Editing Parallels Plesk Qmail Error

From SuperbHosting.net Support Wiki

Symptoms

• The server will slow to a crawl.
• Email may stop working entirely.

Logging in and running top will show 5+ qmail-smtpd processes that consume the entire CPU(s):

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
28141 qmaild    25  0  4600 1376 1168 R  27  0.1  0:28.09 qmail-smtpd
27851 qmaild    25  0  4708 1372 1168 R  26  0.1  1:23.48 qmail-smtpd
28268 qmaild    25  0  3948 1372 1168 R  24  0.1  0:05.79 qmail-smtpd
27507 qmaild    25  0  4468 1372 1168 R  23  0.1  1:56.58 qmail-smtpd
28244 qmaild    25  0  4520 1372 1168 R  20  0.1  0:06.82 qmail-smtpd
28045 qmaild    25  0  3820 1376 1168 R  20  0.1  0:48.50 qmail-smtpd
28117 qmaild    25  0  3724 1372 1168 R  20  0.1  0:33.20 qmail-smtpd
28118 qmaild    25  0  4452 1372 1168 R  20  0.1  0:33.59 qmail-smtpd
28163 qmaild    25  0  5200 1380 1168 R  20  0.1  0:25.30 qmail-smtpd

How to Fix It

service psa stopall
cd /var/qmail/control && cp dhparam1024.pem dh1024.pem && cp dhparam512.pem dh512.pem
service psa start

Commands Explained

service psa stopall

The is the command to completely shut down Parallels Plesk while you work on the server. If this does not work, or the server is too unresponsive to work via SSH, you may need to run the cp operations from single-user mode at the console.

cd /var/qmail/control && cp dhparam1024.pem dh1024.pem && cp dhparam512.pem dh512.pem

This replaces a missing pair of server SSL certificates needed by qmail for TLS transactions.

service psa start

This will restart all Parallels Plesk services once the restoration is complete.

Verify Your Work

You may verify that qmail is functioning properly by sending a test message using the TLS layer to encrypt the transaction. If the CPU load stays "normal" (under 50 percent utilized) the problem is solved.

Details

• Normally, if I were to send mail using the TLS layer, the server would have a default SSL certificate that it uses for all mail transactions. This is usually generated by Parallels Plesk during installation, and used after that without problems. For whatever reason, these certificates were not present on the server where they normally reside under /var/qmail/control as dh512.pem and dh1024.pem, and so any mail transaction that used the encrypted layer required the server to generate a certificate for one-time use on that transaction.
• This method of processing mail places an extreme load on the CPU, and if enough users connected, it will get to the point of maximizing the processor and slowing down/crashing the server.
• This seems to be a bug mostly affecting users of Plesk 8.1.x on Linux.

Reference

• SWSoft Forums