home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Previous Section Next Section

MaxDaemonChildren

Maximum forked daemon children V8.8 and later

The sendmail program fork(3)s often. It forks to process each incoming connection, and it forks to process its queue.

You can limit the number of forked children that the listening sendmail daemon produces by defining the MaxDaemonChildren option, the forms of which are as follows:

O MaxDaemonChildren=num                  configuration file (V8.8 and later) 
-OMaxDaemonChildren=num                  command line (V8.8 and later) 
define(`confMAX_DAEMON_CHILDREN',`num')  mc configuration (V8.8 and later) 

The num is of type numeric and specifies the maximum number of forked children that are allowed to exist at any one time. If num is less than or equal to zero, if it is missing, or if this entire option is missing, no limit is imposed. If num is greater than zero, connections that cause more than that number of forked children to be created will be rejected. While rejecting more connections, sendmail will change its process title to read:

rejecting connections: maximum children: num

If num is greater than zero, sendmail will also limit the number of forked daemon children it creates to handle queue runs.

If the daemon handling incoming mail has this option set, a denial-of-service attack can easily be launched against your machine. Beginning with V8.8, the ConnectionRateThrottle option (ConnectionRateThrottle) can be used to slow rapid incoming connections and can be used with the incoming daemon.

The MaxDaemonChildren option is appropriate for use in certain queue-processing situations. For example, consider a special queue that exclusively holds mail for a popular host (say, /var/spool/bigqueue). To handle the outgoing mail, you could run sendmail in queue-processing mode like this:

/usr/sbin/sendmail -q5m -OMaxDaemonChildren=2 -OQueueDirectory=/var/spool/bigqueue

Here, the queue is processed once every five minutes. If the number of children were not limited and if the queue were large or the destination host slow, too many parallel invocations of sendmail could be spawned, thus causing excessive connections to the destination host. By limiting the number of children with the MaxDaemonChildren option, you allow a small, polite amount of parallelism. (See also the MaxQueueRunSize option, MaxQueueRunSize.)

The MaxDaemonChildren option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.

    Previous Section Next Section