Spind.net Blog » Network

Sendmail and Postfix on the same server

hc — Tue, 13 Jan 2009 09:07:05 +0000

Recently I needed sendmail and sendmail-devel to compile some software, but when I installed Sendmail, it decided to make itself my preferred MTA – and I suddenly got the same feeling of powerlessness that accompany running Microsoft Windows.

Newer Linux distributions offer the Alternatives system, which basically lets you choose between different installed software that serve the same purpose. If you’re running Sendmail and Postfix like me, you can use Alternatives to pick which MTA you prefer to use:

$ /usr/sbin/alternatives

config mta

There are 2 programs which provide ‘mta’.

Selection Command

1	-----------------------------------------------

* 1 /usr/sbin/sendmail.sendmail
+ 2 /usr/sbin/sendmail.postfix

Enter to keep the current selection[+], or type selection number: 2

Ethernet device, where art thou?

hc — Tue, 16 Dec 2008 09:09:50 +0000

Today I lost my Ethernet devices, probably as a result of upgrading the apartment server from Fedora 9 to Fedora 10. The culprit turned out to be the service responsible for dynamic device management – udev. These symptoms started showing up in the logfile:

Dec 16 07:26:12 server kernel: udev: renamed network interface eth1 to eth4
Dec 16 07:26:12 server kernel: udev: renamed network interface eth0 to eth2
Dec 16 07:26:12 server kernel: udev: renamed network interface eth1 to eth5

The udev daemon creates and renames devices according to configuration files in /etc/udev/rules.d/ called rules. One of them – 70-persistent-net.rules – specifically handles network devices. This file was screwed up badly by Anaconda, and had dupes and network devices from a previous hardware configuration. I cleaned up this file, so it had only contained rules that matched the hardware addresses of the installed network devices:

SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:1e:8c:85:cd:e2″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:50:da:21:e3:34″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth1″
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:01:02:24:6d:91″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth2″

Various external “plug-and-play” helpers may add newly found network devices to this file, so if your network devices start changing names, you might want to check /etc/udev/rules.d/70-persistent-net.rules.

Tweaking Linux network parameters

hc — Fri, 28 Nov 2008 11:02:59 +0000

Random browsing takes you weird places, and suddenly I found myself reading up on tweaks for the Linux IPv4 TCP stack – many of them actually recommended by Sun. Your mileage may vary, and you probably should read up on every single option before you apply it. All options go in /etc/sysctl.conf.

Allow the TCP stack to reuse sockets in the TIME-WAIT state:

# Allow reuse/recycling of TIME-WAIT sockets for new connections:
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

TCP Timestamps are enabled per default, and enables calculation of RTT in a more accurate way (see RFC 1323) than the retransmission timeout. IBM suggests this should be enabled for performance, but others suggest disabling it and saving 12 bytes header overhead. We’ll leave it on:

# Enable TCP timestamps:
net.ipv4.tcp_timstamps = 1

Enable selective acknowledgment, which improves performance by selectively acknowledging packets received out of order (causing the sender to retransmit only the missing segments). Should be enabled for wide area network communication, but it can increase CPU utilization. Also enable Forward Acknowledgment (FACK), which operates with Selective Acknowledgment (SACK) to reduce congestion:

# Enable TCP Selective/Forward Acknowledgements:
net.ipv4.tcp_sack = 1
net.ipv4.tcp_fack = 1

To use large packet windows (over 64Kb), you should enable window scaling as defined by RFC 1323:

# Enable support for large TCP windows:
net.ipv4.tcp_window_scaling = 1

Lowering the FIN Timeout value will shorten the TIME_WAIT state, freeing up resources for new connections. It is recommended when running applications that constantly create a lot of new connections – ie. a web server. The default is 60, and Sun recommends a value in the 15-30 range.

# Lower FIN timeout (default: 60):
net.ipv4.tcp_fin_timeout = 15

Tweak the TCP KeepAlive values:

# Wait time between isAlive interval probes (default: 75, recommended: 15-30):
net.ipv4.tcp_keepalive_intvl = 15
# Number of probes before timing out (default: 9, recommended: 5):
net.ipv4.tcp_keepalive_probes = 5

The default maximum for send/receive windows is 128Kb and it’s recommended to boost this to 8Mb:

# Maximum TCP Send Window:
net.core.wmem_max = 8388608
# Maximum TCP Receive Window:
net.core.rmem_max = 8388608

Also tweak the IPv4 rcv/snd buffers to use a maximum of 8Mb:

# Memory reserved for TCP rcv buffers (default: 4Kb 85Kb 4Mb):
net.ipv4.tcp_rmem = 4096 87380 8388608
# Memory reserved for TCP snd buffers (default: 4Kb 16Kb 4Mb):
net.ipv4.tcp_wmem = 4096 87380 8388608

If you’re using a lot of connections, you should make more local ports available. Default range gives a total of 28232 ports available. Increasing this range to 4096-65535 will give you 61439 local ports:

# Available local port range (default: 32768 61000):
net.ipv4.ip_local_port_range = 4096 65536

Apart from hopefully boosting overall network performance, the tweaks above also lowered the number of sockets in the TIME_WAIT state from 300 to around 50.

Any comments and/or corrections are welcome.

Sources: