GreenArrow Documentation

Speed Considerations

Benchmarking

Test Lists

A list of 10,000 addresses that a default GreenArrow Engine configuration will deliver to a dummy SMTP service is attached here.

You can also generate your own test list by using addresses at subdomains of discardallmail.drh.net. For example:

[email protected]
[email protected]

Dummy SMTP Service

smtp-sink accepts, then silently discards messages that you send to it. Be sure to quit smtp-sink and to remove the test configuration when you’re ready to perform live sends.

You can use the smtp-sink application to benchmark how quickly your injecting application is able to hand messages off to GreenArrow Engine using SMTP. Performing this test removes GreenArrow Engine performance from the equation, while keeping network latency equal to what it would be while injecting into GreenArrow Engine.

Here’s an example invocation, which binds smtp-sink to port 1587:

/var/hvmail/bin/smtp-sink :1587 50

Press Ctrl-C to quit when you’re finished testing.

Dummy QMQP Service

qmqp-sink accepts, then silently discards messages that you send to it. Be sure to quit qmqp-sink and remove the test configuration when you’re ready to perform live sends.

You can use the qmqp-sink application to benchmark how quickly your injecting application is able to hand messages off to GreenArrow Engine using QMQP. Performing this test removes GreenArrow Engine performance from the equation, while keeping network latency equal to what it would be while injecting into GreenArrow Engine.

Here’s an example invocation, which binds qmqp-sink to port 1628:

/var/hvmail/bin/qmqp-sink :1628 50

Press Ctrl-C to quit when you’re finished testing.

GreenArrow Sink Service

GreenArrow includes a sink that can be used for speed testing. This sink will accept and discard all messages which are delivered to it. This sink can be installed on servers that are not running GreenArrow, following the instructions below.

Copy the executable

Copy /var/hvmail/libexec/greenarrow-go from an up-to-date copy of GreenArrow to the server you’d like to use as greenarrow-sink. The instructions below assume you place it as /usr/local/bin/greenarrow-sink.

Create the launcher

Edit the parameters shown below to be appropriate for your testing needs.

cat > /usr/local/bin/greenarrow-sink-wrapper <<'EOF'
#!/bin/bash

ulimit -Hn 1048576
ulimit -Sn 1048576

# COMMA_SEPARATED_IP_ADDRESSES defines the IP addresses on which the sink will
# listen. You may specify one or more IPs, separated by commas.
COMMA_SEPARATED_IP_ADDRESSES="0.0.0.0"

# PORT_NUMBER is the port number on which to listen. This must be a single, valid port number.
PORT_NUMBER="2525"

# MAX_PAUSE_DURATION defines the longest time deferrals and failures will delay
# the SMTP session. A random number of seconds between 0 and the specified
# value will be used. The average session will be delayed by half of MAX_PAUSE_DURATION.
MAX_PAUSE_DURATION="4"

# SERVER_NAME defines the string used in the greeting.
SERVER_NAME="greenarrowsink"

# Each of the values below define a proportional chance of each event. By
# setting CHANCE_ACCEPT=50 & CHANCE_DEFER_AFTER_DATA=50, half of all messages
# would be accepted and half would be deferred after receiving the message
# data. These numbers do not need to add up to 100.
CHANCE_ACCEPT="100"
CHANCE_DEFER_BEFORE_DATA="0"
CHANCE_DEFER_AFTER_DATA="0"
CHANCE_FAIL_BEFORE_DATA="0"
CHANCE_FAIL_AFTER_DATA="0"

# Create a certificate to use for greenarrow-sink. If you want to use your own
# certificate and key file, replace the two names here and delete the "if" block below.
# Alternatively, you can disable TLS in the sink by adding the "-no-starttls"
# option to the executed command below.
TLS_CRT_PATH="/tmp/greenarrow-sink.tls.crt"
TLS_KEY_PATH="/tmp/greenarrow-sink.tls.key"
if [ ! -f "$TLS_CRT_PATH" ] || [ ! -f "$TLS_KEY_PATH" ]; then
  TLS_CSR_PATH="/tmp/greenarrow-sink.tls.csr"
  openssl req -nodes -newkey rsa:1024 -keyout "$TLS_KEY_PATH" -out "$TLS_CSR_PATH" -subj "/C=GA/ST=GA/L=GA/O=GA/OU=GA/CN=GA"
  openssl x509 -req -days 3650 -in "$TLS_CSR_PATH" -signkey "$TLS_KEY_PATH" -out "$TLS_CRT_PATH"
fi

exec /usr/local/bin/greenarrow-sink                           \
  -chance-accept           "$CHANCE_ACCEPT"                   \
  -chance-defer-before     "$CHANCE_DEFER_BEFORE_DATA"        \
  -chance-defer-after      "$CHANCE_DEFER_AFTER_DATA"         \
  -chance-fail-before      "$CHANCE_FAIL_BEFORE_DATA"         \
  -chance-fail-after       "$CHANCE_FAIL_AFTER_DATA"          \
  -max-pause-duration      "$MAX_PAUSE_DURATION"              \
  -bind-ip                 "$COMMA_SEPARATED_IP_ADDRESSES"    \
  -port                    "$PORT_NUMBER"                     \
  -tls-private-key-path    "$TLS_KEY_PATH"                    \
  -tls-certificate-path    "$TLS_CRT_PATH"                    \
  -servername              "$SERVER_NAME"
EOF
chmod 755 /usr/local/bin/greenarrow-sink-wrapper

By default, greenarrow-sink supports the STARTTLS command. If you would like to disable this, to prevent clients from using it, add the -no-starttls option to the command script above.

Create the service entry

cat > /etc/systemd/system/greenarrow-sink.service <<EOF
[Unit]
Description=greenarrow-sink
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/greenarrow-sink-wrapper
Restart=on-abort

[Install]
WantedBy=multi-user.target
EOF

systemctl enable greenarrow-sink
systemctl start greenarrow-sink
systemctl status greenarrow-sink

Updating settings

Following the instructions below will install greenarrow-sink as a systemd service. If you need to change the settings defined in /usr/local/bin/greenarrow-sink-wrapper, run systemctl restart greenarrow-sink to load the new settings.

Certificate and key file

The sink, by default, supports STARTTLS. If you would like to disable it, add -no-starttls to the greenarrow-sink command.

By default, it will look for certificate and key files at GreenArrow’s default HTTP SSL paths (/var/hvmail/control/httpd.ssl.crt and /var/hvmail/control/httpd.ssl.key). To override this, see the -tls-certificate-path and -tls-private-key-path options.

The example wrapper script above generates its own key file automatically.