Rép.

I think my problem is solved!

As Gary V. suggested I checked the postfix log. I found
quite a bit of these
messages:

	Warning: premature end-of-input on private/scache socket
while
reading 	input attribute name

I found that this error was due to Postfix Connection Cache
(h
ttp://www.postfix.org/CONNECTION_CACHE_README.html). 

Then it happened again. 

So I did the following tests

	- Telnet localhost 10025 and sent myself an email: it
worked
	- Telnet localhost 10024 and sent myself an email: it
worked

I was then convinced the problem with Postfix and somewhere
before it sends
mail to amavis.

I noticed that mail was building up in my active queues but
more
specifically one particular domain had a crazy amount of
mail in it. I
noticed that the other domains mail was not moving and
starting to increase
slowly. 

I added the following line to main.cf which overrides the
default setting

smtp_connection_cache_on_demand=no

Immediately all the mail from the domain which add a crazy
amount moved to
the deferred queue and all the other mail went through. 

I then tried to connect to the mail server which postfix was
configured to
relay mail from the abusing domain to. I couldn't the server
was timing out
since it was overloaded (I'm guessing). 

It turns out that all these emails were bounces from a mass
mail out they
had done. 

I have to read more about Connection Caching but basically
this is what was
holding everything up.

If anybody could explain exactly what was going on it would
be appreciated &
maybe useful to the list.

Anyways, I think I need to get to know postfix much much
better... (any
recommendations for reading material???)

Thanks for all your help

Simon

-----Original Message-----
From: maia-users-bouncesrenaissoft.com
[mailto:maia-users-bouncesrenaissoft.com] On Behalf
Of Gary V
Sent: December 20, 2006 10:18 AM
To: maia-usersrenaissoft.com
Subject: RE: [Maia-users] Rép. : Postfix Issue

>Thanks for the reply. I read your replies to the
"How many processes & no
>responce on telnet port 25" thread. I then made the
changes you suggested.
>
>Here is what my master.cf file now:
>
>smtp      inet  n       -       n       -       100    
smtpd -o
>  content_filter=smtp-amavis:[127.0.0.1]:10024

100 is the default, so you could say:
smtp      inet  n       -       n       -       -     smtpd
-o
  content_filter=smtp-amavis:[127.0.0.1]:10024

>
>smtp-amavis unix  -  -  n  -  -  smtp
>     -o smtp_data_done_timeout=1200
>     -o smtp_send_xforward_command=yes
>     -o disable_dns_lookups=yes
>smtp      unix  -       -       n       -       -      
smtp
>
>localhost:10025 inet	n	-	n	-	-	smtpd -o
>content_filter=
>     -o smtpd_restriction_classes=
>     -o smtpd_delay_reject=no
>     -o
smtpd_client_restrictions=permit_mynetworks,reject
>     -o smtpd_helo_restrictions=
>     -o smtpd_sender_restrictions=
>     -o
smtpd_recipient_restrictions=permit_mynetworks,reject
>     -o smtpd_data_restrictions=reject_unauth_pipelining
>     -o smtpd_end_of_data_restrictions=
>     -o mynetworks=127.0.0.0/8
>     -o smtpd_error_sleep_time=0
>     -o smtpd_soft_error_limit=1001
>     -o smtpd_hard_error_limit=1000
>     -o smtpd_client_connection_count_limit=0
>     -o smtpd_client_connection_rate_limit=0
>     -o smtpd_milters=
>     -o local_header_rewrite_clients=
>     -o local_recipient_maps=
>     -o relay_recipient_maps=
>     -o
>receive_override_options=no_header_body_checks,no_unknow
n_recipient_checks
>
>I still get the same problem. Basically, postfix seems
to stop processing
>mail. If I look at the top command while it is stalled
nothing seems to be
>going on.

How much swap memory is used and what does a typical amavisd
process look 
like in terms of memory usage?

>When I run a postfix reload command I see the 10 amavisd
processes
>come up right away. I don't think amavis is the problem
because it answers
>to a telnet request (telnet localhost 10024). I'm really
not sure what to
>do.
>
>I see that you have suggested:
>
>smtp-amavis unix  -       -       n       -       2     
 smtp
>
>I have:
>
>smtp-amavis unix  -  -  n  -  -  smtp
>
>But I have the following in my main.cfg file
>
>smtp-amavis_destination_concurrency_limit = 10
>

smtp-amavis unix  -       -       n       -       2      
smtp
Is only an example. This would be for someone who has
$max_servers at 2.

Since you have left the maxproc at default:
smtp-amavis unix  -  -  n  -  -  smtp

you are correct in setting this in main.cf:
smtp-amavis_destination_concurrency_limit = 10

It has the same effect as setting:
smtp-amavis unix  -  -  n  -  10  smtp

You should have $max_servers set to 10 so they match.

>I would greatly appreciate help on this.
>
>Thanks again for the replies
>
>Simon

I don't have a SuSE 10 system to play with but I would start
by seeing what 
Postfix errors there are.
egrep '(warning|error|fatal|panic):' /var/log/mail

I dont know where amavis logs are stored, but I would also
look for amavis 
errors in the log. The logs are typicall the first place to
look when there 
are problems.
http://www.renaissoft.com/pipermail/maia
-users/2006-December/008478.html

Gary V

____________________________________________________________
_____
Your Hotmail address already works to sign into Windows Live
Messenger! Get 
it now 
http://clk.atdmt.com/MSN/go/msnnkwme
0020000001msn/direct/01/?href=http://get
.live.com/messenger/overview


_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

> Anyways, I think I need to get to know postfix much
much better... (any
> recommendations for reading material???)

The Definitive Guide to Postfix
http://www.amazon.com/Po
stfix-Definitive-Guide-Kyle-Dent/dp/0596002122/sr=8-2/qid=11
66652576/ref=pd_bbs_sr_2/103-7719594-6255835?ie=UTF8&s=b
ooks

The Book of Postfix
http://www.amazon.com/Book
-Postfix-State-Art-Transport/dp/1593270011/sr=8-1/qid=116665
2576/ref=pd_bbs_sr_1/103-7719594-6255835?ie=UTF8&s=books


Postfix website
http://www.postfix.org

Ryan

_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Dec 20, 2006, at 3:24 PM, Simon Marcil wrote:

>
> I then tried to connect to the mail server which
postfix was  
> configured to
> relay mail from the abusing domain to. I couldn't the
server was  
> timing out
> since it was overloaded (I'm guessing).
>
> It turns out that all these emails were bounces from a
mass mail  
> out they
> had done.

Red flags are going up all over the place for me here...  Is
this one  
of your own domains that sent out the mass mailing, or is it
the  
victim of a backscatter attack?  Either way it sounds
spammish.   I'm  
not sure whether it's you or them that is being abused...

Here's a good link on backscatter: http://spamlinks.net/pr
event- 
secure-backscatter.htm

The key thing for you to be sure about is that you only
accept mail  
for valid recipients.  Don't just accept all email and then
bounce  
them if it turns out not to be valid.


David Morton
Maia Mailguard http://www.maiamailguard
.com
mortondadgrmm.net



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFicJHUy30ODPkzl0RAsDhAKC92SNURQQE2wF5nfVpUfJjgU1SHACg
0Ulb
wabiPEP64SzY6T6KFveTM3w=
=xM6J
-----END PGP SIGNATURE-----
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

>I think my problem is solved!
>
>As Gary V. suggested I checked the postfix log. I found
quite a bit of 
>these
>messages:
>
>	Warning: premature end-of-input on private/scache
socket while
>reading 	input attribute name
>
>I found that this error was due to Postfix Connection
Cache
>(h
ttp://www.postfix.org/CONNECTION_CACHE_README.html).
>
>Then it happened again.
>
>So I did the following tests
>
>	- Telnet localhost 10025 and sent myself an email: it
worked
>	- Telnet localhost 10024 and sent myself an email: it
worked
>
>I was then convinced the problem with Postfix and
somewhere before it sends
>mail to amavis.
>
>I noticed that mail was building up in my active queues
but more
>specifically one particular domain had a crazy amount of
mail in it. I
>noticed that the other domains mail was not moving and
starting to increase
>slowly.
>
>I added the following line to main.cf which overrides
the default setting
>
>smtp_connection_cache_on_demand=no
>
>Immediately all the mail from the domain which add a
crazy amount moved to
>the deferred queue and all the other mail went through.
>
>I then tried to connect to the mail server which postfix
was configured to
>relay mail from the abusing domain to. I couldn't the
server was timing out
>since it was overloaded (I'm guessing).
>
>It turns out that all these emails were bounces from a
mass mail out they
>had done.
>
>I have to read more about Connection Caching but
basically this is what was
>holding everything up.
>
>If anybody could explain exactly what was going on it
would be appreciated 
>&
>maybe useful to the list.
>
>Anyways, I think I need to get to know postfix much much
better... (any
>recommendations for reading material???)
>
>Thanks for all your help
>
>Simon
>

Interesting. You know, it's possible they did not send out a
mass mailing. 
They (and you) may be innocent victims of a joe-job.
Joe-jobs have been very 
common lately. Some domains have been hit pretty hard. Do
you know if the 
bounces are addressed to valid users at their domain? Do you
reject mail to 
invalid users? In other words, do you have some sort of
recipient validation 
in place?

____________________________________________________________
_____
Fixing up the home? Live Search can help 
http://imagine-windowslive.com/search/kit
s/default.aspx?kit=improve&locale=en-US&source=hmema
iltaglinenov06&FORM=WLMTAG


_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

I have mail log info but the log info on log level 3 has
made the logs so
big I am having difficulties tracking the transactions to
get you a complete
transaction process.  Do you want me to post what I can, or
can I zip the
file and post to list?



-----Original Message-----
From: maia-users-bouncesrenaissoft.com
[mailto:maia-users-bouncesrenaissoft.com] On Behalf
Of Gary V
Sent: Wednesday, December 20, 2006 3:48 PM
To: maia-usersrenaissoft.com
Subject: RE: [Maia-users] Rip. : Postfix Issue

>I think my problem is solved!
>
>As Gary V. suggested I checked the postfix log. I found
quite a bit of 
>these
>messages:
>
>	Warning: premature end-of-input on private/scache
socket while
>reading 	input attribute name
>
>I found that this error was due to Postfix Connection
Cache
>(h
ttp://www.postfix.org/CONNECTION_CACHE_README.html).
>
>Then it happened again.
>
>So I did the following tests
>
>	- Telnet localhost 10025 and sent myself an email: it
worked
>	- Telnet localhost 10024 and sent myself an email: it
worked
>
>I was then convinced the problem with Postfix and
somewhere before it sends
>mail to amavis.
>
>I noticed that mail was building up in my active queues
but more
>specifically one particular domain had a crazy amount of
mail in it. I
>noticed that the other domains mail was not moving and
starting to increase
>slowly.
>
>I added the following line to main.cf which overrides
the default setting
>
>smtp_connection_cache_on_demand=no
>
>Immediately all the mail from the domain which add a
crazy amount moved to
>the deferred queue and all the other mail went through.
>
>I then tried to connect to the mail server which postfix
was configured to
>relay mail from the abusing domain to. I couldn't the
server was timing out
>since it was overloaded (I'm guessing).
>
>It turns out that all these emails were bounces from a
mass mail out they
>had done.
>
>I have to read more about Connection Caching but
basically this is what was
>holding everything up.
>
>If anybody could explain exactly what was going on it
would be appreciated 
>&
>maybe useful to the list.
>
>Anyways, I think I need to get to know postfix much much
better... (any
>recommendations for reading material???)
>
>Thanks for all your help
>
>Simon
>

Interesting. You know, it's possible they did not send out a
mass mailing. 
They (and you) may be innocent victims of a joe-job.
Joe-jobs have been very

common lately. Some domains have been hit pretty hard. Do
you know if the 
bounces are addressed to valid users at their domain? Do you
reject mail to 
invalid users? In other words, do you have some sort of
recipient validation

in place?

____________________________________________________________
_____
Fixing up the home? Live Search can help 
http://imagine-windowslive.com/s
earch/kits/default.aspx?kit=improve&locale=e
n-US&source=hmemailtaglinenov06&FORM=WLMTAG


_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users

---
[This E-mail scanned for viruses by Declude EVA]


_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users