The mail relay for a defunct ISP with some 20k users has between 100k and 200k
instances of sendmail journaled per day. At any point in time, there are about
1k entries in the host's proctable, 80% are the MTA, and a few connections/sec
to port 25, with default MTA rules for open-relays, blacklists, etc.

The host is an E250, running Solaris 2.6, with historically problematic
roll-your-own-RAID. The load average is nearly zero. iostat and vmstat
show nominal load, only 700 users are actually "getting mail", and with
a multi-day delay observed anectdotally.


Asymetric dns (forward and reverse paths with differing SOAs), plus rate
limiting at the access router for all forward maps, can result in serious

Fixing the CTO's dns brought the proctable count down to sub-100. For what
it is worth, this is the most horked machine I've ever seen.

I decided not to try and explain this one.

From the post to nanog of the 25th, "Gifts for a CTO who has everything ..."

(nmap has side effects)

"Does life get any better than this"

Best humor reply:

  Setup peering with a new provider that PROXY ARPs all your

Second place (tie): LART the sucker, and the perenial foam bat.

Best psychology reply:

  ... find a high-intensity clueino source?
  But clueinos interact very weakly with that sort of matter...

The CTO's actual reply was "Do we have load that high? Were we being
attacked by some script kiddies?? Very, very weak interaction.