Lotus Protector Forum : Very low performance after every 6-7 days

Hello,

Since, almost fresh installation (4 months) we have some problems with protector performance.
It can run well for 6-7 days and after that period it is going slower and slower in filtering mails.
We can observe than the larger amount of messages in unchecked queue (30-40). Messages that are normally processing in seconds, now are processing in 20 minutes.
After restart there is all well for another 6-7 days.

Here are few lines from log /var/log/messages:
-----------------------------------------------

Feb 13 11:28:23 protector pvmail[8360]: id=MS time="2012-2-13 11:28:23" fw=protector pri=6 issueid=6000011 name=MSM_StartStop msg="Killing process 8367, not terminated within 91 seconds"
Feb 13 11:28:27 protector sd-xmail[4092]: [I] Stopping service xmail
Feb 13 11:28:29 protector XMail[8592]: Error connecting to socket /tmp/zla.socket (Network kernel error / (111) Connection refused)
Feb 13 11:28:29 protector XMail[8592]: SMTP filter error (-1): Filter = "@/tmp/zla.socket"
Feb 13 11:28:29 protector XMail[8592]: Error connecting to socket /etc/mailsec/ipc.socket (Network kernel error / (111) Connection refused)
Feb 13 11:28:34 protector pvmail[8360]: id=MS time="2012-2-13 11:28:34" fw=protector pri=6 issueid=6000011 name=MSM_StartStop msg="Mail Security (Version mailsec 2.7-1 (built Nov 1 2010)) shutdown sequence completed."
Feb 13 11:28:44 protector [I] mailsecd[30147]: using: DCA_BIN_DIR=/var/lib/dca/bin/linux DCA_INIT_DIR=/var/lib/dca/init DCA_LOG_DIR=/var/log/mailsec/dca
Feb 13 11:28:51 protector qreportd[30239]: Reload config /usr/sbin/qreport
Feb 13 11:28:53 protector qreportd[4050]: End /usr/sbin/qreport rc=0

Feb 13 11:28:54 protector pvmail[30185]: id=MS time="2012-2-13 11:28:54" fw=protector pri=6 issueid=6000011 name=MSM_StartStop msg="MailSecurity: StandAlone '127.0.0.1' (hostid=AB576C74-9882-4799-9255-88AFC9E8E4F5)"
Feb 13 11:28:58 protector ldap_smtpextractor: Starting extraction of directory 6E48E5E0-81FD-4945-AB5C-82EA3B26ADF5_8F054FFD-E99F-43FB-8BD7-BAC4A25AA889
Feb 13 11:28:58 protector ldap_smtpextractor: Directory 6E48E5E0-81FD-4945-AB5C-82EA3B26ADF5_8F054FFD-E99F-43FB-8BD7-BAC4A25AA889 is already being extracted - skipping execution
Feb 13 11:28:58 protector ldap_smtpextractor: Extraction of directory 6E48E5E0-81FD-4945-AB5C-82EA3B26ADF5_8F054FFD-E99F-43FB-8BD7-BAC4A25AA889 finished with 0 (346 addresses extracted)
Feb 13 11:29:03 protector XMail[30415]: XMail 1.27mod32-ISS, built Nov 30 2010, 17:48:50 starting
Feb 13 11:29:03 protector qreportd[4050]: Update config from config/20120213_102849_143.cfg
Feb 13 11:29:03 protector qreportd[4050]: Starting /usr/sbin/qreport -iqreport.ini -cqreport.conf -l/cache/mailsec/logs
Feb 13 11:29:04 protector pvmail[30185]: id=MS time="2012-2-13 11:29:04" fw=protector pri=3 issueid=1000002 name=System_Error msg="Found 2 email(s) in '/etc/xmail/spool/unchecked/processing/', moving to SMTP out directory (emails where most probably not processed correctly in the previous run of the appliance) and a copy to '/etc/xmail/spool/unchecked/unprocessable.processing'"
Feb 13 11:29:04 protector pvmail[30185]: id=MS time="2012-2-13 11:29:04" fw=protector pri=6 issueid=6000011 name=MSM_StartStop msg="Mail Security (Version mailsec 2.7-1 (built Nov 1 2010)) startup sequence completed."
Feb 13 11:29:32 protector issCSF[4169]: (Proventia_MSS-Series) - [INFO]Started
Feb 13 11:29:43 protector pvmail[30185]: id=update time="2012-2-13 11:29:43" fw=protector pri=6 issueid=7000001 op=install name=Update_Installation msg="Successfully installed file(s) sf_zla_shinglebayes"
Feb 13 11:29:56 protector pvmail[30185]: id=update time="2012-2-13 11:29:56" fw=protector pri=6 issueid=7000001 op=install name=Update_Installation msg="Successfully installed file(s) mail_database"
Feb 13 11:30:03 protector ntpdate[30974]: adjust time server 192.43.244.18 offset 0.002812 sec
Feb 13 11:30:34 protector iss-ipm[4114]: Event: issueid=2000901,name=Telnet_Abuse,type=attack,protocol=telnet,user-defined=false,count=1,priority=low,time=1329129034,blocked=false,ether-type=IP(0x0800),src-ip=80.50.231.162,dst-ip=10.1.9.212,intruder-ip=80.50.231.162,victim-ip=10.1.9.212,ip-protocol=TCP(6),src-port=3327,dst-port=25,intruder-port=3327,victim-port=25,event-info:port=25

Feb 13 11:32:48 protector pvmail[30185]: id=MS name=MSM_MailProcessed time="2012-2-13 11:32:48" fw=protector pri=6 issueid=6000031 msg="Mail Processed" msgid=12021310-6448-0000-0000-0000008600C7 sender="artismedia@artismedia.nazwa.pl" recipient="acme@acme.com" direction=inbound size=1596 attachmentcount=0 src=85.128.224.133 ActionTaken=1 what="5AC4DAC6-E8DD-4B0D-8884-3B391DB0DB92 Newsletter detection" responses="3554F4BD-CDB7-4A36-A436-CA71D5884799 Tag as Newsletter" rules="7188D5EF-A9F2-48B9-90B3-97FF3D6F5540 Newsletters"
Feb 13 11:33:18 protector pvmail[30185]: id=MS name=MSM_MailProcessed time="2012-2-13 11:33:18" fw=protector pri=6 issueid=6000031 msg="Mail Processed" msgid=12021310-6448-0000-0000-0000008600C4 sender="anmar1@o2.pl" recipient="a.kapler@acme.com" direction=inbound size=176604 attachmentcount=1 src=193.17.41.186 ActionTaken=0
Feb 13 11:33:48 protector pvmail[30185]: id=MS name=MSM_MailProcessed time="2012-2-13 11:33:48" fw=protector pri=6 issueid=6000031 msg="Mail Processed" msgid=12021310-6448-0000-0000-0000008600C5 sender="mzyk.agnieszka@gmail.com" recipient="jsordyl@acme.com" direction=inbound size=5150 attachmentcount=0 src=74.125.82.178 ActionTaken=0
Feb 13 11:34:57 protector pvmail[30185]: id=update time="2012-2-13 11:34:57" fw=protector pri=6 issueid=7000001 op=install name=Update_Installation msg="Successfully installed file(s) mail_database"
Feb 13 11:35:01 protector named_restart[32083]: Refresh DNSBL Serverlist
Feb 13 11:35:01 protector named_restart[32083]: New config: masters { 129.35.208.128; };
Feb 13 11:36:16 protector pvmail[30185]: id=MS name=MSM_MailProcessed time="2012-2-13 11:36:16" fw=protector pri=6 issueid=6000031 msg="Mail Processed" msgid=12021310-6448-0000-0000-00000087000E sender="clarionsgbp5@bernina.co.il" recipient="mfelsztyns@acme.com" size=142 attachmentcount=0 src=46.33.221.236 ActionTaken=1
Feb 13 11:36:17 protector pvmail[30185]: id=MS name=MSM_MailProcessed time="2012-2-13 11:36:17" fw=protector pri=6 issueid=6000031 msg="Mail Processed" msgid=12021310-6448-0000-0000-00000087000F sender="uproars0@cochamber.com" recipient="ebecadapn@acme.com" size=142 attachmentcount=0 src=46.33.221.236 ActionTaken=1
Feb 13 11:36:30 protector pvmail[30185]: id=MS name=MSM_MailProcessed time="2012-2-13 11:36:30" fw=protector pri=6 issueid=6000031 msg="Mail Processed" msgid=12021310-6448-0000-0000-0000008600CB sender="artismedia@artismedia.nazwa.pl" recipient="jduzy@acme.com" direction=inbound size=1599 attachmentcount=0 src=85.128.224.133 ActionTaken=1 what="5AC4DAC6-E8DD-4B0D-8884-3B391DB0DB92 Newsletter detection" responses="3554F4BD-CDB7-4A36-A436-CA71D5884799 Tag as Newsletter" rules="7188D5EF-A9F2-48B9-90B3-97FF3D6F5540 Newsletters"
Feb 13 11:36:30 protector pvmail[30185]: id=MS name=MSM_MailProcessed time="2012-2-13 11:36:30" fw=protector pri=6 issueid=6000031 msg="Mail Processed" msgid=12021310-6448-0000-0000-0000008600CC sender="artismedia@artismedia.nazwa.pl" recipient="acme@acme.com" direction=inbound size=1596 attachmentcount=0 src=85.128.224.133 ActionTaken=1 what="5AC4DAC6-E8DD-4B0D-8884-3B391DB0DB92 Newsletter detection" responses="3554F4BD-CDB7-4A36-A436-CA71D5884799 Tag as Newsletter" rules="7188D5EF-A9F2-48B9-90B3-97FF3D6F5540 Newsletters"
Feb 13 11:36:30 protector pvmail[30185]: id=MS name=MSM_MailProcessed time="2012-2-13 11:36:30" fw=protector pri=6 issueid=6000031 msg="Mail Processed" msgid=12021310-6448-0000-0000-0000008600CD sender="a.plackowski@muzeummyslowic.pl" recipient="jduzy@acme.com" direction=inbound size=2548 attachmentcount=0 src=94.75.225.7 ActionTaken=0
Feb 13 11:36:30 protector pvmail[30185]: id=MS name=MSM_MailProcessed time="2012-2-13 11:36:30" fw=protector pri=6 issueid=6000031 msg="Mail Processed" msgid=12021310-6448-0000-0000-0000008600CD sender="a.plackowski@muzeummyslowic.pl" recipient="acme@acme.com" direction=inbound size=2548 attachmentcount=0 src=94.75.225.7 ActionTaken=0
Feb 13 11:36:39 protector iss-ipm[4114]: Event: issueid=2101127,name=DNS_TCP_Port_Abuse,type=attack,protocol=dns,user-defined=false,count=1,priority=low,time=1329129399,blocked=false,ether-type=IP(0x0800),src-ip=10.1.9.212,dst-ip=129.35.208.128,intruder-ip=10.1.9.212,victim-ip=129.35.208.128,ip-protocol=TCP(6),src-port=44255,dst-port=53,intruder-port=44255,victim-port=53,event-info:len=512,flags=0x100,questions=256,answerRRs=0,authorityRRs=256,additionalRRs=0,malformedMsgs=1,totalMessages=1

Thanks for any suggestions,
Tom

Lotus Protector Forum

Resources

Lotus Support

Wikis

Lotus Forums