Next message: John Payne: "Re: virtual users canonicalization and check_policy_service"
I know it sounds a bit of deja vu, but digging in the archives did'nt
shed the expected light...
I moved my postfix installation (+- 1kusers) from am old dual 1.6GHz
Althon to a new 3.6 GHz dual Xeon whith tots of ram and disk space,
gigabit ethernet, bells and whistles... (its the known old story:
software longa hardware brevis).
Of course I upgraded the OS as well, from Suse 8.2 to Opensuse 10.2.
And moved from eudora's qpopper to dovecot, to implement IMAP.
The new machine has moreless the same configuration of the old one
exept for just few ajustments for dovecot.
Now randomly, I get few hundreds of smtp connections (I had set the
limit in master.cf to 32 on the old machine) and smtp clients are
experiecing timeouts. If I log into the machine, top says it is 92%
idle and the machine's reaction to commands is quite prompt.
It seems a tuning problem, so I increased the instances limit of
smtpd in master.cf to 128 without noticeable changes in postfix
behaviour.
What puzles me is that the number of smtp connections TO the machine
is higher than the number of smtpd processes allowed. Is it normal?
Anyway here are the details:
Postfix is 2.4.5 compiled from source (the same on the two machines)
master.cf:
smtp inet n - n - 128 smtpd
pickup fifo n - n 6 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 5 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
smtp unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -q -m ${extension} ${user}
uucp unix - n n - - pipe
flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=F user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
# vscan unix - n n - 54 pipe flags=q user=vscan
argv=/usr/sbin/amavis-perl vscan unix - n n -
132 pipe flags=q user=vscan argv=/usr/sbin/amavis-0.3.13pre2 $sender
$recipient localhost:10025 inet n - n - -
smtpd -o content_filter= -o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks
smtp-amavis unix - - n - 24 smtp -o
smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/lib/postfix-policyd-spf-perl
flush unix n - n 1000? 0 flush
relay unix - - n - - smtp
proxymap unix - - n - - proxymap
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000? 1 tlsmgr
retry unix - - n - - error
baobab:~ # postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
bounce_queue_lifetime = 2d
broken_sasl_auth_clients = yes
canonical_maps = regexp:/etc/postfix/canonical.reg
command_directory = /usr/sbin
command_time_limit = 8565s
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 2
default_process_limit = 1287
disable_dns_lookups = no
disable_mime_output_conversion = yes
empty_address_recipient =
html_directory = no
ignore_mx_lookup_error = yes
inet_interfaces = all
initial_destination_concurrency = 2
local_recipient_maps = unix:passwd.byname, $alias_maps, $virtual_maps
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -p
mailbox_size_limit = 212865024
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 52428800
mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain, mxrelay.$mydomain, feder.$mydomain, baobab.unita.it, nameron.smd.sublink.org, baobab.mcs.it, nameron.sublink.org, nameron.mcs.it, ciadbox.mcs.it
myhostname = baobab.bilink.it
mynetworks = 192.168.138.0/24, 127.0.0.0/8, !212.45.144.150,212.45.144.0/24, 212.45.138.0/24, 194.244.230.104, 62.110.95.162, 212.45.142.0/24, 217.172.210.108, 151.36.111.233, 213.156.49.211, 80.105.106.194, 213.156.49.211, 212.45.149.0/24, 81.74.55.16, 81.74.51.56, 81.116.95.128, 81.116.95.129, 81.116.95.130, 81.116.95.131, 81.116.95.132, 81.116.95.133, 81.116.95.134, 81.116.95.135, 217.57.104.138, 81.114.225.226, 81.115.40.38, 81.72.14.140, 85.36.40.128/28, 192.168.13.0/24, 192.168.132.0/24, 85.36.2.34, 87.28.8.105, 82.106.57.24, 212.45.153.0/24, 192.168.134.0/24
newaliases_path = /usr/bin/newaliases
notify_classes = delay,software
prepend_delivered_header = command, file, forward
qmgr_message_active_limit = 8008
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = $mydestination, rooibosch, rooibosch.unita.it, ediforum.it, mediaforce.it, bimbo.mcs.it, atadmc.it, starcomitalia.com, hermes.mcs.it, paneangeli.it, bertolini.com, barbiepass.it
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_destination_concurrency_limit = 2
smtp_host_lookup = native
smtp_sasl_auth_enable = no
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noplaintext
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_connection_count_limit = 0
smtpd_client_event_limit_exceptions = static:all
smtpd_error_sleep_time = 0
smtpd_hard_error_limit = 23
smtpd_junk_command_limit = 18
smtpd_recipient_restrictions = check_client_access regexp:/etc/postfix/pacc.rexcheck_client_access cidr:/etc/postfix/cknet.cid, permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/pop-before-smtp, check_sender_mx_access cidr:/etc/postfix/private_addr_space.cid,reject_unauth_destination, check_policy_service inet:127.0.0.1:2525, check_policy_service unix:private/policy
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/access.rex, check_sender_access cidr:/etc/postfix/softbanned.cid, reject_unknown_sender_domain , reject_rbl_client dnsbl.njabl.org, check_recipient_access hash:/etc/postfix/access-to
smtpd_soft_error_limit = 23
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
baobab:~ #
Many thanks in advance,
luciano.
--
/"\ /Via A. Salaino, 7 - 20144 Milano (Italy)
\ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
X AGAINST HTML MAIL / E-MAIL:
/ \ AND POSTINGS / WWW: http://www.mannucci.ORG/
