1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice

spamassassin eat 100% cpu!

Discussion in 'Plesk for Linux - 8.x and Older' started by Mr.Yes, Jun 8, 2005.

  1. Mr.Yes

    Mr.Yes Guest

    2 or 4 times a day my server is in this situation, here is my top

    19:22:59 up 1 day, 6:18, 1 user, load average: 12.75, 12.23, 7.73
    217 processes: 200 sleeping, 15 running, 2 zombie, 0 stopped
    CPU states: cpu user nice system irq softirq iowait idle
    total 100.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0%
    Mem: 1027376k av, 1018076k used, 9300k free, 0k shrd, 255540k buff
    778444k actv, 145556k in_d, 20704k in_c
    Swap: 2096440k av, 108092k used, 1988348k free 318772k cached

    19120 popuser 25 0 26036 18M 1668 R 16.5 1.8 1:30 0 spamd
    19214 popuser 25 0 26032 18M 1668 R 15.9 1.8 1:27 0 spamd
    19222 popuser 25 0 25540 16M 1620 R 15.9 1.6 1:30 0 spamd
    19360 popuser 25 0 24956 17M 1808 R 15.9 1.7 1:25 0 spamd
    19378 popuser 25 0 24948 17M 1808 R 15.9 1.7 1:22 0 spamd
    19414 popuser 25 0 24948 17M 1808 R 15.9 1.7 1:21 0 spamd
    10415 apache 16 0 16032 13M 5348 S 3.1 1.3 0:05 0 httpd
    21498 root 15 0 1120 1120 768 R 0.3 0.1 0:00 0 top
    9596 apache 15 0 16832 11M 5300 S 0.1 1.1 0:03 0 httpd
    1 root 15 0 496 468 440 S 0.0 0.0 0:04 0 init
    2 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 keventd
    3 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd/0
    6 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 bdflush
    4 root 15 0 0 0 0 SW 0.0 0.0 0:01 0 kswapd
    5 root 15 0 0 0 0 SW 0.0 0.0 0:18 0 kscand
    7 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kupdated
    8 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 mdrecoveryd
    16 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 scsi_eh_0
    19 root 15 0 0 0 0 SW 0.0 0.0 0:05 0 kjournald
    481 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    482 root 15 0 0 0 0 DW 0.0 0.0 0:06 0 kjournald

    Please help!
  2. admin123

    admin123 Guest

    It's a sham!

    And it's a sham!
  3. hardweb

    hardweb Guest

    What version of spamassassin do you use?
  4. Mr.Yes

    Mr.Yes Guest

    Hi Hardweb

    i'm on RHEL3 / Plesk 7.5.3 any suggestion?

  5. voodoochile

    voodoochile Guest

    Re: It's a sham!

    And you're an idiot.

    Generally if Spamassassin is eating up 100% of your CPU, this is an artifact of Disk IO moreso than Spamassassin itself. SA can be VERY disk intensive when processing emails if burdened with many at once, it sounds like one of your accounts/domains is getting flooded with email (legit or not, I do not know), and Spamassassin is killing the box inspecting each e-mail.

    My guess is you're running this on a server with IDE/SATA drives and you've got a few high traffic domains. This is one reason as to why people use SCSI or a seperate controller card for their drives, usually that has the effect of offloading the read/writes from the CPU onto the controller card.

    As much as I hate to say it, there's probabally not too much you can do right now. During these times of days when your server is getting hammered, do a 'tail -f /usr/local/psa/var/log/maillog' and see exactly what's going on. If it's one domain in question getting flooded, I'd send them somewhere else and save the rest of your box. If it's one particular e-mail address, you may just reject all mail to this address (DO NOT BOUNCE IT, THIS WOULD BE BAD).

    Or spend and arm and a leg and changeup your server hardware config a bit.
  6. admin123

    admin123 Guest

    Why, i'll....

    Pound you with my idiot fists I will!
  7. Mr.Yes

    Mr.Yes Guest


    my box is 3 x scsi 10.000 raid 5, my relay setting is close, and i use MAPS protection (relays.ordb.org;bl.spamcop.net;list.dsbl.org).

    Is there any way to kmow what's going on exactly when my problem comes? what mail accounts spamd is processing in that moment? or other usefull infos to fix my problem?

    All suggestions are welcome

  8. voodoochile

    voodoochile Guest

    Hrm, if it's SCSI it's most certainly not Disk IO. It may be the maps lookups, although I'm not for sure. I seem to recall somewhere reading about those being somewhat intensive (not sure on this though). You might try disabling them and see what happens.

    Do you have any statistics on how much mail you deal with in a day? How many domains you got on this box?
  9. Gorgon@

    Gorgon@ Guest

    SA is very resource intensive; especially with CPU and RAM. If you're low on RAM then your swap maybe getting killed and causing the disks to thrash. So I would first recommend checking out the memory situation.

    Another option is to turn off 'network' checks. SA will check the RBL lists, DCC and razor (if configured that way). SA will be less effective but do much less wear and tear on the system.

    If you have this option, consider running SA on a it's own server. I'm not sure how that'll mesh in with plesk though. We're not using SA with plesk here.

    Hope this helps,
  10. Mr.Yes

    Mr.Yes Guest

    Hi i have 1 Gb RAM.
    How to disable network check ?

    When spamd kill my cpu, i always see that 1 domain is always there, so i check it out this domain and saw that it recieveing the same e.mail for 30/40 times, these mail have hundreds of address in CC and the most strange thing is that all these mail are sent to an unknown user but real domain of my client ( ex: 132456@realmyclientdomain.com) ... maybe is a bounce problem? how can i fix it?

  11. Gorgon@

    Gorgon@ Guest

    Generally that should be enough unless you're doing hundreds of checks/second.

    In your local.cf file add these lines:

    use_dcc 0
    use_pyzor 0
    use_razor2 0
    skip_rbl_checks 0

    This will turn off the network related checks.

    If you're saying that the same message is addressed to many people, it should only get scanned once, not 30-40 times. This may be a problem in your MTA settings. I know very little about qmail so I cannot really help if this is the case.

    But if the recipient doesn't exist, the message should be rejected before it even gets to SA. Look at the Mail settings for that domain and make sure 'Reject' is set in the options.

    Hope this helps,
  12. jamesyeeoc

    jamesyeeoc Guest

    Yes, too bad they don't default it to 'reject' for unknown recipients....

    It would also not hurt to configure Qmail control files as well for reducing queue times, bouncing, and such:


    It's an old thread from Plesk 6 days, but the info on setting up the qmail control files is still valid.

    Receiving emails to valid domains, but unknown users is quite common these days due to spammers, zombies, worms, etc. The trick is to keep on top of your server to keep the aftereffects to a minimum.
  13. atomicturtle

    atomicturtle Golden Pleskian

    Nov 20, 2002
    Likes Received:
    Washington, DC
    I'd also look at the amount of L2 cache on your CPU, spamassassin and other perl apps will greatly benefit from high amounts of cache. For example my primary mail server is a dual P3-1000 with 2MB of cache per CPU, it consistantly outperforms a quad xeon with twice the ram (but half the cache), and much faster SCSI disks by 3 to 1.

    Also watch your logs to see how long each message is taking to process by spamd, my mail server handles around 200,000 messages a day and takes at the max 3 seconds per message. Most of the time it runs in the .2-.5 second range. (I also use razor, dcc, pyzor and rbl in SA). If its extremely high, say in the 5-10 second range, check your /etc/resolv.conf and make sure: nameserver is listed first.