On Sun, September 10, 2023 2:03 am, Viktor Dukhovni via Postfix-users wrote:
> Hard to say, you're not well prepared to isolate the issue, and > the symptoms are diverse. Viktor, Matus, many thanks!! Viktor, I think and I'm afraid you've hit the nail on the head... that's certainly large if not major part of my problem... thank you for pointing it out! I hope you woke me up...! > Your amavis content filter has a non-trivial backlog of mail, probably > because each message takes a long time to process. Here the message sat > 5.4 seconds in the incoming queue and then took 11 seconds to to deliver > to amavis. This bottleneck suggess that the amavis filter is doing remote > DNS lookups that are quite slow. > You need to review your amavis configuration and disable or tune the > actions that lead to the processing delays. OK, took out amavis from main.cf #content_filter = smtp-amavis:[127.0.0.1]:10024 BIG reduction in Load average, still problem persists took out amavis line from master.cf submission block submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject # -o content_filter=smtp-amavis:[127.0.0.1]:10026 user still reports problems... wait... shouldn't main.cf mynetworks = INCLUDE user's fixed IP...?? I thought it always did...? add IP to mynetwork - I think it's working OK now.. so, it seems my issue was (partially?) not having senders's fixed IP in mynetworks ? (I'm still aiming to look at today's logs, eralier today, timeouts, after editing mynetworks, seems OK) >> hmmm... supposed to be using 587... > > if you properly uncommented submission service in master.cf, the smtp > should log as postfix/smtps/smtpd or postfix/submission/smtpd > or your user used port 25 which is used for server-server mail transfer > and may have different setup. > > I e.g. use postscreen (which sometimes adds 6-seconds delay) and also > spam and virus checking milters (like amavisd-milter) on 25. This takes > much time. > > on port 587/465 I tend to use amavis as content_filter, which means mail > is received from user and filtered afterwards. This makes apparent > receiving mail from client much faster. does this look OK, that's what I had: submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o content_filter=smtp-amavis:[127.0.0.1]:10026 $interface_policy{'10026'} = 'ORIGINATING'; $policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users originating => 1, # declare that mail was submitted by our smtp client allow_disclaimers => 1, # enables disclaimer insertion if available # notify administrator of locally originating malware virus_admin_maps => ["virusalert\@$mydomain"], spam_admin_maps => ["virusalert\@$mydomain"], warnbadhsender => 1, # forward to a smtpd service providing DKIM signing service # forward_method => 'smtp:[127.0.0.1]:10027', # force MTA conversion to 7-bit (e.g. before DKIM signing) smtpd_discard_ehlo_keywords => ['8BITMIME'], bypass_banned_checks_maps => [1], # allow sending any file names and types terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org