antirelayd over working the server

[hicom]

During some checking i've noted antirelayd causing the most disk write access. Any suggestions on how to reduce this. I believe the perl script is the /etc/exim.pl . We have number of RBL lists, SURBL, dictionary attack filters on EXIM which helped in blocking huge amount of spams.

Any suggestions here ? Can we somehow disable antirelayd ?

This is from Service Manager about antirelayd:

antirelayd
POP before SMTP daemon

So disabling it will only cause issues with people who use POP before SMTP. Which is a very weak method of accessing mail at this time and age of spam mails.

last pid: 43996; load averages: 0.63, 0.49, 0.53 up 11+18:02:03 12:24:17
203 processes: 1 running, 201 sleeping, 1 lock
CPU states: 4.1% user, 0.0% nice, 2.5% system, 0.1% interrupt, 93.3% idle
Mem: 987M Active, 1703M Inact, 280M Wired, 159M Cache, 112M Buf, 135M Free
Swap: 8762M Total, 768K Used, 8761M Free

PID USERNAME VCSW IVCSW READ WRITE FAULT TOTAL PERCENT COMMAND
29073 root 218 1 0 40 0 40 50.63% perl
76426 root 206 1 0 29 0 29 36.71% perl
43993 mailnull 69 4 0 0 0 0 0.00% exim-4.62-0
43988 mailnull 1 0 0 0 0 0 0.00% exim-4.62-0
43958 nobody 29 0 0 0 0 0 0.00% httpd
43957 nobody 17 0 0 0 0 0 0.00% httpd
43945 nobody 0 0 0 0 0 0 0.00% httpd
43944 nobody 23 0 0 0 0 0 0.00% httpd
43934 nobody 22 0 0 0 0 0 0.00% httpd
43873 root 28 1 0 0 0 0 0.00% top
43799 nobody 22 0 0 0 0 0 0.00% httpd

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
perl 29073 root cwd VDIR 4,19 512 2522289 /usr/local/etc/exim
perl 29073 root rtd VDIR 4,16 512 2 /
perl 29073 root txt VREG 4,19 10084 2472964 /usr/local/bin/perl5.8.7
perl 29073 root txt VREG 4,16 142236 70693 /libexec/ld-elf.so.1
perl 29073 root txt VREG 4,19 1133264 3135258 /usr/local/lib/perl5/5.8.7/mach/CORE/libperl.so
perl 29073 root txt VREG 4,16 120004 24603 /lib/libm.so.3
perl 29073 root txt VREG 4,16 28644 24602 /lib/libcrypt.so.2
perl 29073 root txt VREG 4,16 43100 24606 /lib/libutil.so.4
perl 29073 root txt VREG 4,19 136020 1648684 /usr/lib/libpthread.so.1
perl 29073 root txt VREG 4,16 884716 24607 /lib/libc.so.5
perl 29073 root 0u VCHR 5,0 0t43798310 91 /dev/ttyp0
perl 29073 root 1u VCHR 5,0 0t43798310 91 /dev/ttyp0
perl 29073 root 2u VCHR 5,0 0t43798310 91 /dev/ttyp0
perl 29073 root 3r VREG 4,20 11609914 1978421 /var/log/maillog

 

[hicom]

For the sake of testing things out, I've killed these two perl processes (antirelayd) and noticed no problem sending/receiving emails using SMTP authentication. The load didn't reduce significantly, but load average never risen again.

Additionally, when running gstat i'd notice the / partition was always busy when antirelayd was running, the moment i've killed that process, the / partition calmed down to almost no activity.

Should I disable antirelayd completely ?

 

[chirpy]

You've most likely not been checking your syslog. A search for antirelayd would have shown this thread:
http://forums.cpanel.net/showthread.php?t=28863

You can disable antirelayd in WHM > Service Manager. POP before SMTP will stop working, of course as the /etc/relayhosts file will no longer be updated, so you will have to use SMTP AUTH instead.

 

[hicom]

Just to add disabling antirelayd helped in helping the server performance a bit. However, there also appears to be a bug in cPanel, after a reboot, antirelayd automatically launches even though it is disabled and I can't find any other bootup script that initiates it.

in /etc there /etc/disableantirelayd file which is what chksrvd checks for before starting a script.