Back from a short holiday (just over a week) I found that everything still worked fine, and that the monthly work was pretty much done correctly by the clean-up procedure – except that something went wrong in checking the mail statistics:
PMAS statistics for September
Total messages : **** = 100.0 o/o
DNS Blacklisted : 1502 = 14.6 o/o (Files: 30)
Relay attempts : 7642 = 74.3 o/o (Files: 30)
Processed by PMAS : 1131 = 11.0 o/o (Files: 30)
Discarded : 95 = 8.3 o/o (processed), .9 o/o (all)
Quarantained : 185 = 16.3 o/o (processed), 1.8 o/o (all)
Delivered : 851 = 75.2 o/o (processed), 8.2 o/o (all)
The amount of relay attempts has been huge – causing an overflow in the number of messages to be shown. I didn’t expect over 9999 messages a month….
Nor are all rejected messages shown, that have been added by the extraneous entries in the system rule set. At least, it looks that way. So there is some room for improvement here.
What’s more, I now need to scan 11 files, in size ranging between 66 and 354 blocks – 260 to 1224 lines. But a first glance shows that most of these attempts on a given day are originated from the same domains: 126.com, sohu.com, and 21cn.com; these are quite common. New to me however is yahoo.com.hk. At least, that’s the domain that shows up. But the address is located in Taiwan. So the FROM: line is a fake.
Well, I’ve been working on a Perl program to add this type of data into a database. Will make fun one day:)
But for the rest, it all seems to have worked fine. At least, no errors in the log file, and the archive is complete.
Router problem ?
There was one problem, though: I couldn’t reach any web on the local server using the external URL, all accesses timed out. The web server was running fine, but didn’t get a request. Outbound requests were no problem at all – but slow, compared to normal traffic. Accessing the router directly, using it’s own web interface was even slower.
Restarting the webserver made no difference – which was to be expected – but once I logged in to Diana, I could telnet to the Vigor router and rebooted it – and that solved the problem.
Looking at the server performance using the HyperSpi++ package, shows that there have been huge amounts of paging last week – causing a drastic sudden decrease of memory utilisation, twice: On 05-Oct-2010, just over midnight, and just over 24 hours later once more. This typically is a sign of flooding the system with PHP requests – I’ve got to check the log for that. And on 06-Oct-2010, at about 14:00, traffic seems to be minimal, compared to the normal pattern, as at the beginning of the week:
This was also show in the WASD traffic log over last week:
Two spikes of requests, over 150 a second, very likely requesting the same page. It didn’t harm the webserver – that will stall requests by it’s configuration – but the router was overwhelmed by the number of requests and stopped all incoming HTTP traffic. Mail just got on, as proven by the fact that since that time, all mail was normally handled – and rejected, discarded, quarantined or delivered.
Yet another thing to investigate. But I do have the approximate times – which makes it a lot simpler. The files are not yet archived.