On Sun, September 10, 2023 2:03 am, Viktor Dukhovni via Postfix-users wrote:
> Hard to say, you're not well prepared to isolate the issue, and
> the symptoms are diverse.
Viktor, Matus, many thanks!!
Viktor, I think and I'm afraid you've hit the nail on the head... that's
certainly large if not major part of my problem...
thank you for pointing it out! I hope you woke me up...!
> Your amavis content filter has a non-trivial backlog of mail, probably
> because each message takes a long time to process. Here the message sat
> 5.4 seconds in the incoming queue and then took 11 seconds to to deliver
> to amavis. This bottleneck suggess that the amavis filter is doing remote
> DNS lookups that are quite slow.
> You need to review your amavis configuration and disable or tune the
> actions that lead to the processing delays.
OK, took out amavis from main.cf
#content_filter = smtp-amavis:[127.0.0.1]:10024
BIG reduction in Load average, still problem persists
took out amavis line from master.cf submission block
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
# -o content_filter=smtp-amavis:[127.0.0.1]:10026
user still reports problems...
wait... shouldn't main.cf mynetworks = INCLUDE user's fixed IP...??
I thought it always did...?
add IP to mynetwork - I think it's working OK now..
so, it seems my issue was (partially?) not having senders's fixed IP in
mynetworks ?
(I'm still aiming to look at today's logs, eralier today, timeouts, after
editing mynetworks, seems OK)
>> hmmm... supposed to be using 587...
>
> if you properly uncommented submission service in master.cf, the smtp
> should log as postfix/smtps/smtpd or postfix/submission/smtpd
> or your user used port 25 which is used for server-server mail transfer
> and may have different setup.
>
> I e.g. use postscreen (which sometimes adds 6-seconds delay) and also
> spam and virus checking milters (like amavisd-milter) on 25. This takes
> much time.
>
> on port 587/465 I tend to use amavis as content_filter, which means mail
> is received from user and filtered afterwards. This makes apparent
> receiving mail from client much faster.
does this look OK, that's what I had:
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users
originating => 1, # declare that mail was submitted by our smtp client
allow_disclaimers => 1, # enables disclaimer insertion if available
# notify administrator of locally originating malware
virus_admin_maps => ["virusalert\@$mydomain"],
spam_admin_maps => ["virusalert\@$mydomain"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
# forward_method => 'smtp:[127.0.0.1]:10027',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [1], # allow sending any file names and types
terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option
};
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
