Until a few weeks ago my mail server (Postfix running on Fedora Core 5) was having difficulty keeping up with spam. I was finding lots of bounce errors in the mail log, like this one:
Sep 23 12:32:15 fc5test postfix/local: 875EEF46F3: to=<firstname.lastname@example.org>, orig_to=<email@example.com>, relay=local, delay=1011, status=bounced (Command time limit exceeded: "IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #rich")
I use the setup suggested on the UsedViaProcmail page on the SpamAssassin wiki. Postfix delivers all mail for the domain, regardless of the address, to the same local user account. The
.forward file for that account makes Postfix invoke
procmail, which filters the message through SpamAssassin, and then delivers it to the appropriate mail folder.
Although SpamAssassin is the biggest bottleneck in the mail pipeline, it was actually Postfix that was causing the problem.
spamassassin.lock lockfile in
.procmailrc means that only one message can be checked at a time. On my system, SpamAssassin starts up with the option
-m5, which means that it is allowed at most 5 children. Removing the lockfile improves things a little, allowing 5 messages to be checked simultaneously instead of just 1.
However, Postfix was trying to deliver up to 100 messages concurrently, as defined by the
default_process_limit parameter. With only 1 mail being checked for spam at a time (or 5 at a time, with the lockfile removed), many of the
local processes created by Postfix to deliver mail were timing out.
I opted to change the
maxproc setting for the
local service in
/etc/postfix/master.cf to 10. I haven’t had any bounced messages since.