april 15, 2009I was archiving off my 2008 email last night (I know, running a bit late). I figured that it would be a lot faster doing it via Squirrelmail for some reason -- most likely just my tired brain making irrationale decisions.
I started to archive and it was running fine, then it got slower. Then it got a lot slower. Then it came to a grinding halt, when I looked on my VPS, I saw that my swap space was all used up and I had exhausted all the memory (360MB is quite limiting, now I know).
So, what did I discover?
- Squirrelmail, because it can't keep a state, opens one IMAP authentication session per thing you do. Since I was doing lots of stuff at once, it kept opening authentication sessions with dovecot. Dovecot, set to take lots of sessions kept opening them up at 5MB a pop.
- SpamAssassin + mysql backend for Bayes is quite heavy. When a cron'd task to learn spam from users' folders kicked off at the same time I was sorting through mail, this sucked up lots of RAM.
- Apache is setup for gobbling RAM. Lots of modules loaded and lots of children fired up by default.
I ended up having to reboot the VPS and start tweaking for lower memory requirements. I lowered the number of children that Apache starts up with and also the max number that it can have running. I turned on Apache's keep-alive function and change the time-out period to two seconds. I also went through and disabled a bunch of modules (webdav? Not using it, don't need it. Etc.)
SpamAssassin is running as a daemon, so I cut down the number of children for SpamAssassin from five to one (in CentOS edit /etc/sysconfig/spamassassin). I set the max-spare to one also. Checks coming from exim are queued for SpamAssassin if things get busy -- but, using zen.spamhaus.org in exim as an RBL to deny known spammers helps cut down the need for SpamAssassin to scan mail.
I tweaked some settings in /etc/my.cnf to lessen memory usage.
And, for dovecot, I setup caching for logins. I set the login_processes_count to two and login_max_processes_count to six since this is only a small mail server. I also set login_process_per_connection to "no". This makes things a tidbit less secure, but allows dovecot to not create processes for each login.
I guess I could work on switching to lighttpd and move away from apache. We will see about that.
<< back || ultramookie >>