If you happen to notice that your server (dedicated or vps) is running at 100% cpu usage or close to it, and you notice the following that qmail is using all of your cpu usage;
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
28141 qmaild 25 0 4600 1376 1168 R 27 0.1 0:28.09 qmail-smtpd
27851 qmaild 25 0 4708 1372 1168 R 26 0.1 1:23.48 qmail-smtpd
28268 qmaild 25 0 3948 1372 1168 R 24 0.1 0:05.79 qmail-smtpd
27507 qmaild 25 0 4468 1372 1168 R 23 0.1 1:56.58 qmail-smtpd
28244 qmaild 25 0 4520 1372 1168 R 20 0.1 0:06.82 qmail-smtpd
28045 qmaild 25 0 3820 1376 1168 R 20 0.1 0:48.50 qmail-smtpd
28117 qmaild 25 0 3724 1372 1168 R 20 0.1 0:33.20 qmail-smtpd
28118 qmaild 25 0 4452 1372 1168 R 20 0.1 0:33.59 qmail-smtpd
28163 qmaild 25 0 5200 1380 1168 R 20 0.1 0:25.30 qmail-smtpd
You can check on the /var/qmail/control directory for 2 files;
dh512.pem
dh1024.pem
If you don’t see them or with another naming (dhparam512 and dhparam1024), rename them accordingly.
After that, you will need to restart qmail and xinetd;
# service qmail restart
# service xinetd restart
Without dh512.pem and dh1024.pem, qmail has to create certificate and key pairs when other mail servers or mail users connect to qmail via TLS. If qmail is forced to create them on the fly, you will see a huge performance hit, and your load will be higher than it normally should be. By copying the dhparam files over, you will pre-populate the SSL key and certificate for qmail to use, and all it has to do is pick it up off the file system rather than regenerating it each time, thus saving your cpu usage from maxing out. Usually it will drop your cpu usage.
