Topic: 421 concurrency issue (?) - only 1 user no FTP no IMAP

[piran]

There doesn't 'seem' to be a problem but I think something is amiss;~/

Keep seeing an htop line stating '4:421 per host concurrency limit reached'.
Elsewhere along the line it mentions 'pop3' '/var/qmail-popup' & my domain.
Then it says 'checkpassword /var/qmail/bin/qmail-pop3d Maildir'.
I have not had any particular difficulty either sending or receiving email.

Searching hereabouts with the keyphrase of '421 per host concurrency limit':
http://forums.contribs.org/index.php?topic=33124.0
http://forums.contribs.org/index.php?topic=31792.0
http://forums.contribs.org/index.php?topic=31326.0
I won't pretend that I understand everything articulated in those threads
but, in respect to the content of those threads, this location has only one
human, no FTP and no IMAP/IMAPS. It's certainly not a 1000 or 2000
user office/corporation with multiple FTP connectivity.

I think a 'situation' builds until, probably, the w2kpro workstation reboots.
For instance the SME7's SAMBA rpm currently shows:

Code: [Select]

smbstatus

Samba version 3.0.10-1.4E.6.2

PID Username Group Machine
-------------------------------------------------------------------
12032 admin admin workstation (10.0.0.65)
12032 admin admin workstation (10.0.0.65)
12032 admin admin workstation (10.0.0.65)
12032 admin admin workstation (10.0.0.65)
12032 admin admin workstation (10.0.0.65)
12032 admin admin workstation (10.0.0.65)
12032 admin admin workstation (10.0.0.65)
12032 admin admin workstation (10.0.0.65)

Service pid machine Connected at
-------------------------------------------------------
IPC$ 12032 workstation Mon Oct 30 16:41:04 2006
storage 12032 workstation Tue Oct 31 07:31:16 2006
storage 12032 workstation Sun Oct 29 01:59:31 2006
ic 12032 workstation Sat Oct 28 17:36:15 2006
storage 12032 workstation Mon Oct 30 13:28:48 2006
IPC$ 12032 workstation Mon Oct 30 02:00:07 2006
storage 12032 workstation Tue Oct 31 12:54:15 2006
storage 12032 workstation Mon Oct 30 02:00:07 2006
dr 12032 workstation Sun Oct 29 22:30:19 2006
IPC$ 12032 workstation Mon Oct 30 16:46:36 2006
IPC$ 12032 workstation Sat Oct 28 17:19:17 2006
storage 12032 workstation Sun Oct 29 07:31:02 2006
gl 12032 workstation Sun Oct 29 10:24:29 2006
IPC$ 12032 workstation Mon Oct 30 16:49:34 2006
Primary 12032 workstation Sun Oct 29 11:18:07 2006
IPC$ 12032 workstation Sat Oct 28 17:58:32 2006
storage 12032 workstation Mon Oct 30 07:31:42 2006
storage 12032 workstation Tue Oct 31 02:00:00 2006

No locked files
After a workstation reboot this listing is very much shorter.

In mc the contents of '/var/service/pop3/*run' look like:

Code: [Select]

#!/bin/sh

hostname=$(/sbin/e-smith/config get SystemName)
domain=$(/sbin/e-smith/config get DomainName)
fqdn="$hostname.$domain"

exec 2>&1
# Generate ACL files in ./peers
./control/1
exec /usr/local/bin/softlimit -m 5000000 \
    tcpsvd \
        -v \
        -i ./peers \
        -c ${CONCURRENCYREMOTE:-40} \
        -C ${PER_IP_INSTANCES:-4}:'421 per host concurrency limit reached\r\n' \
        -l ${LOCALNAME:-0} \
        ${LISTENIP:-0} \
        ${PORT:-pop3} \
            /var/qmail/bin/qmail-popup $fqdn \
                checkpassword /var/qmail/bin/qmail-pop3d Maildir
If all of this means nothing is wrong... well fine. It's just appears to me
to be somewhat unsustainable ie it seems to need a reboot from the
(M$) workstation from time to time and that doesn't seem proper.

How is it that 1 human looks like he is approaching a 'limit' on a SME7
server that routinely supports (say) 1000 users in an office/corporation?

Tell me what you need to know for further diagnosis.
(ie those query commands whose output you would like to see)

[raem]

piran

Try changing those settings referred to in the links.
See if your messages change.

[piran]

All the settings referred to in the links are for IMAP, IMAPS and FTP .
I have no IMAP, IMAPS or FTP running or otherwise in use.
I am not receiving any (error) messages from the email server.
It's just a peculiar line in htop.

[CharlieBrady]

Keep seeing an htop line stating '4:421 per host concurrency limit reached'.
Elsewhere along the line it mentions 'pop3' '/var/qmail-popup' & my domain.
Then it says 'checkpassword /var/qmail/bin/qmail-pop3d Maildir'.

Those are all perfectly normal processes running on all SME servers. Why are you looking at htop?

[piran]

<Why are you looking at htop?>
Because I'm interested in resolving early indications of what might later
prove to have damaging consequences on my server. Seemingly htop
is an admirable monitoring tool.

[piran]

Max'ing out the htop display (and moving down all the readouts) I notice
that there are another two concurrency limit entries. From man tcpsvd I
see that the values of '-c' (limit) and the '-C' (per IP limit) are significant.

Will read up further & chose what parameters to try changing Ray.
One of the (newly discovered) entries quotes (same line!) 'pop3s' and
also 'imap' which is confusing me. That line also shows 'ssl' and 'stunnel'.
I expect these are my permanent PuTTY sessions (5) to the SME7 box.
Typically there are another three Firefox tabs/sessions permanently
open to the SME7 box (showing parts of the server manager).

I use POP3 and the M$ application Forté Agent on the M$ workstation.
Agent is not overly mainsteam and quite complex. Perhaps this is the
source of this 'IMAP' stuff? I know it is not me specifically using IMAP,
let alone so much as to run into a proscribed system limit.

Haven't yet found how to copy htop readout lines into a thread posting.

The readout on the smbstatus (Samba) panel continues to grow with
seemingly 'unclosed' (?) connections. I think this pattern will continue
to grow until I reboot the M$ workstation (W2kPro-SP4).

The tcpsvd manual explains the reason for some otherwise baffling
SME7 server manager access latency I experience intermittently. It
says that tcpsvd will defer the acceptance of a new connection (when
concurrency limits) until an active connection is closed - hence the
pregnant wait and baffling FF behaviour. It was as though both CPUs
was exceptionally busy which was another reason for me watching
htop Charlie. At each instance of latency I found both CPUs  
practically sleeping, they certainly weren't max'ed out. *Result*;~)
I need to address these early indications before something falls over.

[piran]

Haven't yet found how to copy htop readout lines into a thread posting.

Worked it out;~) Here are the three current lines...

Code: [Select]

6562 ?        SN     0:01 tcpsvd -v -i ./peers -c 40 -C 4:421 per host concurrency limit reached\r\n -l 0 0 pop3 /var/qmail/bin/qmail-popup my.own.domain checkpassword /var/qmail/bin/qmail-pop3d Maildir

15712 ?        S      0:00 /usr/bin/tcpsvd -v -i ../qpsmtpd/peers -c 10 -C 5:421 per host concurrency limit reached\r\n -l my.own.domain 0 465 ./sqpsmtpd

15848 ?        S      0:00 tcpsvd -v -i ./peers -c 40 -C 4:421 per host concurrency limit reached\r\n -l 0 0 pop3s sslio -vv -/ /service/imap/ssl -u stunnel -C imapd.pem /var/qmail/bin/qmail-popup my.own.domain checkpassword /var/qmail/bin/qmail-pop3d Maildir

FWIW the latency issue started again; I renewed the FF tab for that
iteration of server manager (hence renewing the tcpsvd connection)
and the latency was immediately cleared up. So I must cure all these
'connections' or stop them being left on or open (or something).

[piran]

http://forums.contribs.org/index.php?topic=33124.0
Have tried that thread's settings Ray and duly moved...
imap ConcurrencyLimit from 400 to 4000
imaps ConcurrencyLimit from 400 to 4000
imap ConcurrencyLimitPerIP from 12 to 120
imaps ConcurrencyLimitPerIP from 12 to 120
svc -t /var/service/imap
svc -t /var/service/imaps
signal-event email-update
...but little seems to have changed, currently looks like:

Code: [Select]

[root@teri service]#  db configuration show imaps
imaps=service
    ConcurrencyLimit=4000
    ConcurrencyLimitPerIP=120
    TCPPort=993
    access=private
    status=disabled
[root@teri service]#  db configuration show imap
imap=service
    ConcurrencyLimit=4000
    ConcurrencyLimitPerIP=120
    TCPPort=143
    access=private
    status=disabled
[root@teri service]#
I think I need to be looking for concurrency limits of 10 & 40 so as
to move THEM up. Any suggestions for other sorts of 'concurrency'?

Charlie's http://forums.contribs.org/index.php?topic=33124.msg140863#msg140863
special peer suggestion I couldn't follow up with a man ipsvd though,
to be fair on me, I probably wouldn't make much sense of it.

tibs's http://forums.contribs.org/index.php?topic=33124.msg140863#msg140863
I have checked the imap and imaps logs, they are empty and have
always been empty (I don't use imap or imaps). To be hitting the
limits for something I don't use or even have active is a bit weird.

Does a trojan, or something similar, do this and work imap on the quiet...?

[CharlieBrady]

<Why are you looking at htop?>
Because I'm interested in resolving early indications of what might later
prove to have damaging consequences on my server.

You should make it clear what those "early indications" are. Better still, if something does not work perfectly, report the malfunction via the bug tracker.

[piran]

Agreed Charlie I expect it's nothing to worry about really.
The box works. Sorry to have bothered you, please close the thread.