Hi all,
At the ISP I work for we run Exim v4.12 on Debian and I am involved in a
project to integrate a virus/spam protection product into our mail
system (which is load-balanced across 3 servers). The AV daemon process
runs on each server and listens on port 2525 and talks SMTP only. Also
the AV daemon does not behave as an independant MTA (i.e. it doesn't
have queues etc.) it simply acts as a relay back to a real MTA (i.e.
port 25 on localhost (back to Exim). We avoid loops by excluding
traffic from localhost and other MTA's private addresses in our AV router.
This all works well and opt-in user's mail passes through the AV
transport. All our acceptance tests passed with flying colours!
However, when we started load testing we ran into trouble. Basically,
we discovered that our AV daemon would do 2 things:
o It would take up to 2 seconds to establish/close an SMTP session
o It would automatically disconnect an SMTP session as soon as it saw
an end-of-message. (i.e. it see's the '.' line and with a second or
so disconnects the session)
The AV daemon will allow up to 'x' concurrent connections (we set it at
100) - however it appears that it will close an active connection after
receiving just one email message).
Under load testing we saw mail flow through normally at 30 msgs/minutes
- however as 60 msgs/minute we would very quickly see the following
errors appear in the mail logs:
... R=av_router T=av_transport defer (-18): Remote host 192.168.1.17
[192.168.1.17] closed connection in response to end of data
... unexpected disconnection while reading SMTP command from mailserv
[127.0.0.1]
... 192.168.1.17 [192.168.1.17]: Connection refused
... R=av_router T=av_transport defer (111): Connection refused
and thereafter...
... R=sender_isheriff_router T=av_transport defer (-53): retry time not
reached for any host
--
It appears that Exim was trying to send subsequent messages down the
same connection and was booted out my the AV daemon? So, I did some
reading and tried to use the connection_max_messages directive:
av_transport:
driver = smtp
allow_localhost = true
hosts_override = true
connection_max_messages = 1
hosts = 192.168.1.17
port = 2525
But that doesn't appear to help and I still get the same errors as
above. I also played with max_rcpt (set to 1) and remote_max_parallel
(set to 100 or 1) - neither seemed to help. The only way I could stop
Exim from refusing connections and deferring was using the
'serialize_hosts' directive. However, this had the effect of simply
queueing messages if a connection was already open to the AV daemon.
What I want Exim to do (I think) is open a completely new socket
connection with our AV daemon each time a message is sent to the
av_transport (i.e. a completely new process) - as it appears that the AV
daemon is tearing down the socket connection as soon as it has received
one complete message. Is there a way of doing this using the SMTP
transport or do I have to go down the 'pipe' route? I though
connection_max_messages would help me - but this appears not to be the case.
Any advice would be greatly appreciated!
Cheers,
Ray
