks,

-- Douglas

Charlie Brady | 3 May 2008 00:20

Picon

Picon

Re: async and tls

On Thu, 1 May 2008, Douglas Hunter wrote:

> Chris Babcock wrote:
>>  Douglas Hunter wrote:
>> >  I've recently been exploring using async for our production mail 
>> >  servers.
>>  Why?  Are you having issues with the other modes of operation?
>> 
>
> Yes, there are too many concurrent connections coming into our mail server 
> for the forkserver to handle given the iron it runs on, and we're 
> periodically bouncing mail.

Having more concurrent connections than your server can confortably be 
able to handle should not result in bouncing mail. Why is mail being 
bounced?

Douglas Hunter | 3 May 2008 01:56

Re: async and tls

Charlie Brady wrote:
> On Thu, 1 May 2008, Douglas Hunter wrote:
>> Yes, there are too many concurrent connections coming into our mail 
>> server for the forkserver to handle given the iron it runs on, and 
>> we're periodically bouncing mail.
> 
> Having more concurrent connections than your server can confortably be 
> able to handle should not result in bouncing mail. Why is mail being 
> bounced?

When connections to our mail server time out, sending MTA retries the 
message.  If subsequent retries of that message time out as many times 
as the sending MTA is configured to retry, the sending MTA bounces the 
message.

-- Douglas

Group

gmane.mail.qpsmtpd.

Project Web Page

Flexible smtpd daemon written in Perl

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 13

Articles in period: 127

May 2008

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

KW Distribution 17 MSI sans OS a un prix ... (6 May 2013)
db suite plugin (1 May 2013)
I found the future by dredging in the past (30 Apr 2013)
clamdscan plugin defaults (30 Apr 2013)
new feature: DKIM message signing (26 Apr 2013)
plugin announcement: DMARC (26 Apr 2013)
plugin announcement: FCrDNS (26 Apr 2013)
Devin's Received auth header patch (26 Apr 2013)
qpsmtpd-dev release 0.92 (26 Apr 2013)
Logterse now on github (6 Apr 2013)
Regarding Qpsmtpd (14 Feb 2013)
Net::DNS broke qpsmtpd-forkserver (27 Dec 2012)
Alternative Postfix-Queue Plugin 'postfix-maildrop' (29 Nov 2012)
postfix-queue taking a LONG time on large mails (28 Nov 2012)
Wiki software was updated (21 Nov 2012)
Endless loop in plugin sender_permitted_from on IPv6 clients (14 Nov 2012)
IPv6 code warnings (pack_sockaddr_in6 redefined etc) (13 Nov 2012)
Transport encryption in Received: header (20 Aug 2012)
latest uribl plugin (3 Jul 2012)
logs/summarize.pl (30 Jun 2012)
qpsmtpd-dev (22 Jun 2012)

Archives

3	May 2013
9	April 2013
1	February 2013
4	December 2012
21	November 2012
5	August 2012
3	July 2012
69	June 2012
199	May 2012
58	April 2012
3	February 2012
1	October 2011
6	September 2011
14	August 2011
19	July 2011
5	June 2011
16	May 2011
26	March 2011
5	February 2011
34	January 2011
27	December 2010
6	November 2010
13	October 2010
30	September 2010
5	August 2010
72	July 2010
9	June 2010
97	May 2010
25	April 2010
21	March 2010
30	February 2010
28	January 2010
14	December 2009
75	November 2009
46	October 2009
19	September 2009
25	August 2009
81	July 2009
59	June 2009
123	May 2009
73	April 2009
42	March 2009
97	February 2009
117	January 2009
55	December 2008
18	November 2008
36	October 2008
59	September 2008
22	August 2008
52	July 2008
38	June 2008
127	May 2008
75	April 2008
65	March 2008
94	February 2008
78	January 2008
116	December 2007
41	November 2007
78	October 2007
158	September 2007
275	August 2007
61	July 2007
142	June 2007
126	May 2007
86	April 2007
63	March 2007
208	February 2007
324	January 2007
78	December 2006
131	November 2006
157	October 2006
123	September 2006
80	August 2006
89	July 2006
123	June 2006
105	May 2006
181	April 2006
174	March 2006
233	February 2006
371	January 2006
85	December 2005
198	November 2005
76	October 2005
50	September 2005
88	August 2005
316	July 2005
133	June 2005
187	May 2005
162	April 2005
200	March 2005
168	February 2005
37	January 2005
66	December 2004
151	November 2004
84	October 2004
273	September 2004
121	August 2004
139	July 2004

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template