High CPU and Slow Postfix delivery

I'm not sure if you will be able to help, but if you can at least point us in the right direction. We have experienced several slowdowns in email delivery (Postfix incoming) and high CPU usage over the past few months and rebooting the server resolved the issue except for this morning. I can provide whatever information you need and if this is not an issue you can help with, then if you know who we can contact to help. We are willing to pay to have this addressed. Below if the information from the VM status page. Thanks

System hostname rjrwebserver1.rjrsolutions.net Operating system Ubuntu Linux 8.04.2 Webmin version 1.510 Virtualmin version 3.83 Pro Theme version 7.9 Time on server 30/Nov/2011 12:26 Kernel and CPU Linux 2.6.24-28-server on i686 CPU load averages 13.86 (1 min) [CPU load (1 min)] 14.90 (5 mins) [CPU load (5 mins)] 15.44 (15 mins) [CPU load (15 mins)] Running processes 751 [Running processes] Real memory 4.79 GB total, 1.14 GB used [Memory used]

Status: 
Closed (fixed)

Comments

Howdy -- well, the key would be to determine what's going on at the time of the high CPU load.

There's a few commands I'd suggest running anytime that comes up:

  1. ps auxw

  2. mailq | tail -1

  3. uptime

  4. netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

The above commands can assist in tracking down what the problem is.

However, trying to determine what happened after the fact may not be possible... or at the very least would be quite difficult.

My suggestion would be to wait for the issue to occur again, and if it does, to run the above commands, capture their output, and that can be reviewed to get a better idea of what's going on.

Weird. We had the exact same issue this morning. It appeared that there was a whole bunch of PERL processes running under one user. After looking at that users site it looks like they had a wordpress site.

I killed all of the PERL processes for that user, bounced Apache, PHP, and it was fine. I'll be curious to see what you come up with for a fix. I thought maybe their site got hacked?

Yeah, the "ps auxw" command I mentioned above would assist in diagnosing the issue. It may indeed be a particular website being broken into. Seeing the exact Perl command being run would allow you to track down where the files being executed are, and then you can review what they're doing exactly.

Additionally, I'd suggest verifying that the WordPress version that site has is fully up to date.

Thanks. I'm pasting the results here. I was going to attach them, but the form kicks kicking back an error.

PS command USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.1 0.0 2848 1692 ? Ss 08:15 0:01 /sbin/init root 2 0.0 0.0 0 0 ? S< 08:15 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S< 08:15 0:00 [migration/0] root 4 0.0 0.0 0 0 ? S< 08:15 0:00 [ksoftirqd/0] root 5 0.0 0.0 0 0 ? S< 08:15 0:00 [watchdog/0] root 6 0.0 0.0 0 0 ? S< 08:15 0:00 [migration/1] root 7 0.0 0.0 0 0 ? S< 08:15 0:00 [ksoftirqd/1] root 8 0.0 0.0 0 0 ? S< 08:15 0:00 [watchdog/1] root 9 0.1 0.0 0 0 ? S< 08:15 0:02 [events/0] root 10 0.0 0.0 0 0 ? S< 08:15 0:00 [events/1] root 11 0.0 0.0 0 0 ? S< 08:15 0:00 [khelper] root 46 0.8 0.0 0 0 ? S< 08:15 0:16 [kblockd/0] root 47 0.9 0.0 0 0 ? S< 08:15 0:17 [kblockd/1] root 50 0.0 0.0 0 0 ? S< 08:15 0:00 [kacpid] root 51 0.0 0.0 0 0 ? S< 08:15 0:00 [kacpi_notify] root 111 0.0 0.0 0 0 ? S< 08:15 0:00 [kseriod] root 153 0.0 0.0 0 0 ? S 08:15 0:00 [pdflush] root 154 1.3 0.0 0 0 ? S 08:15 0:24 [pdflush] root 155 0.0 0.0 0 0 ? S< 08:15 0:00 [kswapd0] root 197 0.0 0.0 0 0 ? S< 08:15 0:00 [aio/0] root 198 0.0 0.0 0 0 ? S< 08:15 0:00 [aio/1] root 1310 0.0 0.0 0 0 ? S< 08:15 0:00 [ata/0] root 1311 0.0 0.0 0 0 ? S< 08:15 0:00 [ata/1] root 1312 0.0 0.0 0 0 ? S< 08:15 0:00 [ata_aux] root 1317 0.0 0.0 0 0 ? S< 08:15 0:00 [scsi_eh_0] root 1318 0.0 0.0 0 0 ? S< 08:15 0:00 [scsi_eh_1] root 2085 0.0 0.0 0 0 ? S< 08:15 0:00 [scsi_eh_2] root 2521 5.4 0.0 0 0 ? S< 08:15 1:39 [kjournald] root 2677 0.0 0.0 2228 644 ? S<s 08:16 0:01 /sbin/udevd --daemon root 2936 0.0 0.0 0 0 ? S< 08:16 0:00 [kpsmoused] root 3668 0.0 0.0 0 0 ? S< 08:16 0:00 [ib_addr] root 3690 0.0 0.0 0 0 ? S< 08:16 0:00 [ib_mcast] root 3694 0.0 0.0 0 0 ? S< 08:16 0:00 [iw_cm_wq] root 3700 0.0 0.0 0 0 ? S< 08:16 0:00 [ib_cm/0] root 3701 0.0 0.0 0 0 ? S< 08:16 0:00 [ib_cm/1] root 3708 0.0 0.0 0 0 ? S< 08:16 0:00 [rdma_cm] root 3728 0.0 0.0 1868 468 ? S<s 08:16 0:01 /sbin/iscsid root 3731 0.3 0.0 2084 2080 ? S<Ls 08:16 0:06 /sbin/iscsid root 4101 7.3 0.0 0 0 ? D< 08:16 2:13 [kjournald] root 4546 0.0 0.0 1720 512 tty4 Ss+ 08:16 0:00 /sbin/getty 38400 tty4 root 4547 0.0 0.0 1720 508 tty5 Ss+ 08:16 0:00 /sbin/getty 38400 tty5 root 4555 0.0 0.0 1720 508 tty2 Ss+ 08:16 0:00 /sbin/getty 38400 tty2 root 4561 0.0 0.0 1720 516 tty3 Ss+ 08:16 0:00 /sbin/getty 38400 tty3 root 4564 0.0 0.0 1720 508 tty6 Ss+ 08:16 0:00 /sbin/getty 38400 tty6 ntp 4593 0.2 0.0 4128 1256 ? Ss 08:16 0:03 /usr/sbin/ntpd -p /var/run/ntpd.pid -u 107:115 -g syslog 4616 0.7 0.0 1940 648 ? Ss 08:16 0:12 /sbin/syslogd -u syslog root 4635 0.0 0.0 1876 548 ? S 08:16 0:00 /bin/dd bs 1 if /proc/kmsg of /var/run/klogd/kmsg klog 4637 0.0 0.0 3164 2044 ? Ss 08:16 0:00 /sbin/klogd -P /var/run/klogd/kmsg 105 4656 0.0 0.0 2572 928 ? Ss 08:16 0:00 /usr/bin/dbus-daemon --system bind 4680 4.4 0.7 76036 39096 ? Ssl 08:17 1:18 /usr/sbin/named -u bind root 4703 0.0 0.0 5320 1020 ? Ss 08:17 0:00 /usr/sbin/sshd postgres 4983 0.1 0.0 40184 4972 ? S 08:17 0:02 /usr/lib/postgresql/8.3/bin/postgres -D /var/lib/postgresql/8.3/main -c config_file=/etc/postgresql/8.3/main/postgresql.conf postgres 4986 0.4 0.0 40184 1372 ? Ss 08:17 0:08 postgres: writer process
postgres 4987 0.4 0.0 40184 1200 ? Ss 08:17 0:07 postgres: wal writer process
postgres 4988 0.1 0.0 40184 1412 ? Ss 08:17 0:01 postgres: autovacuum launcher process
postgres 4989 0.0 0.0 11504 1164 ? Ss 08:17 0:01 postgres: stats collector process
postgrey 5002 2.2 0.1 11328 8500 ? Ss 08:17 0:38 /usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=127.0.0.1:60000 root 5006 0.4 0.6 34212 31652 ? Ss 08:17 0:08 /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/var/run/spamd.pid root 5250 11.8 0.9 51368 48860 ? R 08:17 3:24 spamd child blaurob 5251 10.8 0.9 48788 46284 ? R 08:17 3:07 spamd child clamav 5252 3.7 2.5 172476 129396 ? Ssl 08:17 1:04 /usr/sbin/clamd clamav 5349 0.0 0.0 3004 1080 ? Ss 08:17 0:01 /usr/bin/freshclam -d --quiet list 5365 0.0 0.0 9900 4828 ? Ss 08:17 0:00 /usr/bin/python /usr/lib/mailman/bin/mailmanctl -s -q start list 5387 0.3 0.1 9544 6448 ? S 08:17 0:05 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s list 5391 0.3 0.1 9536 6452 ? S 08:17 0:05 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s list 5393 0.3 0.1 9516 6440 ? S 08:17 0:05 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s list 5394 0.3 0.1 9548 6448 ? S 08:17 0:05 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s list 5397 0.3 0.1 9540 6480 ? S 08:17 0:05 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s list 5400 0.3 0.1 9484 6508 ? S 08:17 0:06 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s list 5402 0.3 0.1 9536 6448 ? S 08:17 0:05 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s list 5404 0.0 0.1 9524 6448 ? S 08:17 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s root 5438 0.4 0.0 5412 1740 ? Ss 08:18 0:08 /usr/lib/postfix/master postfix 5447 0.0 0.0 5420 1720 ? S 08:18 0:00 pickup -l -t fifo -u -c postfix 5448 0.3 0.0 6384 2744 ? S 08:18 0:06 qmgr -l -t fifo -u postfix 5462 0.1 0.0 5924 2608 ? S 08:18 0:01 cleanup -z -t unix -u -c postfix 5466 0.2 0.0 6720 3936 ? S 08:18 0:04 smtpd -n smtp -t inet -u -c -o stress -o smtpd_sasl_auth_enable yes postfix 5467 0.4 0.0 5840 2436 ? S 08:18 0:07 trivial-rewrite -n rewrite -t unix -u -c postfix 5468 0.0 0.0 5612 2336 ? S 08:18 0:00 local -t unix postfix 5469 0.0 0.0 5788 2556 ? S 08:18 0:00 tlsmgr -l -t unix -u -c postfix 5470 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 5471 0.0 0.0 5612 2328 ? S 08:18 0:00 local -t unix postfix 5474 0.0 0.0 5612 2344 ? S 08:18 0:00 local -t unix root 5478 0.0 0.0 7168 1244 ? Ss 08:18 0:00 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5 postfix 5479 0.0 0.0 5612 2308 ? S 08:18 0:00 local -t unix root 5480 0.0 0.0 7168 1188 ? S 08:18 0:00 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5 root 5484 0.0 0.0 7168 1188 ? S 08:18 0:00 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5 root 5486 0.0 0.0 7168 1188 ? S 08:18 0:00 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5 root 5487 0.0 0.0 7168 1188 ? S 08:18 0:00 /usr/sbin/saslauthd -a pam -m /var/spool/postfix/var/run/saslauthd -r -n 5 postfix 5499 0.0 0.0 5612 2316 ? S 08:18 0:00 local -t unix postfix 5505 0.0 0.0 5612 2348 ? S 08:18 0:00 local -t unix postfix 5511 0.0 0.0 5612 2304 ? S 08:18 0:00 local -t unix postfix 5515 0.0 0.0 5612 2304 ? S 08:18 0:00 local -t unix postfix 5517 0.2 0.0 5424 1764 ? S 08:18 0:04 anvil -l -t unix -u -c postfix 5521 0.0 0.0 5612 2316 ? S 08:18 0:00 local -t unix postfix 5532 0.0 0.0 5612 2344 ? S 08:18 0:00 local -t unix postfix 5544 0.0 0.0 5612 2340 ? S 08:18 0:00 local -t unix postfix 5549 0.0 0.0 5612 2332 ? S 08:18 0:00 local -t unix postfix 5556 0.0 0.0 5612 2324 ? S 08:18 0:00 local -t unix postfix 5571 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 5591 0.0 0.0 5612 2332 ? S 08:18 0:00 local -t unix postfix 5595 0.0 0.0 5612 2332 ? S 08:18 0:00 local -t unix postfix 5603 0.0 0.0 5612 2332 ? S 08:18 0:00 local -t unix postfix 5607 0.0 0.0 5612 2340 ? S 08:18 0:00 local -t unix postfix 5617 0.0 0.0 5612 2316 ? S 08:18 0:00 local -t unix postfix 5642 0.0 0.0 5612 2336 ? S 08:18 0:00 local -t unix postfix 5662 0.0 0.0 5612 2332 ? S 08:18 0:00 local -t unix postfix 5666 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 5699 0.0 0.0 5612 2344 ? S 08:18 0:00 local -t unix postfix 5708 0.0 0.0 5612 2348 ? S 08:18 0:00 local -t unix postfix 5723 0.2 0.0 6720 3836 ? S 08:18 0:04 smtpd -n smtp -t inet -u -c -o stress -o smtpd_sasl_auth_enable yes postfix 5735 0.0 0.0 5612 2340 ? S 08:18 0:00 local -t unix postfix 5739 0.0 0.0 5612 2336 ? S 08:18 0:00 local -t unix root 5750 1.1 0.0 2212 764 ? Ss 08:18 0:19 /usr/sbin/dovecot postfix 5751 0.0 0.0 5612 2312 ? S 08:18 0:00 local -t unix postfix 5761 0.0 0.0 5612 2312 ? S 08:18 0:00 local -t unix postfix 5770 0.0 0.0 5612 2336 ? S 08:18 0:00 local -t unix root 5779 0.8 0.0 9132 2320 ? S 08:18 0:13 dovecot-auth postfix 5780 0.0 0.0 5612 2348 ? S 08:18 0:00 local -t unix postfix 5785 0.0 0.0 5612 2340 ? S 08:18 0:00 local -t unix postfix 5793 0.0 0.0 5612 2344 ? S 08:18 0:00 local -t unix postfix 5807 0.0 0.0 5612 2348 ? S 08:18 0:00 local -t unix postfix 5810 0.0 0.0 5612 2324 ? S 08:18 0:00 local -t unix postfix 5825 0.0 0.0 5612 2316 ? S 08:18 0:00 local -t unix postfix 5830 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 5840 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 5849 0.0 0.0 5612 2316 ? S 08:18 0:00 local -t unix dovecot 5866 0.1 0.0 3648 1784 ? S 08:18 0:02 imap-login postfix 5894 0.0 0.0 5612 2308 ? S 08:18 0:00 local -t unix postfix 5906 0.0 0.0 5612 2308 ? S 08:18 0:00 local -t unix postfix 5919 0.0 0.0 5612 2348 ? S 08:18 0:00 local -t unix postfix 5926 0.0 0.0 5612 2316 ? S 08:18 0:00 local -t unix postfix 5934 0.0 0.0 5612 2348 ? S 08:18 0:00 local -t unix proftpd 5947 0.0 0.0 9952 1604 ? Ss 08:18 0:00 proftpd: (accepting connections) postfix 5948 0.0 0.0 5612 2324 ? S 08:18 0:00 local -t unix postfix 5950 0.0 0.0 5612 2332 ? S 08:18 0:00 local -t unix postfix 5965 0.0 0.0 5612 2332 ? S 08:18 0:00 local -t unix postfix 5971 0.0 0.0 5612 2312 ? S 08:18 0:00 local -t unix postfix 5988 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 6003 0.0 0.0 5612 2324 ? S 08:18 0:00 local -t unix postfix 6006 0.0 0.0 5612 2304 ? S 08:18 0:00 local -t unix postfix 6012 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 6017 0.0 0.0 5612 2348 ? S 08:18 0:00 local -t unix daemon 6021 0.0 0.0 1988 424 ? Ss 08:18 0:00 /usr/sbin/atd postfix 6027 0.0 0.0 5612 2308 ? S 08:18 0:00 local -t unix postfix 6038 0.0 0.0 5612 2324 ? S 08:18 0:00 local -t unix postfix 6054 0.0 0.0 5612 2316 ? S 08:18 0:00 local -t unix postfix 6059 0.0 0.0 5612 2308 ? S 08:18 0:00 local -t unix postfix 6063 0.0 0.0 5612 2312 ? S 08:18 0:00 local -t unix postfix 6070 0.0 0.0 5612 2316 ? S 08:18 0:00 local -t unix tcommoff 6081 12.2 1.4 74776 72300 ? S 08:18 3:26 spamd child root 6091 0.0 0.0 2108 964 ? Ss 08:18 0:00 /usr/sbin/cron postfix 6093 0.0 0.0 5612 2336 ? S 08:18 0:00 local -t unix postfix 6100 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix turpmlic 6103 11.9 1.3 69632 67028 ? R 08:18 3:22 spamd child postfix 6129 0.0 0.0 5612 2324 ? S 08:18 0:00 local -t unix 1220 6140 10.8 1.0 53496 50992 ? D 08:18 3:03 spamd child postfix 6148 0.0 0.0 5612 2336 ? S 08:18 0:00 local -t unix postfix 6155 0.0 0.0 5612 2312 ? S 08:18 0:00 local -t unix postfix 6182 0.0 0.0 5612 2324 ? S 08:18 0:00 local -t unix dovecot 6185 0.1 0.0 3648 1800 ? S 08:18 0:02 imap-login postfix 6202 0.0 0.0 5612 2336 ? S 08:18 0:00 local -t unix postfix 6209 0.0 0.0 5612 2304 ? S 08:18 0:00 local -t unix postfix 6213 0.0 0.0 5612 2328 ? S 08:18 0:00 local -t unix postfix 6220 0.0 0.0 5612 2308 ? S 08:18 0:00 local -t unix dovecot 6228 0.1 0.0 3648 1784 ? S 08:18 0:02 imap-login postfix 6229 0.0 0.0 5612 2308 ? S 08:18 0:00 local -t unix postfix 6235 0.0 0.0 5612 2316 ? S 08:18 0:00 local -t unix postfix 6253 0.0 0.0 5612 2332 ? S 08:18 0:00 local -t unix postfix 6259 0.0 0.0 5612 2300 ? S 08:18 0:00 local -t unix postfix 6266 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 6274 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 6279 0.0 0.0 5612 2312 ? S 08:18 0:00 local -t unix pavenick 6281 0.0 0.0 2728 1472 ? S 08:18 0:00 imap postfix 6288 0.0 0.0 5612 2328 ? S 08:18 0:00 local -t unix postfix 6302 0.0 0.0 5612 2324 ? S 08:18 0:00 local -t unix dovecot 6307 0.1 0.0 3648 1784 ? S 08:18 0:02 imap-login srmtaun 6322 0.1 0.0 2724 1184 ? S 08:18 0:01 imap 1199 6354 0.1 0.0 2784 1188 ? S 08:18 0:02 imap dovecot 6360 0.1 0.0 3648 1796 ? S 08:18 0:02 imap-login postfix 6361 0.2 0.0 6652 3900 ? S 08:18 0:04 smtpd -n smtp -t inet -u -c -o stress -o smtpd_sasl_auth_enable yes postfix 6368 0.4 0.0 6680 3900 ? S 08:18 0:08 smtpd -n smtp -t inet -u -c -o stress -o smtpd_sasl_auth_enable yes postfix 6388 0.2 0.0 6680 3896 ? S 08:18 0:04 smtpd -n smtp -t inet -u -c -o stress -o smtpd_sasl_auth_enable yes postfix 6391 0.1 0.0 5928 2604 ? S 08:18 0:03 cleanup -z -t unix -u -c postfix 6393 0.0 0.0 5612 2308 ? S 08:18 0:00 local -t unix pavenick 6400 0.0 0.0 3468 1748 ? S 08:18 0:01 imap postfix 6404 0.0 0.0 5612 2352 ? S 08:18 0:00 local -t unix postfix 6407 0.0 0.0 5612 2332 ? S 08:18 0:00 local -t unix dovecot 6423 0.1 0.0 3648 1800 ? S 08:18 0:02 imap-login 1247 6450 0.1 0.0 2784 1572 ? S 08:18 0:02 imap dovecot 6451 0.1 0.0 3648 1796 ? S 08:18 0:01 imap-login postfix 6460 0.0 0.0 5612 2316 ? S 08:18 0:00 local -t unix tarvjdel 6462 0.1 0.0 2804 1188 ? S 08:18 0:02 imap 1247 6472 0.0 0.0 2640 1184 ? S 08:18 0:00 imap postfix 6486 0.0 0.0 5612 2352 ? S 08:18 0:00 local -t unix postfix 6510 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 6525 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 6528 0.0 0.0 5612 2320 ? S 08:18 0:00 local -t unix postfix 6531 0.0 0.0 5612 2316 ? S 08:19 0:00 local -t unix dovecot 6535 0.1 0.0 3648 1784 ? S 08:19 0:02 imap-login postfix 6537 0.0 0.0 5612 2336 ? S 08:19 0:00 local -t unix postfix 6543 0.0 0.0 5612 2304 ? S 08:19 0:00 local -t unix 1682 6556 0.1 0.0 2732 1312 ? S 08:19 0:01 imap postfix 6557 0.0 0.0 5612 2316 ? S 08:19 0:00 local -t unix dovecot 6606 0.1 0.0 3648 1796 ? S 08:19 0:02 imap-login postfix 6634 0.2 0.0 6644 3936 ? S 08:19 0:04 smtpd -n smtp -t inet -u -c -o stress -o smtpd_sasl_auth_enable yes dovecot 6649 0.1 0.0 3648 1780 ? S 08:19 0:01 imap-login dovecot 6655 0.1 0.0 3648 1784 ? S 08:19 0:02 imap-login dovecot 6656 0.1 0.0 3648 1796 ? S 08:19 0:01 imap-login 1247 6663 0.0 0.0 2768 1456 ? S 08:19 0:01 imap 1669 6670 0.1 0.0 2768 1324 ? S 08:19 0:02 imap turjdtur 6673 0.0 0.0 2516 1164 ? S 08:19 0:00 imap dovecot 6677 0.1 0.0 3648 1784 ? S 08:19 0:02 imap-login turkshur 6686 0.1 0.0 2728 1192 ? S 08:19 0:02 imap postfix 6690 0.0 0.0 5612 2304 ? S 08:19 0:00 local -t unix postfix 6704 0.0 0.0 5612 2336 ? S 08:19 0:00 local -t unix dovecot 6710 0.1 0.0 3648 1788 ? S 08:19 0:02 imap-login postfix 6712 0.0 0.0 5612 2320 ? S 08:19 0:00 local -t unix tarvcbos 6722 0.1 0.0 3456 1192 ? S 08:19 0:01 imap turcrobe 6725 0.1 0.0 2684 1192 ? S 08:19 0:01 imap dovecot 6731 0.1 0.0 3648 1784 ? S 08:19 0:01 imap-login dovecot 6748 0.1 0.0 3648 1788 ? S 08:19 0:01 imap-login dovecot 6786 0.1 0.0 3648 1784 ? S 08:19 0:01 imap-login dovecot 6789 0.1 0.0 3648 1784 ? S 08:19 0:02 imap-login 1265 6792 0.1 0.0 2896 1352 ? S 08:19 0:02 imap tarvevan 6795 0.1 0.0 2768 1188 ? S 08:19 0:02 imap dovecot 6797 0.1 0.0 3648 1784 ? S 08:19 0:02 imap-login dovecot 6812 0.1 0.0 3648 1784 ? S 08:19 0:01 imap-login mlbandy 6816 0.1 0.0 2912 1404 ? S 08:19 0:01 imap tarvjspr 6835 0.1 0.0 3888 1200 ? S 08:19 0:01 imap 1651 6849 0.1 0.0 4556 1860 ? S 08:19 0:02 imap 1251 6872 0.1 0.0 3208 1464 ? S 08:19 0:01 imap dovecot 6876 0.1 0.0 3648 1780 ? S 08:19 0:02 imap-login dovecot 6905 0.1 0.0 3648 1784 ? S 08:19 0:02 imap-login 1668 6915 0.1 0.0 2724 1356 ? S 08:19 0:02 imap dovecot 6981 0.1 0.0 3648 1788 ? S 08:20 0:01 imap-login postfix 6982 0.1 0.0 6696 3920 ? S 08:20 0:03 smtpd -n smtp -t inet -u -c -o stress -o smtpd_sasl_auth_enable yes dovecot 6984 0.1 0.0 3648 1788 ? S 08:20 0:01 imap-login 1701 6993 0.1 0.0 2764 1192 ? S 08:20 0:01 imap dovecot 6995 0.1 0.0 3648 1788 ? S 08:20 0:01 imap-login 1200 7001 0.1 0.0 2788 1316 ? S 08:20 0:02 imap turpgoss 7003 0.1 0.0 2856 1384 ? S 08:20 0:02 imap ckkitch1 7009 0.1 0.0 5760 1900 ? S 08:20 0:02 imap postfix 7031 0.1 0.0 5932 2600 ? S 08:20 0:02 cleanup -z -t unix -u -c postfix 7039 0.0 0.0 5612 2308 ? S 08:20 0:00 local -t unix postfix 7045 0.0 0.0 5612 2316 ? S 08:20 0:00 local -t unix postfix 7049 0.0 0.0 5612 2328 ? S 08:20 0:00 local -t unix postfix 7078 0.0 0.0 5612 2332 ? S 08:20 0:00 local -t unix dovecot 7095 0.1 0.0 3648 1784 ? S 08:20 0:01 imap-login 1652 7124 0.1 0.0 2836 1192 ? S 08:20 0:01 imap dovecot 7165 0.1 0.0 3648 1788 ? S 08:20 0:02 imap-login dovecot 7168 0.1 0.0 3648 1788 ? S 08:20 0:02 imap-login turplneb 7181 0.1 0.0 2812 1328 ? S 08:20 0:02 imap dovecot 7189 0.1 0.0 3648 1784 ? S 08:20 0:02 imap-login dovecot 7190 0.1 0.0 3648 1784 ? S 08:20 0:01 imap-login dovecot 7209 0.1 0.0 3648 1784 ? S 08:20 0:01 imap-login 1265 7211 0.1 0.0 2896 1320 ? S 08:20 0:02 imap turlwint 7215 0.1 0.0 2836 1348 ? S 08:20 0:01 imap turpswag 7216 0.1 0.0 2688 1332 ? S 08:20 0:02 imap root 7221 0.1 0.0 6916 4980 ? Ss 08:20 0:02 /usr/sbin/munin-node 1333 7248 0.1 0.0 2668 1192 ? S 08:20 0:01 imap 1103 7324 0.0 0.1 23080 9056 ? S 08:20 0:01 /usr/bin/php5-cgi dovecot 7342 0.1 0.0 3648 1788 ? S 08:20 0:01 imap-login 1468 7373 0.1 0.0 2764 1360 ? S 08:21 0:02 imap root 7385 8.2 0.7 38808 36872 ? Rs 08:21 2:06 /usr/share/webmin/virtual-server/lookup-domain-daemon.pl njar.com 7416 0.0 0.1 21412 6788 ? S 08:21 0:00 /usr/bin/php5-cgi root 7418 0.4 0.0 29136 2260 ? Sl 08:21 0:06 /usr/sbin/monit -d 60 -c /etc/monit/monitrc -s /var/lib/monit/monit.state dovecot 7537 0.1 0.0 3648 1796 ? S 08:21 0:02 imap-login 1313 7564 0.0 0.1 21984 7724 ? S 08:21 0:00 /usr/bin/php5-cgi root 7606 0.0 0.1 9800 5940 ? Ss 08:21 0:01 /usr/bin/perl /usr/share/usermin/miniserv.pl /etc/usermin/miniserv.conf postfix 7642 0.6 0.0 6732 3912 ? S 08:21 0:09 smtpd -n smtp -t inet -u -c -o stress -o smtpd_sasl_auth_enable yes root 7660 0.0 0.1 10816 6704 ? Ss 08:21 0:00 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf postfix 7699 0.0 0.0 5612 2328 ? S 08:21 0:00 local -t unix postfix 7710 0.0 0.0 5612 2340 ? S 08:21 0:00 local -t unix root 7716 0.0 0.0 2572 1248 tty1 Ss 08:21 0:00 /bin/login --
postfix 7792 0.0 0.0 5612 2348 ? S 08:21 0:00 local -t unix root 7849 0.0 0.0 4188 1816 tty1 S+ 08:22 0:00 -bash dovecot 7879 0.1 0.0 3648 1796 ? S 08:22 0:02 imap-login postfix 7881 0.3 0.0 6692 4064 ? S 08:22 0:04 smtpd -n smtp -t inet -u -c -o stress -o smtpd_sasl_auth_enable yes turpkkra 7933 0.0 0.0 4200 1548 ? S 08:22 0:01 imap root 8187 0.0 0.0 8060 2628 ? Ss 08:22 0:00 sshd: administrator [priv] 1000 8212 0.1 0.0 8196 1620 ? S 08:22 0:01 sshd: administrator@pts/0 1000 8221 0.0 0.0 5976 3392 pts/0 Ss 08:22 0:00 -bash root 8229 0.0 0.0 7604 2116 ? Ssl 08:22 0:00 /usr/sbin/console-kit-daemon root 8357 0.0 0.0 3672 1200 pts/0 S 08:23 0:00 su 1447 8367 0.0 0.1 21412 6628 ? S 08:23 0:00 /usr/bin/php5-cgi 1661 8375 0.0 0.0 2680 1204 ? S 08:23 0:00 imap root 8379 0.0 0.0 4160 1788 pts/0 S+ 08:23 0:00 bash dovecot 8430 0.1 0.0 3648 1796 ? S 08:23 0:01 imap-login dovecot 8553 0.0 0.0 3648 1796 ? S 08:23 0:01 imap-login 1248 8557 0.0 0.0 2672 1216 ? S 08:23 0:00 imap 1248 8628 0.0 0.0 2500 1156 ? S 08:23 0:00 imap root 8998 0.0 0.0 2776 1312 ? S 08:24 0:00 /bin/sh /usr/bin/mysqld_safe mysql 9065 3.8 0.4 102180 24008 ? Sl 08:24 0:51 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-external-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock root 9068 0.0 0.0 1704 552 ? S 08:24 0:00 logger -p daemon.err -t mysqld_safe -i -t mysqld dovecot 9551 0.1 0.0 3648 1784 ? S 08:25 0:01 imap-login turplspr 9588 0.1 0.0 2772 1264 ? S 08:25 0:01 imap 1129 9642 0.0 0.1 21544 7096 ? S 08:25 0:00 /usr/bin/php5-cgi dovecot 9664 0.1 0.0 3648 1796 ? S 08:26 0:01 imap-login 1667 9694 0.0 0.0 2788 1408 ? S 08:26 0:00 imap root 9796 0.7 0.2 33668 13684 ? Rs 08:26 0:08 /usr/sbin/apache2 -k start www-data 9802 0.0 0.1 24804 6432 ? S 08:26 0:01 /usr/sbin/apache2 -k start njar.com 9822 0.0 0.1 21688 6848 ? S 08:26 0:00 /usr/bin/php5-cgi dovecot 10018 0.1 0.0 3648 1800 ? S 08:27 0:01 imap-login 1103 10026 0.1 0.1 23348 9252 ? S 08:27 0:01 /usr/bin/php5-cgi turrsam 10117 0.0 0.0 2500 1164 ? S 08:28 0:00 imap dovecot 10254 0.1 0.0 3648 1792 ? S 08:28 0:01 imap-login 1313 10421 0.9 0.4 35584 22160 ? S 08:28 0:09 /usr/bin/php5-cgi turrsam 10464 0.0 0.0 2916 1496 ? S 08:29 0:00 imap postfix 10705 0.3 0.0 5844 2428 ? S 08:30 0:03 trivial-rewrite -n rewrite -t unix -u -c dovecot 10888 0.1 0.0 3648 1788 ? S 08:30 0:01 imap-login turppert 10974 0.0 0.0 2772 1328 ? S 08:30 0:00 imap dovecot 11258 0.1 0.0 3648 1788 ? S 08:32 0:00 imap-login dovecot 11316 0.1 0.0 3648 1784 ? S 08:32 0:01 imap-login mlbiharo 11323 0.1 0.0 2740 1344 ? S 08:32 0:01 imap dovecot 11370 0.1 0.0 3648 1800 ? S 08:32 0:00 imap-login hydejhyl 11378 0.1 0.0 2648 1184 ? S 08:32 0:00 imap dovecot 11380 0.0 0.0 3648 1796 ? S 08:32 0:00 imap-login caplrcas 11394 0.0 0.0 2500 1164 ? S 08:32 0:00 imap caplrcas 11397 0.0 0.0 2500 1164 ? S 08:32 0:00 imap dovecot 11409 0.1 0.0 3648 1780 ? S 08:32 0:00 imap-login turhprou 11418 0.1 0.0 2928 1380 ? S 08:32 0:01 imap dovecot 11440 0.1 0.0 3648 1784 ? S 08:32 0:01 imap-login dovecot 11448 0.1 0.0 3648 1784 ? S 08:32 0:00 imap-login dovecot 11449 0.0 0.0 3648 1780 ? S 08:32 0:00 imap-login turpalex 11454 0.1 0.0 3276 1472 ? S 08:32 0:01 imap dovecot 11455 0.1 0.0 3648 1784 ? S 08:32 0:01 imap-login 1571 11457 0.1 0.0 2696 1192 ? S 08:32 0:01 imap turedono 11460 0.1 0.0 3024 1200 ? S 08:32 0:00 imap dovecot 11477 0.1 0.0 3648 1784 ? S 08:32 0:00 imap-login turpdgal 11484 0.1 0.0 2740 1184 ? S 08:32 0:00 imap dovecot 11536 0.1 0.0 3648 1784 ? S 08:32 0:00 imap-login dovecot 11545 0.1 0.0 3648 1788 ? S 08:32 0:00 imap-login tbismith 11548 0.1 0.0 2696 1360 ? S 08:32 0:01 imap srmsmith 11552 0.1 0.0 2716 1196 ? S 08:33 0:01 imap 1673 11573 0.1 0.0 2744 1360 ? S 08:33 0:00 imap 1129 11636 0.0 0.1 21544 7088 ? S 08:33 0:00 /usr/bin/php5-cgi 1136 12308 0.0 0.1 21544 7244 ? S 08:35 0:00 /usr/bin/php5-cgi dovecot 12619 0.1 0.0 3648 1796 ? S 08:36 0:00 imap-login turpkkra 12639 0.0 0.0 4200 1548 ? S 08:36 0:00 imap postfix 12650 0.0 0.0 5560 2012 ? S 08:36 0:00 smtp -t unix -u -c dovecot 12819 0.1 0.0 3648 1800 ? S 08:37 0:00 imap-login turrsam 12844 0.0 0.0 2500 1156 ? S 08:37 0:00 imap postfix 13009 0.0 0.0 5560 2016 ? S 08:38 0:00 smtp -t unix -u -c 1095 13109 0.0 0.1 21544 7204 ? S 08:38 0:00 /usr/bin/php5-cgi turjclar 13186 0.0 0.0 2736 1424 ? S 08:38 0:00 imap dovecot 13197 0.1 0.0 3648 1796 ? S 08:38 0:00 imap-login turmlevi 13205 0.0 0.0 2616 1164 ? S 08:38 0:00 imap postfix 13609 0.2 0.0 5936 2596 ? S 08:40 0:00 cleanup -z -t unix -u -c 1220 13614 0.0 0.0 2128 796 ? Ss 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpdross blaurob 13657 0.0 0.0 2128 808 ? Ss 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d blaurob 1220 13691 0.0 0.0 2128 288 ? S 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpdross 1220 13692 0.0 0.0 24112 1124 ? S 08:40 0:00 /usr/bin/spamc -s 10485760 tcommoff 13713 0.0 0.0 2128 808 ? Ss 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tcommoff blaurob 13739 0.0 0.0 2128 300 ? S 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d blaurob blaurob 13740 0.0 0.0 24112 1132 ? S 08:40 0:00 /usr/bin/spamc -s 10485760 turpmlic 13743 0.0 0.0 2128 804 ? Ss 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpmlic tcommoff 13750 0.0 0.0 2128 300 ? S 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tcommoff tcommoff 13751 0.0 0.0 24112 1132 ? S 08:40 0:00 /usr/bin/spamc -s 10485760 turpmlic 13762 0.0 0.0 2128 296 ? S 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpmlic turpmlic 13763 0.0 0.0 24112 1128 ? S 08:40 0:00 /usr/bin/spamc -s 10485760 1082 13765 0.0 0.0 2128 824 ? Ss 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d blauchuck 1082 13782 0.0 0.0 2128 316 ? S 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d blauchuck 1082 13783 0.0 0.0 24112 1148 ? S 08:40 0:00 /usr/bin/spamc -s 10485760 pmcibro 13785 0.0 0.0 2128 860 ? Ss 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d pmcibro pmcibro 13805 0.0 0.0 2128 352 ? S 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d pmcibro pmcibro 13806 0.0 0.0 24112 1192 ? S 08:40 0:00 /usr/bin/spamc -s 10485760 turjclar 13819 0.0 0.0 2128 800 ? Ss 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turjclar 1082 13822 0.0 0.0 2128 816 ? Ss 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d blauchuck 1673 13833 0.0 0.0 2128 836 ? Ss 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvecoleman turjclar 13841 0.0 0.0 2128 292 ? S 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turjclar turjclar 13842 0.0 0.0 24112 1124 ? S 08:40 0:00 /usr/bin/spamc -s 10485760 www-data 13851 0.6 0.2 34896 14572 ? S 08:40 0:02 /usr/sbin/apache2 -k start 1082 13857 0.0 0.0 2128 308 ? S 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d blauchuck 1082 13858 0.0 0.0 24112 1140 ? S 08:40 0:00 /usr/bin/spamc -s 10485760 1673 13868 0.0 0.0 2128 328 ? S 08:40 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvecoleman 1673 13869 0.0 0.0 24112 1156 ? S 08:40 0:00 /usr/bin/spamc -s 10485760 1426 13881 0.0 0.0 2128 808 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d mfrederickcrr 1426 13900 0.0 0.0 2128 300 ? S 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d mfrederickcrr 1426 13901 0.0 0.0 24112 1128 ? S 08:41 0:00 /usr/bin/spamc -s 10485760 dovecot 13912 0.1 0.0 3640 1780 ? S 08:41 0:00 pop3-login tbismith 13916 0.0 0.0 2128 808 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tbismith 1193 13925 0.0 0.0 2128 840 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turadiame tbismith 13934 0.0 0.0 2128 300 ? S 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tbismith tbismith 13935 0.0 0.0 24112 1132 ? S 08:41 0:00 /usr/bin/spamc -s 10485760 rjrdon 13937 0.0 0.0 2128 792 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d rjrdon 1206 13948 0.0 0.0 2128 804 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bonita.stein 1193 13950 0.0 0.0 2128 332 ? S 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turadiame 1193 13951 0.0 0.0 24112 1160 ? S 08:41 0:00 /usr/bin/spamc -s 10485760 1447 13956 0.1 0.1 21412 6560 ? S 08:41 0:00 /usr/bin/php5-cgi rjrdon 13963 0.0 0.0 2128 284 ? S 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d rjrdon rjrdon 13964 0.0 0.0 24112 1128 ? S 08:41 0:00 /usr/bin/spamc -s 10485760 turkshur 13969 0.0 0.0 2128 800 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turkshur 1206 13979 0.0 0.0 2128 296 ? S 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bonita.stein 1206 13980 0.0 0.0 24112 1120 ? S 08:41 0:00 /usr/bin/spamc -s 10485760 1163 13983 0.0 0.0 2968 1396 ? S 08:41 0:00 pop3 turkshur 13989 0.0 0.0 2128 292 ? S 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turkshur turkshur 13990 0.0 0.0 24112 1124 ? S 08:41 0:00 /usr/bin/spamc -s 10485760 1197 14015 0.0 0.0 2128 808 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turmalden 1221 14042 0.0 0.0 2128 808 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpeguid 1191 14047 0.0 0.0 2128 808 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turmleung capljess 14056 0.0 0.0 2128 800 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d capljess 1197 14063 0.0 0.0 2128 300 ? S 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turmalden 1197 14064 0.0 0.0 24112 1132 ? S 08:41 0:00 /usr/bin/spamc -s 10485760 1194 14068 0.0 0.0 2128 804 ? Ss 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turppetro 1221 14082 0.0 0.0 2128 300 ? S 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpeguid 1221 14083 0.0 0.0 24112 1132 ? S 08:41 0:00 /usr/bin/spamc -s 10485760 1191 14089 0.0 0.0 2128 300 ? S 08:41 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turmleung 1191 14090 0.0 0.0 24112 1132 ? S 08:41 0:00 /usr/bin/spamc -s 10485760 capljess 14095 0.0 0.0 2128 292 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d capljess capljess 14096 0.0 0.0 24112 1128 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1194 14105 0.0 0.0 2128 296 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turppetro 1194 14106 0.0 0.0 24112 1124 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1215 14115 0.0 0.0 2128 808 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d lisa.cairoli 1215 14130 0.0 0.0 2128 300 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d lisa.cairoli 1215 14131 0.0 0.0 24112 1128 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1498 14134 0.0 0.0 2352 1132 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d pavepfstires 1498 14171 0.0 0.0 2352 624 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d pavepfstires 1498 14172 0.0 0.0 24112 1344 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 m3rinfo 14175 0.0 0.0 2128 796 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d m3rinfo 1346 14181 0.0 0.0 2128 816 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d biajberardi bogadavi 14187 0.0 0.0 2128 800 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bogadavi capldfel 14194 0.0 0.0 2128 808 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d capldfel m3rinfo 14198 0.0 0.0 2128 288 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d m3rinfo m3rinfo 14199 0.0 0.0 24112 1124 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1346 14208 0.0 0.0 2128 308 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d biajberardi 1346 14209 0.0 0.0 24112 1136 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 bogadavi 14215 0.0 0.0 2128 292 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bogadavi bogadavi 14216 0.0 0.0 24112 1128 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 capldfel 14222 0.0 0.0 2128 300 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d capldfel capldfel 14223 0.0 0.0 24112 1128 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 tcommoff 14230 0.0 0.0 2128 804 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tcommoff tcommoff 14240 0.0 0.0 2128 296 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tcommoff tcommoff 14241 0.0 0.0 24112 1124 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1538 14246 0.0 0.0 2128 800 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d pmclfellin 1538 14258 0.0 0.0 2128 292 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d pmclfellin 1538 14259 0.0 0.0 24112 1124 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1651 14264 0.0 0.0 2128 812 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvfekblom hpansund 14270 0.0 0.0 2128 848 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d hpansund 1228 14273 0.0 0.0 2128 820 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpvfraser dovecot 14277 0.1 0.0 3648 1800 ? S 08:42 0:00 imap-login 1651 14287 0.0 0.0 2128 304 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvfekblom 1651 14288 0.0 0.0 24112 1132 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 hpansund 14294 0.0 0.0 2128 340 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d hpansund hpansund 14295 0.0 0.0 24112 1172 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 shrjohn 14300 0.0 0.0 2128 796 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d shrjohn 1228 14312 0.0 0.0 2128 312 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpvfraser 1228 14313 0.0 0.0 24112 1148 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1338 14319 0.0 0.0 2128 828 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d biansambucci 1204 14324 0.0 0.0 2128 816 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d jill.turpin shrjohn 14330 0.0 0.0 2128 288 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d shrjohn shrjohn 14331 0.0 0.0 24112 1128 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1684 14344 0.0 0.0 2128 812 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvkmontgomery 1338 14367 0.0 0.0 2128 320 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d biansambucci 1338 14368 0.0 0.0 24112 1148 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1204 14374 0.0 0.0 2128 308 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d jill.turpin 1204 14375 0.0 0.0 24112 1140 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1205 14378 0.0 0.0 2128 816 ? Ss 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d dee.trebus 1684 14387 0.0 0.0 2128 304 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvkmontgomery 1684 14388 0.0 0.0 24112 1136 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1205 14396 0.0 0.0 2128 308 ? S 08:42 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d dee.trebus 1205 14397 0.0 0.0 24112 1140 ? S 08:42 0:00 /usr/bin/spamc -s 10485760 1338 14403 0.0 0.0 2128 812 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d biansambucci postfix 14419 0.0 0.0 5420 1684 ? S 08:43 0:00 scache -l -t unix -u -c postfix 14423 0.1 0.0 5560 1980 ? S 08:43 0:00 smtp -t unix -u -c postfix 14426 0.0 0.0 5560 1976 ? S 08:43 0:00 smtp -t unix -u -c postfix 14433 0.0 0.0 5560 2012 ? S 08:43 0:00 smtp -t unix -u -c 1338 14440 0.0 0.0 2128 304 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d biansambucci 1338 14441 0.0 0.0 24112 1136 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 postfix 14472 0.0 0.0 5560 1996 ? S 08:43 0:00 smtp -t unix -u -c postfix 14478 0.0 0.0 5560 1976 ? S 08:43 0:00 smtp -t unix -u -c postfix 14479 0.0 0.0 5560 1988 ? S 08:43 0:00 smtp -t unix -u -c 1163 14484 0.0 0.0 2128 804 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turlfenwi postfix 14485 0.0 0.0 5560 1976 ? S 08:43 0:00 smtp -t unix -u -c 1330 14490 0.0 0.0 2128 804 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d biatgrady caplpell 14503 0.0 0.0 2128 796 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d caplpell www-data 14509 0.3 0.2 34212 10688 ? S 08:43 0:00 /usr/sbin/apache2 -k start 1163 14513 0.0 0.0 2128 296 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turlfenwi 1163 14514 0.0 0.0 24112 1128 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 1330 14529 0.0 0.0 2128 296 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d biatgrady 1330 14530 0.0 0.0 24112 1128 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 caplpell 14539 0.0 0.0 2128 288 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d caplpell caplpell 14540 0.0 0.0 24112 1124 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 turcwein 14541 0.0 0.0 2128 808 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turcwein 1667 14551 0.0 0.0 2128 816 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvjcerto turcwein 14559 0.0 0.0 2128 300 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turcwein turcwein 14560 0.0 0.0 24112 1128 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 1667 14569 0.0 0.0 2128 308 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvjcerto 1667 14570 0.0 0.0 24112 1136 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 1659 14579 0.0 0.0 2128 840 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvmtarvin 1661 14586 0.0 0.0 2680 1224 ? S 08:43 0:00 imap 1659 14591 0.0 0.0 2128 332 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvmtarvin 1659 14592 0.0 0.0 24112 1164 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 1206 14616 0.0 0.0 2128 804 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bonita.stein 1206 14630 0.0 0.0 2128 296 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bonita.stein 1206 14631 0.0 0.0 24112 1128 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 1601 14634 0.0 0.0 2128 888 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d claudia.vaccaro turkshur 14637 0.0 0.0 2128 808 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turkshur 1601 14647 0.0 0.0 2128 380 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d claudia.vaccaro 1601 14648 0.0 0.0 24112 1212 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 turkshur 14654 0.0 0.0 2128 300 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turkshur turkshur 14655 0.0 0.0 24112 1132 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 turjclar 14657 0.0 0.0 2128 808 ? Ss 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turjclar turjclar 14665 0.0 0.0 2128 300 ? S 08:43 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turjclar turjclar 14666 0.0 0.0 24112 1132 ? S 08:43 0:00 /usr/bin/spamc -s 10485760 1193 14673 0.0 0.0 2128 796 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turadiame 1193 14681 0.0 0.0 2128 288 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turadiame 1193 14682 0.0 0.0 24112 1128 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 1197 14690 0.0 0.0 2128 816 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turmalden caplrcas 14698 0.0 0.0 2128 800 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d caplrcas liz.gray 14702 0.0 0.0 2128 812 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d liz.gray 1197 14719 0.0 0.0 2128 308 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turmalden 1197 14720 0.0 0.0 24112 1136 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 m3rinfo2 14730 0.0 0.0 2128 828 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d m3rinfo2 caplrcas 14737 0.0 0.0 2128 292 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d caplrcas caplrcas 14738 0.0 0.0 24112 1128 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 bogadavi 14742 0.0 0.0 2128 796 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bogadavi liz.gray 14749 0.0 0.0 2128 304 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d liz.gray liz.gray 14750 0.0 0.0 24112 1136 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 m3rinfo2 14757 0.0 0.0 2128 320 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d m3rinfo2 m3rinfo2 14758 0.0 0.0 24112 1152 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 bogadavi 14764 0.0 0.0 2128 288 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bogadavi bogadavi 14765 0.0 0.0 24112 1128 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 1254 14772 0.0 0.0 2128 832 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpmhill 1254 14781 0.0 0.0 2128 324 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpmhill 1254 14782 0.0 0.0 24112 1152 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 postfix 14788 0.0 0.0 5448 1764 ? S 08:44 0:00 bounce -z -t unix -u -c mlbiharo 14800 0.0 0.0 2128 816 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d mlbiharo www-data 14839 0.4 0.2 34344 12528 ? S 08:44 0:00 /usr/sbin/apache2 -k start mlbiharo 14846 0.0 0.0 2128 308 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d mlbiharo mlbiharo 14847 0.0 0.0 24112 1140 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 postfix 14852 0.3 0.0 6472 3480 ? S 08:44 0:00 smtpd -n smtp -t inet -u -c -o stress -o smtpd_sasl_auth_enable yes 1498 14859 0.0 0.0 2296 1080 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d pavepfstires 1498 14887 0.0 0.0 2296 572 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d pavepfstires 1498 14888 0.0 0.0 24112 1292 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 www-data 14892 0.4 0.2 34344 11804 ? S 08:44 0:00 /usr/sbin/apache2 -k start www-data 14893 0.5 0.3 39968 19176 ? S 08:44 0:00 /usr/sbin/apache2 -k start www-data 14894 0.1 0.2 34212 10764 ? S 08:44 0:00 /usr/sbin/apache2 -k start www-data 14898 0.3 0.2 34212 10688 ? S 08:44 0:00 /usr/sbin/apache2 -k start www-data 14900 0.5 0.2 35904 14648 ? S 08:44 0:00 /usr/sbin/apache2 -k start www-data 14901 0.6 0.2 34212 11484 ? S 08:44 0:00 /usr/sbin/apache2 -k start mlbiharo 14907 0.0 0.0 2128 816 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d mlbiharo mlbiharo 14923 0.0 0.0 2128 308 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d mlbiharo mlbiharo 14924 0.0 0.0 24112 1140 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 1241 14935 0.0 0.0 2276 1056 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpcedgar shrjohn 14944 0.0 0.0 2128 828 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d shrjohn 1112 14948 0.0 0.0 2128 800 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d gucarstaff root 14950 0.0 0.0 8060 2628 ? Ss 08:44 0:00 sshd: administrator [priv] 1000 14961 0.8 0.0 8196 1612 ? S 08:44 0:00 sshd: administrator@pts/1 1000 14965 0.2 0.0 5976 3392 pts/1 Ss 08:44 0:00 -bash 1241 14987 0.0 0.0 2276 548 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpcedgar 1241 14988 0.0 0.0 24112 1272 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 dovecot 14993 0.1 0.0 3648 1800 ? S 08:44 0:00 imap-login shrjohn 15002 0.0 0.0 2128 320 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d shrjohn shrjohn 15003 0.0 0.0 24112 1160 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 1112 15009 0.0 0.0 2128 292 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d gucarstaff 1112 15010 0.0 0.0 24112 1124 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 root 15013 0.0 0.0 3672 1204 pts/1 S 08:44 0:00 su ncjrjose 15014 0.0 0.0 2128 808 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d ncjrjose ncjrjose 15026 0.0 0.0 2128 300 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d ncjrjose ncjrjose 15027 0.0 0.0 24112 1128 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 rjrdon 15032 0.0 0.0 2128 804 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d rjrdon root 15037 0.4 0.0 4168 1808 pts/1 S 08:44 0:00 bash 1330 15047 0.0 0.0 2128 824 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d biatgrady 1112 15054 0.0 0.0 2128 812 ? Ss 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d gucarstaff rjrdon 15062 0.0 0.0 2128 296 ? S 08:44 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d rjrdon rjrdon 15063 0.0 0.0 24112 1128 ? S 08:44 0:00 /usr/bin/spamc -s 10485760 1667 15075 0.0 0.0 2128 800 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvjcerto 1330 15083 0.0 0.0 2128 316 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d biatgrady 1330 15084 0.0 0.0 24112 1144 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 1112 15090 0.0 0.0 2128 304 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d gucarstaff 1112 15091 0.0 0.0 24112 1128 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 1667 15097 0.0 0.0 2128 292 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tarvjcerto 1667 15098 0.0 0.0 24112 1128 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 caprobc 15112 0.0 0.0 2128 808 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d caprobc caprobc 15145 0.0 0.0 2128 300 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d caprobc caprobc 15146 0.0 0.0 24112 1128 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 guccarol 15150 0.0 0.0 2128 804 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d guccarol tursmill 15164 0.0 0.0 2128 808 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tursmill 1163 15167 0.0 0.0 2128 840 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turlfenwi guccarol 15175 0.0 0.0 2128 296 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d guccarol guccarol 15176 0.0 0.0 24112 1128 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 dovecot 15180 0.4 0.0 3648 1796 ? S 08:45 0:00 imap-login tursmill 15196 0.0 0.0 2128 300 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tursmill tursmill 15197 0.0 0.0 24112 1132 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 guccarol 15205 0.1 0.0 2128 808 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d guccarol dovecot 15216 0.5 0.0 3648 1796 ? S 08:45 0:00 imap-login 1163 15217 0.0 0.0 2128 332 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turlfenwi 1163 15218 0.0 0.0 24112 1160 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 postfix 15227 0.1 0.0 5416 1728 ? S 08:45 0:00 error -t unix -u -c blaurob 15228 0.0 0.0 2128 816 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d blaurob turpswag 15231 0.0 0.0 2128 800 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpswag guccarol 15242 0.0 0.0 2128 300 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d guccarol guccarol 15243 0.0 0.0 24112 1124 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 blaurob 15249 0.0 0.0 2128 308 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d blaurob blaurob 15250 0.0 0.0 24112 1140 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 1217 15259 0.0 0.0 2128 800 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bridget.child turpswag 15266 0.0 0.0 2128 292 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpswag turpswag 15267 0.0 0.0 24112 1124 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 1217 15270 0.0 0.0 2128 808 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bridget.child www-data 15278 0.4 0.2 34212 10680 ? S 08:45 0:00 /usr/sbin/apache2 -k start 1217 15279 0.0 0.0 2128 292 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bridget.child 1217 15280 0.0 0.0 24112 1124 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 www-data 15285 0.6 0.2 34212 10584 ? S 08:45 0:00 /usr/sbin/apache2 -k start 1217 15293 0.0 0.0 2128 300 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d bridget.child 1217 15294 0.0 0.0 24112 1136 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 rich 15303 0.0 0.0 2128 824 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d rich rich 15311 0.0 0.0 2128 316 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d rich rich 15312 0.0 0.0 24112 1148 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 dovecot 15320 0.1 0.0 3508 1564 ? S 08:45 0:00 imap-login turpinfo 15330 1.9 0.0 2772 1432 ? S 08:45 0:01 imap turbbari 15332 0.2 0.0 2824 1360 ? S 08:45 0:00 imap 1201 15336 2.2 0.0 2744 1380 ? S 08:45 0:01 imap rich 15338 0.0 0.0 2128 796 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d rich rich 15355 0.0 0.0 2128 288 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d rich rich 15356 0.0 0.0 24112 1124 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 tursmill 15376 0.0 0.0 2128 808 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tursmill tursmill 15384 0.0 0.0 2128 300 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d tursmill tursmill 15385 0.0 0.0 24112 1128 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 turcvan 15386 0.0 0.0 2128 808 ? Ss 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turcvan turcvan 15394 0.0 0.0 2128 300 ? S 08:45 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turcvan turcvan 15395 0.0 0.0 24112 1140 ? S 08:45 0:00 /usr/bin/spamc -s 10485760 hydesbul 15402 0.3 0.0 2128 812 ? Ss 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d hydesbul 1220 15406 0.0 0.0 2128 804 ? Ss 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpdross hydesbul 15425 0.0 0.0 2128 304 ? S 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d hydesbul hydesbul 15426 0.0 0.0 24112 1136 ? S 08:46 0:00 /usr/bin/spamc -s 10485760 postfix 15428 0.2 0.0 6472 3532 ? S 08:46 0:00 smtpd -n smtps -t inet -u -c -o stress dinamerc 15431 0.1 0.0 2128 808 ? Ss 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d dinamerc dovecot 15444 0.3 0.0 3500 1556 ? S 08:46 0:00 pop3-login www-data 15445 2.1 0.2 35876 14572 ? S 08:46 0:00 /usr/sbin/apache2 -k start dovecot 15456 0.3 0.0 3500 1560 ? S 08:46 0:00 pop3-login 1220 15462 0.0 0.0 2128 296 ? S 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpdross 1220 15463 0.0 0.0 24112 1128 ? S 08:46 0:00 /usr/bin/spamc -s 10485760 www-data 15469 1.6 0.2 34212 10584 ? S 08:46 0:00 /usr/sbin/apache2 -k start dinamerc 15477 0.0 0.0 2128 300 ? S 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d dinamerc dinamerc 15478 0.0 0.0 24112 1128 ? S 08:46 0:00 /usr/bin/spamc -s 10485760 turppert 15479 0.0 0.0 2128 836 ? Ss 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turppert 1162 15487 1.6 0.0 5508 1600 ? S 08:46 0:00 imap dinamerc 15493 0.3 0.0 2128 796 ? Ss 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d dinamerc turppert 15496 0.0 0.0 2128 328 ? S 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turppert turppert 15497 0.0 0.0 24112 1156 ? S 08:46 0:00 /usr/bin/spamc -s 10485760 dovecot 15500 0.7 0.0 3500 1584 ? S 08:46 0:00 pop3-login dinamerc 15515 0.0 0.0 2128 288 ? S 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d dinamerc dinamerc 15516 0.0 0.0 24112 1124 ? S 08:46 0:00 /usr/bin/spamc -s 10485760 dovecot 15521 0.7 0.0 3508 1560 ? S 08:46 0:00 imap-login 1213 15525 0.1 0.0 2128 804 ? Ss 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d karen.tourville www-data 15529 1.2 0.2 34212 10820 ? S 08:46 0:00 /usr/sbin/apache2 -k start 1213 15534 0.0 0.0 2128 296 ? S 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d karen.tourville 1213 15535 0.0 0.0 24112 1132 ? S 08:46 0:00 /usr/bin/spamc -s 10485760 www-data 15537 1.2 0.2 34212 10568 ? S 08:46 0:00 /usr/sbin/apache2 -k start 1213 15548 0.3 0.0 2128 800 ? Ss 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d karen.tourville dovecot 15554 1.1 0.0 3508 1564 ? S 08:46 0:00 imap-login turpblus 15558 1.0 0.0 2128 804 ? Ss 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpblus 1213 15567 0.0 0.0 2128 292 ? S 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d karen.tourville 1213 15568 0.6 0.0 24112 1128 ? S 08:46 0:00 /usr/bin/spamc -s 10485760 root 15572 1.0 0.0 2128 808 ? Ss 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turppert root 15574 0.0 0.0 2128 304 ? S 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turppert root 15575 1.5 0.0 3944 2196 ? S 08:46 0:00 /usr/bin/perl /usr/share/webmin/virtual-server/lookup-domain.pl turppert root 15577 31.0 0.0 2648 1016 pts/1 R+ 08:46 0:00 ps auxw turpblus 15584 0.0 0.0 2128 296 ? S 08:46 0:00 /usr/bin/procmail-wrapper -o -a rjrwebserver1.rjrsolutions.net -d turpblus turpblus 15585 0.0 0.0 24112 1124 ? S 08:46 0:00 /usr/bin/spamc -s 10485760 www-data 15586 0.0 0.2 34212 10560 ? S 08:46 0:00 /usr/sbin/apache2 -k start root 15588 0.0 0.0 2032 640 ? R 08:46 0:00 repquota -u -v /home root 15589 0.0 0.0 2212 616 ? R 08:46 0:00 /usr/sbin/dovecot

MAILQ -- 8250 Kbytes in 284 Requests.

UPTIME 08:47:49 up 32 min, 2 users, load average: 17.52, 14.15, 12.54

NETSTAT 214 127.0.0.1 15 66.246.47.103 7 75.147.91.105 5 96.57.130.42 4 74.56.65.81 4 70.44.105.217 3 98.230.118.161 3 70.230.149.31 3 68.39.229.76 3 207.99.0.2 3 207.99.0.1 3 174.252.9.240 3 166.137.138.68 2 98.94.190.115 2 98.250.95.44 2 98.109.75.69 2 89.111.69.62 2 84.94.109.25 2 76.93.207.222 2 76.178.234.57 2 76.111.68.253 2 74.82.86.184 2 74.82.82.199 2 74.105.5.91 2 72.205.252.224 2 69.39.49.26 2 69.34.161.70 2 69.23.222.130 2 68.45.208.194 2 68.14.134.15 2 67.219.175.22 2 67.197.85.24 2 67.191.116.233 2 50.92.141.223 2 41.135.197.82 2 24.178.69.195 2 223.176.63.52 2 198.228.233.44 2 193.238.180.204 2 174.69.193.93 2 174.252.22.183 2 166.205.13.254 2 166.137.139.6 2 157.55.39.88 1 servers) 1 Address 1 99.73.217.200 1 99.151.47.138 1 99.149.195.128 1 99.136.192.253 1 99.13.53.78 1 98.83.238.76 1 98.253.185.230 1 98.221.21.228 1 98.140.160.105 1 98.140.131.76 1 98.114.71.70 1 96.56.204.100 1 96.44.246.103 1 96.250.212.83 1 96.239.228.18 1 95.6.26.218 1 95.199.24.102 1 94.75.107.158 1 94.228.210.228 1 94.228.210.157 1 94.123.51.27 1 89.179.2.175 1 88.247.115.38 1 88.192.24.228 1 85.250.151.83 1 84.229.10.104 1 82.81.204.188 1 81.31.108.69 1 79.141.98.235 1 79.105.239.162 1 78.250.147.116 1 78.101.149.23 1 77.127.46.178 1 76.96.30.56 1 76.3.11.48 1 76.24.62.232 1 76.193.187.206 1 76.187.57.184 1 76.187.125.229 1 76.168.252.55 1 76.166.143.249 1 76.109.97.58 1 75.74.219.22 1 75.176.11.16 1 74.82.87.69 1 74.82.87.247 1 74.82.87.221 1 74.82.87.186 1 74.82.87.171 1 74.82.86.67 1 74.82.86.253 1 74.82.86.190 1 74.82.86.125 1 74.82.85.97 1 74.82.85.191 1 74.82.85.135 1 74.82.85.134 1 74.82.84.183 1 74.82.84.169 1 74.82.84.158 1 74.82.83.223 1 74.82.83.213 1 74.82.82.74 1 74.82.82.247 1 74.82.82.226 1 74.82.82.198 1 74.82.82.190 1 74.82.82.188 1 74.82.82.133 1 74.82.81.226 1 74.82.81.185 1 74.82.81.164 1 74.82.81.140 1 74.82.81.138 1 74.82.81.124 1 74.82.81.110 1 74.82.80.67 1 74.82.80.209 1 74.82.80.157 1 74.82.80.132 1 74.70.223.123 1 74.215.246.42 1 74.195.119.238 1 74.125.93.27 1 74.101.138.130 1 72.26.195.70 1 72.249.5.64 1 72.230.115.197 1 72.184.133.67 1 71.239.157.249 1 71.235.26.242 1 71.21.234.201 1 71.179.123.98 1 71.177.72.218 1 71.12.226.55 1 70.62.57.214 1 70.60.99.82 1 70.126.41.16 1 70.114.211.212 1 69.164.100.172 1 69.127.106.100 1 69.124.171.114 1 69.114.161.52 1 68.236.182.214 1 68.226.209.231 1 68.217.198.121 1 68.194.61.127 1 68.194.205.220 1 68.150.214.6 1 68.104.159.212 1 67.85.147.143 1 67.232.102.16 1 66.85.190.158 1 66.85.190.157 1 66.85.190.153 1 66.85.190.147 1 66.85.132.11 1 66.168.218.243 1 65.213.16.211 1 64.66.17.90 1 62.0.2.215 1 46.105.252.205 1 41.174.14.202 1 38.101.213.202 1 24.96.124.175 1 24.56.196.169 1 24.30.41.81 1 24.236.122.252 1 24.160.89.82 1 24.155.234.114 1 220.255.2.65 1 219.86.99.170 1 218.186.18.225 1 218.113.202.32 1 213.139.60.68 1 210.223.88.32 1 208.83.139.204 1 208.83.137.118 1 208.107.187.12 1 205.251.134.191 1 202.104.183.232 1 196.2.126.176 1 192.88.212.69 1 186.239.100.137 1 184.78.4.68 1 184.1.84.216 1 184.171.243.120 1 184.14.204.240 1 174.99.18.78 1 174.50.8.212 1 174.47.134.159 1 174.252.23.11 1 174.252.21.82 1 174.252.16.166 1 174.252.11.60 1 174.113.51.51 1 173.80.221.52 1 173.70.20.204 1 173.63.65.253 1 173.3.69.142 1 173.219.111.7 1 173.2.1.111 1 167.206.4.199 1 166.137.139.221 1 157.55.2.17 1 151.196.62.125 1 125.255.11.222 1 121.245.132.174 1 119.154.95.200 1 118.96.249.165 1 108.93.38.26 1 108.89.180.108 1 108.56.193.4 1 108.5.140.74 1 108.50.220.109 1 108.35.192.200 1 108.35.128.62 1 108.35.124.230 1 108.0.75.124

Okay, so there are a bunch of emails in your mail queue, which is likely the source of your high CPU load. And due to that, Postfix has generated a lot of processes.

Outside of that -- I don't notice any unusual processes in that list. Are you seeing any that are out of the ordinary?

This likely means that the source of your problems is one of three:

  1. Someone has compromised one of your email accounts, and is using it to send spam

  2. Someone has compromised one of your web apps, and is using it to send spam

  3. Someone is sending a completely harmless newsletter via something like phpList or one of the Joomla modules

The next step is to review the mail queue while there's still a lot of email in it (there's over 200 messages at the moment), and to see if there's one user in particular who has a lot of email in it. That user is likely the culprit :-)

Then, the key is to look at the message itself, and determine whether it's spam or a legitimate newsletter.

If it is spam, we can then use the headers to determine where it's coming from -- whether it's being sent via a compromised email account, or from a web app.

Hi Eric,

From Don (me) the sysadmin:

Rich gave you a very good description of the problem. I am stumped as I try to find the cause. As per your items to check:

1.) I run a pflogsumm report nightly, and parse it for the client-emails sent totals. This parsed version I email to myself to check for any user that might be sending spam. Now I wish I also sent myself the unparsed version. I need the totals to compare.

2.) The php mail function uses sendmail, so I put that in a wrapper that logs any email sent from any website. There is currently a negligible amount of activity there.

3.) Newsletter broadcasting is something we do not allow from our server. We direct them towards a provider like constant contact. If someone is doing it, do you have a command that would parse the output of mailq and give me a per-user total?

I am running pflogsumm on one of the zipped logs, from a day that the server was normal, to compare the totals to today. Maybe a spam attack? Unlikely. :-(

We have already started going through and trying to determine if we are getting a spike in email from on of the three items. We've been sifting through them all day. Trying to determine if the server is supposed to be this slow. Something does seem wrong though. We've been running for 2-3 years on a Quad core with 12GB RAM and RAID 5 SAS drives, but it is running under VMWare and we have about 5.5GB Ram allocated. We are considering allocating more ram to it to see if that helps, but need to cycle the VM to do that.

We'll probably do that on off peak hours. The server does seem to catch up after hours but the CPU load remains rather high. We are used to between 0.1 and 1.5 usage and not see it as high at 17.

Ok the pflogsumm reports finally made it through my super-dog-slow email system, only to show me that email volume is 3x normal. We normally average 1500 emails/hour at peak. We are currently experiencing 5000+ emails/hour. Funny thing, the adjustments I made yesterday to some processes that were consuming resources seemed to have made a difference. We never went above 570 in the queue today even though we are about 25% higher load than yesterday, when we had 1600 emails stuck in the queue. Something just happened, though. The queue is now empty and the CPU load is dropping steadily. Crisis averted? Fills me with trepidation....

ok, the final analysis. About 2 hours ago, I ran: netstat -anp|grep tcp|awk '{print $5}'| cut -d : -f1|sort|uniq -c|sort -n to detect a DOS attack. There was one entry: 10 188.234.236.169 This is much higher than our largest local isp! (comcast was a 3) I did an ip lookup, and found that the server was from Russia. I issued the following: ip ro add blackhole 188.234.236.169 I checked the mail queue again, (qshape command), and it was still backlogged. Of course! The queue was going to take 2 hours to clear! Then all of a sudden everything went clear, the queue was empty, and the CPU load, although still a bit higher than I would like, was approaching normal as everything caught up. It took me a while to remember that I blocked that IP address. I post this here with the commands I used in case anyone else experiences this sort of problem.

Peeps from Virtualmin, thank you as always for the amazingly fast response, and the good ideas. Since we installed Virtualmin, there is very little that I have to do from the command line, except for days like today, where everything gets fouled up. Such a nice piece of software!

Don (sysadmin)

I'm glad you got things sorted out!

I'd still suggesting keeping an eye on things, as if a computer can remotely generate spam using your server, it may just be a matter of time before a different IP connects and does the same thing.

If it happens to occur again -- you can review the headers from an email in your mail queue. We can help with that.

Using those headers, we can work to figure out how those emails are being generated.

But in the meantime, we hope you enjoy the calm :-)

Well, so much for calm. Apparently that IP was not necessarily the cause, but possibly just part of the problem. We have suspicion that Spamd is running very hot and keeping CPU utilization very high. We're looking at all possible causes, including whether there is some sort of grooming that may be needed for the email system.

We're at the point of trying to determine if the CPU utilization is causing the email slowdown, or the email is causing the high CPU utilization. We're still looking through everything. Although QShape shows that email is flowing, the server still has very high utilization. Still feel Spamd is causing the problem somewhere.

Well, how many messages are in your mail queue now?

You can determine that by running this command:

mailq | tail -1

That's the thing. Not much email at all.

-- 3988 Kbytes in 104 Requests.

Running TOP shows mainly Spamd, but other high CPU utilization. Very odd. Here's a snapshot of TOP

top - 15:02:53 up 1 day, 6:47, 3 users, load average: 10.67, 16.02, 13.56 Tasks: 624 total, 7 running, 616 sleeping, 0 stopped, 1 zombie Cpu(s): 38.8%us, 49.8%sy, 0.0%ni, 0.0%id, 0.3%wa, 1.5%hi, 9.6%si, 0.0%st Mem: 5019856k total, 4575496k used, 444360k free, 386620k buffers Swap: 0k total, 0k used, 0k free, 3120752k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
450 pavepfst 20 0 95864 91m 2496 R 22 1.9 3:06.97 spamd
7385 root 20 0 42448 39m 1548 R 19 0.8 141:41.13 lookup-domain-d
13145 turlwint 20 0 4196 2288 1616 R 18 0.0 0:00.78 imap
11038 root 20 0 12528 10m 1696 R 13 0.2 0:00.49 lookup-domain.p
12872 root 20 0 38664 35m 2444 R 12 0.7 0:04.43 spamd
12324 turcwein 20 0 38900 35m 2448 R 9 0.7 0:12.07 spamd
4101 root 15 -5 0 0 0 D 8 0.0 102:31.34 kjournald
11578 www-data 20 0 36132 15m 5104 S 8 0.3 0:00.50 apache2
2521 root 15 -5 0 0 0 S 5 0.0 103:35.13 kjournald
13131 www-data 20 0 0 0 0 Z 4 0.0 0:00.16 apache2
12924 root 20 0 2712 1464 864 R 3 0.0 0:00.80 top
9065 mysql 20 0 103m 48m 5164 S 3 1.0 42:42.07 mysqld
11543 www-data 20 0 34508 13m 4568 S 2 0.3 0:00.37 apache2
13161 root 20 0 2128 800 676 S 2 0.0 0:00.06 procmail
13163 root 20 0 3944 2188 1504 S 2 0.0 0:00.06 lookup-domain.p

Well, that's a bit on the high end -- and if there's something going on that's causing messages to go out now, that could be why you're seeing the higher CPU load... SpamAssassin may be overworked, trying to keep up with an influx of messages.

Now that a little time has passed, I'm curious what this command shows again:

mailq | tail -1

SpamAssassin normally doesn't take up a significant amount of CPU, unless it's dealing with a large influx of email at one time.

You may want to review the messages in your queue, and determine if there's one user in particular who's frequently listed as the "to" or "from" of those messages.

Then, you can look at some of the messages to/from that user -- and if they appear to be spam, that might be the source of your problem!

However, one other thing to check is to make sure SpamAssassin is running as a service, and not standalone.

You can set that by going into Email Messages -> Spam and Virus Scanning -- I'd suggest setting "SpamAssassin client program" to "Spamc".

-- 8362 Kbytes in 25 Requests.

It's very strange. We'll be tracking it over the weekend when the load is usually much lower, but something still is not right due to sluggish behavior. I have Don working on it and right now he is looking for a sysadmin that can take a direct look at the server and try to help determine the cause. It's at a point that we are looking at the same stuff and still cannot point to a cause.

If you like, I can log in to take a peek at the issue. I might be able to piece together from some of the emails in your queue there what the cause of that problem is.

If that's okay, you can either enable the Remote Support option of the Virtualmin Support module, or you can email your root login details to eric@virtualmin.com.

That would be great. We are still experiencing extreme delays and I'm thinking we should be offloading the Spamd and Clamd to a separate machine to lessen the burden. Don will reach out to you to coordinate a remote or set up an account for you to access the system to review. It is rather disturbing. Thanks

Where you able to verify that you're using "spamc" in Email Messages -> Spam and Virus Scanning -- I'd suggest setting "SpamAssassin client program"?

If you aren't using spamc, email processing can take a lot more resources, as a new SpamAssassin process is launched for each email.

Same with virus scanning -- in that same screen, you'd want to make sure that "Virus Scanning Program" is set to "Server scanner".

It looks like Don has it set up to run spamd. We have about 900 email accounts.
Here is part of the top command:

5807 cammarga 20 0 50228 46m 2488 R 18 1.0 3:10.55 spamd
6650 turpvfra 20 0 51528 47m 2468 R 17 1.0 2:58.78 spamd
5240 lois.olm 20 0 48704 45m 2472 R 16 0.9 3:19.41 spamd
6666 turpbhay 20 0 48808 45m 2488 D 16 0.9 2:58.97 spamd
5242 mlbiharo 20 0 60808 56m 2492 R 15 1.2 3:16.92 spamd
16030 root 20 0 1932 660 300 R 15 0.0 0:00.53 gzip
16024 turppetr 20 0 12028 10m 1808 S 12 0.2 0:00.43 auto.pl
9756 mysql 20 0 99.3m 29m 4884 S 8 0.6 2:31.58 mysqld
16027 paverite 20 0 21544 6972 4728 S 8 0.1 0:00.29 php5-cgi
16039 turppetr 20 0 2748 1172 920 R 4 0.0 0:00.15 imap
2515 root 15 -5 0 0 0 D 3 0.0 1:53.72 kjournald
4989 postgrey 20 0 11284 8500 2816 R 3 0.2 0:44.98 postgrey
15967 root 20 0 2712 1524 864 R 3 0.0 0:00.67 top
15653 www-data 20 0 34240 10m 2108 S 3 0.2 0:00.35 apache2

Never mind. It is set as you described above. I believe Don has a swap partitions setup, but when I run TOP, I have: Swap: 0k total, 0k used, 0k free, 1589172k cached

Could this be an issue?

Not having swap shouldn't be causing the problem you're seeing. Out of curiosity though, what does "free -m" show?

900 account is a decent amount of accounts, it's possible you're just seeing a high email volume, requiring SpamAssassin and ClamAV to do extra work.

Moving those to another server would be something to try.

How many messages are you receiving per day?

We have started to experience the delays again. Had Canonical connect. We followed some posts for fine tuning the system (Postfix, etc) but there is one item that appears to be consuming a high amount of CPU and possibly causing the delay. Here is the information from Canonical and they suggest speaking with you since it is not a core Ubuntu component. So they don;t know the daemon is doing.

FROM CANONICAL: After my first analysis here is what i've found:

  1. It looks like procmail cannot contact the webmin lookup-domain-daemon.pl. Currently lookup-domain-daemon.pl is running at 80% cpu usage all the time. lookup-domain-daemon.pl is a webmin background process for looking up user details.

Looking at the logs (/var/log/procmail.log) I see the following: From CartaSi_Informa@cartasi.it Wed Feb 15 07:30:06 2012 Subject: Conferma Folder: /home/rjrsolutions.com/homes/rjrupdate/Maildir/new/132930927 2295 Time:1329309275 From:CartaSi_Informa@cartasi.it To: User:rjrupdate Size:2353 Dest:/home/rjrsolutions.com/homes/rjrupdate/Maildir/new/1329309274.21152_0.rjrwebserver1.rjrsolutions.net Mode:None Timeout connecting to lookup-domain-daemon.pl Timeout connecting to lookup-domain-daemon.pl Timeout connecting to lookup-domain-daemon.pl Timeout connecting to lookup-domain-daemon.pl Timeout connecting to lookup-domain-daemon.pl

I have found an article [1] on virtualmin.com that suggests some recommendations for high CPU usage issues.

[1] - http://www.virtualmin.com/node/8198

PS: We do not provide support for the webmin product so you will have to contact the webmin support. I can help you with the non webmin tuning changes.

We were able to restart the lookup-domain-daemon.pl daemon and the system appears to be running at a better resources level. Do you know if there are issues with this daemon?

How often are you seeing those timeout issues?

For example, what output does this produce:

zgrep Timeout /var/log/procmail* | wc -l

Jamie said that he is going to rework the code for the lookup-domain.pl program to be able to run faster -- it's currently a single-threaded program, he's going to turn it into a multi-threaded program.

That should assist in making sure that it's not acting as a bottleneck on a high traffic server, which will hopefully resolve the issues you're seeing.

That's great. Sorry for the delayed response. The problem seems to occur every few months and we're not quite sure what's causing it. I'm been keeping an eye on the server and it's seems to be behaving now. Look forward to the rewrite.

BTW, this fix has been implemented for inclusion in Virtualmin 3.91.

Great. I'll wait to hear when it's available.

Automatically closed -- issue fixed for 2 weeks with no activity.