#haraka

[13Haraka] 15greenkeeper[bot] 04deleted 06greenkeeper/eslint-3.17.1 at 14d085663: 02https://github.com/haraka/Haraka/commit/d085663

It doesn't look like there's any way to parse a .pem file in node.js w/o exec to CLI openssl.

ie, to get the equiv of: openssl x509 -noout -subject

sounds like a gap in the market.

Write it and become a bajillionaire.

What about: https://www.npmjs.com/package/x509 ?

how can i parse haraka.log to determine how many messages it processes a second

also when trying to install haraka with npm i get this error: https://dpaste.de/Dzpe

hrmmm, I don't love either choice. (shell to openssl -vs- have to compile against openssl)

but since node doesn't expose the feature, it looks like that's the only choices I have

msimerson: https://www.npmjs.com/package/node-forge#x509 ?

wow, that looks comprehensive

I'm looking at something I'd be able to pull into haraka-net-utils, which handles the tls.ini parsing. When a directory of x509 certificates is specified, read in all the files.

But, for SNI, I need to extract the CN property for each

and then match on the CN to present the correct cert

right

You need to handle a directory of directories too, like letsencrypt uses.

Nah

you aren't supposed to use the certs in the LE directories

Use your LE client to drop the LE certs into $haraka/config/tls/

it wouldn't be awful to shell out to openssl, b/c it'll only be done at startup and when certs are updated. But forge looks quite promising. Thanks

The problem with the LE client (at least the version I have) is they don't change the exit code when a cert is updated. So you need wrappers for that shit. It's annoying.

I use acme.sh

how do you do travis on windows?

and it's provision script hooks are awesome

Travis for windows: https://www.appveyor.com

where Travis = CI like kleenex = tissue

Oh right that's the thing you had me work with

I want to add windows testing for node-fs-ext

grab the appveyor config file from https://github.com/haraka/haraka-plugin-template

and then go enable appveyor in your repo

Sweet.

Now I just have to get windows support working :)

so ive been reading about improving node.js performance and one of the things it mentions is uses gzip compression

can that work with haraka?

no.

is that all that can be done to optimize haraka performance?

also would clustering node.js work?

Yes and no. I'm sure bits of it could be made faster by changing the code.

d4rkmatter: I believe haraka already runs as a cluster of worker processes and a single master

d4rkmatter: just set nodes=cpus in smtp.ini.

d4rkmatter: Are you seeing bottlenecks or performance issues currently that you're looking to correct, or is this premature optimization?

im currently facing bottlenecks and performance issues. i have a plugin that is used to encrypt messages sent to haraka with pgp before they are written to disk

and depending on the amount of messages being sent the performance takes a big dip

so without setting nodes=cpu

it only runs as 1 process accepting 1 email at a time?

also when setting "nodes=cpus" does the "cpus" have to equal the number of CPU cores available

or is that auto detected

nevermind read the manual

The problem is that running pgp is a matter of shelling out.

that's never going to scale well.

well there doesn't really appear to be another way to encrypt emails before writing them to disk

the server running the code is quite beefy (24 cores) so i wouldnt be surprised if running haraka in clustering mode would improve performance

Oh for sure.

You may also want to increase the number of threads node uses.

That's the UV_THREADPOOL_SIZE setting.

ok

ill take a look at that

it doesn't appear as if the actual encryption process is slowing down the server (the CPU in use is more than capable of doing that) but only being able to process 1 message at a time which causes a backlgo

Yeah even that sounds unusual though. What are you using for testing?

for testing? pretty much a copy of the server but that is scaled down

but i might just test these changes out on a single prod node as i doubt it would cause any negative impact

No I mean what is the sending end?

for testing im using xstress

and sample email messages to use as the body

but im sending from a different machine so as to not use more cpu time on the server running haraka

haha

its pretty old and out of date but gets the job done

OK. FWIW we tend to use smtp-source (part of postfix) for stress testing.

it's a bit more feature complete.

hmm ill check it out

postfix isn't installed on these servers however, exim is being used

ok, just thought it might be easier than some ancient tool on sourceforge.

probably would be

baudehlo: where would i set UV_THREADPOOL_SIZE

it's an environment variable.

so set it in whatever you're using to kick off Haraka.

ah ok