|
List Info
Thread: (no subject)
|
|
| (no subject) |
 
United States |
2007-08-30 14:04:07 |
Well, it's pretty obvious I'm floundering here, but I'm
hoping someone has dealt with this, and can tell me just
what kind of idiot mistake I've made. I'm getting some
nastygrams in my logs, particularly a bunch of the first
line, and messages are queueing after a very short period.
I'm obviously setting something up incorrectly, but I just
can't detect it. Doesn't help that I was here until 01:00
last night fixing the database issue.
Thanks,
Kurt
representative log entries (the first one is, I think, the
one that keeps killing me):
Aug 30 11:53:03 zmx1 postfix/qmgr[2992]: warning: connect to
transport scan: No such file or directory
Aug 30 11:53:28 zmx1 postfix/master[2990]: warning: service
"smtp" (25) has reached its process limit
"2": new clients may experience noticeable delays
Aug 30 11:53:28 zmx1 postfix/master[2990]: warning: to avoid
this condition, increase the process count in master.cf or
reduce the service time per client
Here are my main.cf and master.cf files:
---------- begin main.cf: ----------
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
myhostname = zmx1.zetron.com
mydomain = zetron.com
myorigin = $mydomain
inet_interfaces = all
mydestination =
local_recipient_maps =
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8
192.168.10.12/32
192.168.10.66/32
192.168.10.20/32
192.168.8.73/32
192.168.8.88/32
192.168.10.225/32
relay_recipient_maps =
hash:/usr/local/etc/postfix/relay_recipients
relay_domains = $mydestination, $mydomain
alias_maps = hash:/usr/local/etc/postfix/aliases
alias_database = hash:/usr/local/etc/postfix/aliases
transport_maps = hash:/usr/local/etc/postfix/transport
smtpd_recipient_restrictions =
reject_non_fqdn_recipient
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
check_recipient_access
hash:/usr/local/etc/postfix/roleaccount_exceptions
reject_non_fqdn_hostname
reject_invalid_hostname
check_helo_access
pcre:/usr/local/etc/postfix/helo_checks
permit
strict_rfc821_envelopes=yes
smtpd_data_restrictions =
reject_multi_recipient_bounce
content_filter=smtp-amavis:[127.0.0.1]:10024
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id
& sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
----------end main.cf----------
---------- being master.cf ----------
pickup fifo n - n 60 1
pickup
cleanup unix n - n - 0
cleanup
qmgr fifo n - n 300 1
qmgr
tlsmgr unix - - n 1000? 1
tlsmgr
rewrite unix - - n - -
trivial-rewrite
bounce unix - - n - 0
bounce
defer unix - - n - 0
bounce
trace unix - - n - 0
bounce
verify unix - - n - 1
verify
flush unix n - n 1000? 0
flush
proxymap unix - - n - -
proxymap
smtp unix - - n - -
smtp
relay unix - - n - -
smtp
-o fallback_relay=
showq unix n - n - -
showq
error unix - - n - -
error
discard unix - - n - -
discard
local unix - n n - -
local
virtual unix - n n - -
virtual
lmtp unix - - n - -
lmtp
anvil unix - - n - 1
anvil
scache unix - - n - 1
scache
maildrop unix - n n - -
pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d
$
old-cyrus unix - n n - -
pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m
$ $
cyrus unix - n n - -
pipe
user=cyrus argv=/cyrus/bin/deliver -e -r $ -m
$ $
uucp unix - n n - -
pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender -
$nexthop!rmail ($recipient)
ifmail unix - n n - -
pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop
($recipient)
bsmtp unix - n n - -
pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender
$nexthop $recipient
smtp inet n - n - 2
smtpd
-o content_filter=smtp-amavis:[127.0.0.1]:10024
-o receive_override_options=no_address_mappings
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o
smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
-o
receive_override_options=no_header_body_checks,no_unknown_re
cipient_checks
---------- end master.cf ----------
_______________________________________________
Maia-users mailing list
Maia-users renaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
| Re: (no subject) |
United States |
2007-08-30 23:04:22 |
On Thu, 2007-08-30 at 12:04 -0700, Kurt Buff wrote:
> smtp-amavis unix - - n - 2
smtp
The IMPORTANT thing is that this matches the setting in
amavisd.conf:
$max_servers = 10;
Just be sure these two match. If you have 10 in your
amavisd.conf file
with 2 in master.cf, then there is your problem.
You can change the 2 to something higher, mine is at 10, but
raise a
little and watch, then raise some more. Depending on
hardware on what
your capable of doing, but most people I've seen use 10.
--
Robert
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
| Re: (no subject) |
United States |
2007-08-31 00:04:48 |
Hi,
I fought a battle with this just a month or so ago and had
lots of help
from the list (might want to check the archives for the
entire thread with
the subject: "lost connection after CONNECT")....
Here's what I
discovered:
Postfix SMTP processes don't take too much resource and if
you are using
postfix to reject connections for non-existant users and
From: FQDNs
that don't exist, then you will probably need many more
Postfix SMTP
processes than amavisd processes depending on the ratio of
'early
rejection' mail to deliverable spam and real mail...
otherwise, a spammer
can saturate your postfix SMTP listener population and
little real mail
will get through to amavisd.... I am running 50 Postfix
listeners and
only 2 or 3 amavisd listeners (which use lots of
resource).... on a 2.4
Ghz P4 maia appliance with 512 Mb of memory.... Since upping
the number
of postfix listeners everything has been hunky dorey....
In NO EVENT do you want more amavisd listeners than postfix
listeners as
amavis will NEVER be able to receive more connections than
postfix is
configured to receive.... and a 10:1 ratio the other way may
be a good
idea else it's pretty easy to mount a denial of service
attack on your
mail filter....
Dave
************************************************************
***********
On Fri, 31 Aug 2007, Robert Fitzpatrick wrote:
> On Thu, 2007-08-30 at 12:04 -0700, Kurt Buff wrote:
> > smtp-amavis unix - - n - 2
smtp
>
> The IMPORTANT thing is that this matches the setting in
amavisd.conf:
>
> $max_servers = 10;
>
> Just be sure these two match. If you have 10 in your
amavisd.conf file
> with 2 in master.cf, then there is your problem.
>
> You can change the 2 to something higher, mine is at
10, but raise a
> little and watch, then raise some more. Depending on
hardware on what
> your capable of doing, but most people I've seen use
10.
>
> --
> Robert
>
> _______________________________________________
> Maia-users mailing list
> Maia-usersrenaissoft.com
> http://www.renaissoft.com/mailman/listinfo/maia-users
>
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
| Re: (no subject) |
United States |
2007-08-31 01:03:31 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Aug 31, 2007, at 12:04 AM, David Sims wrote:
> Hi,
>
> I fought a battle with this just a month or so ago
and had lots
> of help
> from the list (might want to check the archives for the
entire
> thread with
> the subject: "lost connection after
CONNECT").... Here's what I
> discovered:
>
> Postfix SMTP processes don't take too much resource and
if you are
> using
> postfix to reject connections for non-existant users
and From: FQDNs
A lot of confusion may be stemming from the fact that terms
are not
being used clearly by everyone... I think you meant smtpd
there.
You need lots of smtpd listeners, that listen on port 25 for
remote
connections. These get tied up in rejecting unknown users,
and also
in network traffic as the mail is transmitted.
I've seen 100 to 200 of these. They are fairly light weight
relative
to the amavisd-maia processes. when they accept mail, it
gets
queued, and then sent along to the next step. The postfix
default is
100. I have had to bump this up on some busy sites to
handle the
flood of botnet dictionary attacks.
Then, you need a smtp transport to amavisd-maia, and a smtpd
listener
(port 10025) to get the scanned mail back from amavisd-maia.
These
numbers should match the max number of amavisd-maia process
you have
available. If you don't have enough smtpd listeners on
port 10025,
then amavisd will encounter errors, and requeue the message;
this
makes things worse as mail piles up. Similarly, if you have
more
smtp-amavis processes than max amavisd-maia processes,
postfix will
encounter an error.
In my own server, the smtpd processes default to 100 max.
The only
limit I have is the smtp-amavis smtp line, which is set to
2. I also
have 2 amavisd-maia processes running.
David Morton
Maia Mailguard http://www.maiamailguard
.com
mortondadgrmm.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFG1684Uy30ODPkzl0RAvHQAJ9qqEteaY7uhkrTm7t+wErd9J/fOACf
aGhA
jF5/azcbZfEWCRS/Elg9Kp4=
=BJKA
-----END PGP SIGNATURE-----
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
| Re: (no subject) |
 
Norway |
2007-08-31 02:35:28 |
Kurt Buff wrote:
> Aug 30 11:53:03 zmx1 postfix/qmgr[2992]: warning:
connect to transport scan: No such file or directory
>
Check your transport map if there is any that has a scan:
<something> as
value.
> Aug 30 11:53:28 zmx1 postfix/master[2990]: warning:
service "smtp" (25) has reached its process limit
"2": new clients may experience noticeable delays
>
See further down
> Aug 30 11:53:28 zmx1 postfix/master[2990]: warning: to
avoid this condition, increase the process count in
master.cf or reduce the service time per client
>
>
[snip]
> transport_maps = hash:/usr/local/etc/postfix/transport
>
>
This is probably the one you want to check for any
"scan:" occurings.
[more snip]
> ---------- being master.cf ----------
> smtp inet n - n - 2
smtpd
> -o content_filter=smtp-amavis:[127.0.0.1]:10024
> -o receive_override_options=no_address_mappings
>
>
This is your inet listening (e.g port 25), where you only
allow 2
inbound connection. Unless this is some really low volume
site you
should up this, postfix default (as mentioned by a lot of
others) is
100. They don't take too much resources either, so unless
you're really
low on them it won't do any difference increasing it.
Hope this helps,
--
Erik Weber
_______________________________________________
Maia-users mailing list
Maia-usersrenaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia-users
|
|
[1-5]
|
|