Postfix busy, linux idle

(no email)
Date: Wed Aug 29 2007 - 09:08:53 EDT

  • Next message: John Payne: "Re: virtual users canonicalization and check_policy_service"

    I know it sounds a bit of deja vu, but digging in the archives did'nt
    shed the expected light...
    I moved my postfix installation (+- 1kusers) from am old dual 1.6GHz
    Althon to a new 3.6 GHz dual Xeon whith tots of ram and disk space,
    gigabit ethernet, bells and whistles... (its the known old story:
    software longa hardware brevis).
    Of course I upgraded the OS as well, from Suse 8.2 to Opensuse 10.2.
    And moved from eudora's qpopper to dovecot, to implement IMAP.
    The new machine has moreless the same configuration of the old one
    exept for just few ajustments for dovecot.
    Now randomly, I get few hundreds of smtp connections (I had set the
    limit in master.cf to 32 on the old machine) and smtp clients are
    experiecing timeouts. If I log into the machine, top says it is 92%
    idle and the machine's reaction to commands is quite prompt.
    It seems a tuning problem, so I increased the instances limit of
    smtpd in master.cf to 128 without noticeable changes in postfix
    behaviour.
    What puzles me is that the number of smtp connections TO the machine
    is higher than the number of smtpd processes allowed. Is it normal?

    Anyway here are the details:

    Postfix is 2.4.5 compiled from source (the same on the two machines)

    master.cf:
    smtp inet n - n - 128 smtpd
    pickup fifo n - n 6 1 pickup
    cleanup unix n - n - 0 cleanup
    qmgr fifo n - n 5 1 qmgr
    rewrite unix - - n - - trivial-rewrite
    bounce unix - - n - 0 bounce
    defer unix - - n - 0 bounce
    smtp unix - - n - - smtp
    showq unix n - n - - showq
    error unix - - n - - error
    local unix - n n - - local
    cyrus unix - n n - - pipe
        flags=R user=cyrus argv=/cyrus/bin/deliver -e -q -m ${extension} ${user}
    uucp unix - n n - - pipe
        flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    ifmail unix - n n - - pipe
        flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix - n n - - pipe
        flags=F user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
    # vscan unix - n n - 54 pipe flags=q user=vscan
    argv=/usr/sbin/amavis-perl vscan unix - n n -
    132 pipe flags=q user=vscan argv=/usr/sbin/amavis-0.3.13pre2 $sender
    $recipient localhost:10025 inet n - n - -
    smtpd -o content_filter= -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=reject_unauth_pipelining
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o smtpd_milters=
        -o local_header_rewrite_clients=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o
    receive_override_options=no_header_body_checks,no_unknown_recipient_checks
    smtp-amavis unix - - n - 24 smtp -o
    smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20

    policy unix - n n - - spawn
                 user=nobody argv=/usr/bin/perl /usr/lib/postfix-policyd-spf-perl
    flush unix n - n 1000? 0 flush
    relay unix - - n - - smtp
    proxymap unix - - n - - proxymap
    trace unix - - n - 0 bounce
    verify unix - - n - 1 verify
    anvil unix - - n - 1 anvil
    scache unix - - n - 1 scache
    discard unix - - n - - discard
    tlsmgr unix - - n 1000? 1 tlsmgr
    retry unix - - n - - error

    baobab:~ # postconf -n
    alias_database = hash:/etc/aliases
    alias_maps = hash:/etc/aliases
    biff = no
    bounce_queue_lifetime = 2d
    broken_sasl_auth_clients = yes
    canonical_maps = regexp:/etc/postfix/canonical.reg
    command_directory = /usr/sbin
    command_time_limit = 8565s
    config_directory = /etc/postfix
    content_filter = smtp-amavis:[127.0.0.1]:10024
    daemon_directory = /usr/libexec/postfix
    debug_peer_level = 2
    default_destination_concurrency_limit = 2
    default_process_limit = 1287
    disable_dns_lookups = no
    disable_mime_output_conversion = yes
    empty_address_recipient =
    html_directory = no
    ignore_mx_lookup_error = yes
    inet_interfaces = all
    initial_destination_concurrency = 2
    local_recipient_maps = unix:passwd.byname, $alias_maps, $virtual_maps
    mail_owner = postfix
    mail_spool_directory = /var/spool/mail
    mailbox_command = /usr/bin/procmail -p
    mailbox_size_limit = 212865024
    mailq_path = /usr/bin/mailq
    manpage_directory = /usr/share/man
    maximal_queue_lifetime = 2d
    message_size_limit = 52428800
    mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain, mxrelay.$mydomain, feder.$mydomain, baobab.unita.it, nameron.smd.sublink.org, baobab.mcs.it, nameron.sublink.org, nameron.mcs.it, ciadbox.mcs.it
    myhostname = baobab.bilink.it
    mynetworks = 192.168.138.0/24, 127.0.0.0/8, !212.45.144.150,212.45.144.0/24, 212.45.138.0/24, 194.244.230.104, 62.110.95.162, 212.45.142.0/24, 217.172.210.108, 151.36.111.233, 213.156.49.211, 80.105.106.194, 213.156.49.211, 212.45.149.0/24, 81.74.55.16, 81.74.51.56, 81.116.95.128, 81.116.95.129, 81.116.95.130, 81.116.95.131, 81.116.95.132, 81.116.95.133, 81.116.95.134, 81.116.95.135, 217.57.104.138, 81.114.225.226, 81.115.40.38, 81.72.14.140, 85.36.40.128/28, 192.168.13.0/24, 192.168.132.0/24, 85.36.2.34, 87.28.8.105, 82.106.57.24, 212.45.153.0/24, 192.168.134.0/24
    newaliases_path = /usr/bin/newaliases
    notify_classes = delay,software
    prepend_delivered_header = command, file, forward
    qmgr_message_active_limit = 8008
    queue_directory = /var/spool/postfix
    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    relay_domains = $mydestination, rooibosch, rooibosch.unita.it, ediforum.it, mediaforce.it, bimbo.mcs.it, atadmc.it, starcomitalia.com, hermes.mcs.it, paneangeli.it, bertolini.com, barbiepass.it
    relocated_maps = hash:/etc/postfix/relocated
    sample_directory = /usr/share/doc/packages/postfix/samples
    sendmail_path = /usr/sbin/sendmail
    setgid_group = maildrop
    smtp_destination_concurrency_limit = 2
    smtp_host_lookup = native
    smtp_sasl_auth_enable = no
    smtp_sasl_password_maps = hash:/etc/postfix/saslpass
    smtp_sasl_security_options = noplaintext
    smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
    smtpd_client_connection_count_limit = 0
    smtpd_client_event_limit_exceptions = static:all
    smtpd_error_sleep_time = 0
    smtpd_hard_error_limit = 23
    smtpd_junk_command_limit = 18
    smtpd_recipient_restrictions = check_client_access regexp:/etc/postfix/pacc.rexcheck_client_access cidr:/etc/postfix/cknet.cid, permit_mynetworks, permit_sasl_authenticated, check_client_access hash:/etc/postfix/pop-before-smtp, check_sender_mx_access cidr:/etc/postfix/private_addr_space.cid,reject_unauth_destination, check_policy_service inet:127.0.0.1:2525, check_policy_service unix:private/policy
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_path = private/auth
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_type = dovecot
    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_non_fqdn_sender, check_sender_access regexp:/etc/postfix/access.rex, check_sender_access cidr:/etc/postfix/softbanned.cid, reject_unknown_sender_domain , reject_rbl_client dnsbl.njabl.org, check_recipient_access hash:/etc/postfix/access-to
    smtpd_soft_error_limit = 23
    transport_maps = hash:/etc/postfix/transport
    unknown_local_recipient_reject_code = 450
    baobab:~ #

    Many thanks in advance,

    luciano.

    -- 
     /"\                         /Via A. Salaino, 7 - 20144 Milano (Italy)
     \ /  ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
      X   AGAINST HTML MAIL    /  E-MAIL: 
     / \  AND POSTINGS        /   WWW: http://www.mannucci.ORG/
    

  • Next message: John Payne: "Re: virtual users canonicalization and check_policy_service"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD