[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: RE: [Sidewinder] mail MTA
From: "Lechner, Bryan" <bryan_lechner () securecomputing ! com>
Date: 2002-01-28 23:22:00
[Download RAW message or body]
Secure Computing has recognized a condition with Sendmail on Sidewinder
5.2.0.01.This is evident by a lot of sendmail processes that say something
like:
"startup with 1.2.3.4".
It is also easily identifiable by the presence of the several "CLOSE_WAIT"
states on port 25 in a netstat output, The maillog error message about
sendmails maximum children in use, or the output of the command "pss
sendmail" reporting "not accepting connections (sendmail)".
As an initial workaround, SCC support recommended the use of a crontab to
restart sendmail every 12 hours to clear these processes. While this method
was sufficient as a temporary workaround, our engineering group has provided
an engineering patch that corrects this behavior until the release of the
5.2.0.02 patch. The engineering patch is a restricted release. If you feel
that your site may need this, please contact Secure Computing's Technical
Support Center at either 1.800.700.8328 or support@securecomputing.com to
learn more about how to obtain this patch.
Regards,
Bryan Lechner
Technical Support Engineer
Secure Computing Corporation
800.700.8328
+1 651.628.1500
-----Original Message-----
From: Jeffery.Gieser@minnesotamutual.com
[mailto:Jeffery.Gieser@minnesotamutual.com]
Sent: Monday, January 28, 2002 10:37 AM
To: Jones, Dave Mr CIBER CONTR 81 HQ DCSIM
Cc: sidewinder@adeptech.com
Subject: Re: [Sidewinder] mail MTA
David,
Upping the number of child processes would help temporarily but it I
would highly recommend not doing that because they eat up a lot of system
resources and they would end up falling prey to the same bug. What is
occurring is the child processes are not being properly released after they
have been used to send or receive an e-mail. There is an engineering fix
for this. You can download patch 5.2.0E8 from starbug.securecomputing.com.
It is in the outgoing directory. You will not be able to do an ls on the
directory. If you need help getting it just call support.
Regards,
Jeffery Gieser
"Jones, Dave Mr CIBER CONTR 81 HQ DCSIM" <Dave.Jones@se.usar.army.mil>
Sent by: sidewinder-admin@adeptech.com
01/28/2002 09:12 AM
To: sidewinder@adeptech.com
cc:
Subject: [Sidewinder] mail MTA
For the past few weeks now, I keep running into the same problem with the
mail running on the firewall. It starts rejecting messages from the
outside. When I look at thee maillog, I see a bunch of messages that say
"rejecting connections on daemon MTA: 25 children, max 25." I checked with
some local support guys here, and they say that upping the MTA MAX wouldn't
help, but I find that kinda hard to believe. So...
1) How can I fix the problem
2) How can I re-start the mail server? I've just been rebooting it to
fix it up until now
3) If 25 max is too small, what's a good number?
Thanks in advance for any info.
Dave Jones
Dave.Jones@se.usar.army.mil
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: [Sidewinder] mail MTA</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Secure Computing has recognized a condition with Sendmail on \
Sidewinder 5.2.0.01.This is evident by a lot of sendmail processes that say something \
like: </FONT></P>
<P><FONT SIZE=2> "startup with 1.2.3.4". </FONT>
<BR><FONT SIZE=2>It is also easily identifiable by the presence of the several \
"CLOSE_WAIT" states on port 25 in a netstat output, The maillog error \
message about sendmails maximum children in use, or the output of the command \
"pss sendmail" reporting "not accepting connections \
(sendmail)".</FONT></P>
<P><FONT SIZE=2>As an initial workaround, SCC support recommended the use of a \
crontab to restart sendmail every 12 hours to clear these processes. While this \
method was sufficient as a temporary workaround, our engineering group has provided \
an engineering patch that corrects this behavior until the release of the 5.2.0.02 \
patch. The engineering patch is a restricted release. If you feel that your site may \
need this, please contact Secure Computing's Technical Support Center at either \
1.800.700.8328 or support@securecomputing.com to learn more about how to obtain this \
patch.</FONT></P>
<P><FONT SIZE=2>Regards, </FONT>
<BR><FONT SIZE=2>Bryan Lechner </FONT>
<BR><FONT SIZE=2>Technical Support Engineer </FONT>
<BR><FONT SIZE=2>Secure Computing Corporation </FONT>
<BR><FONT SIZE=2>800.700.8328 </FONT>
<BR><FONT SIZE=2>+1 651.628.1500 </FONT>
</P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Jeffery.Gieser@minnesotamutual.com [<A \
HREF="mailto:Jeffery.Gieser@minnesotamutual.com">mailto:Jeffery.Gieser@minnesotamutual.com</A>]</FONT>
<BR><FONT SIZE=2>Sent: Monday, January 28, 2002 10:37 AM</FONT>
<BR><FONT SIZE=2>To: Jones, Dave Mr CIBER CONTR 81 HQ DCSIM</FONT>
<BR><FONT SIZE=2>Cc: sidewinder@adeptech.com</FONT>
<BR><FONT SIZE=2>Subject: Re: [Sidewinder] mail MTA</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=2>David, </FONT>
</P>
<P><FONT SIZE=2> Upping the number of child \
processes would help temporarily but it I would highly recommend not doing that \
because they eat up a lot of system resources and they would end up falling prey to \
the same bug. What is occurring is the child processes are not being properly \
released after they have been used to send or receive an e-mail. There is an \
engineering fix for this. You can download patch 5.2.0E8 from \
starbug.securecomputing.com. It is in the outgoing directory. You will \
not be able to do an ls on the directory. If you need help getting it just call \
support. </FONT></P>
<P><FONT SIZE=2>Regards, </FONT>
<BR><FONT SIZE=2>Jeffery Gieser </FONT>
</P>
<P><FONT SIZE=2> </FONT>
</P>
<BR>
<P><FONT SIZE=2>"Jones, Dave Mr CIBER CONTR 81 HQ DCSIM" \
<Dave.Jones@se.usar.army.mil> </FONT> <BR><FONT SIZE=2>Sent by: \
sidewinder-admin@adeptech.com </FONT> <BR><FONT SIZE=2>01/28/2002 09:12 AM </FONT>
<BR><FONT SIZE=2> </FONT>
<BR><FONT SIZE=2> \
To: sidewinder@adeptech.com </FONT> \
<BR><FONT SIZE=2> \
cc: </FONT> <BR><FONT \
SIZE=2> \
Subject: [Sidewinder] mail MTA</FONT> </P>
<BR>
<BR>
<P><FONT SIZE=2>For the past few weeks now, I keep running into the same problem with \
the mail running on the firewall. It starts rejecting messages from the \
outside. When I look at thee maillog, I see a bunch of messages that say \
"rejecting connections on daemon MTA: 25 children, max 25." I checked \
with some local support guys here, and they say that upping the MTA MAX wouldn't \
help, but I find that kinda hard to believe. So... </FONT></P>
<P><FONT SIZE=2>1) How can I fix the problem </FONT>
<BR><FONT SIZE=2>2) How can I re-start the mail \
server? I've just been rebooting it to fix it up until now </FONT> <BR><FONT \
SIZE=2>3) If 25 max is too small, what's a good number? \
</FONT> <BR><FONT SIZE=2>Thanks in advance for any info. </FONT>
<BR><FONT SIZE=2>Dave Jones </FONT>
<BR><FONT SIZE=2>Dave.Jones@se.usar.army.mil </FONT>
</P>
</BODY>
</HTML>
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic