On Tue, May 21, 2024 at 08:31:51AM -0500, Greg Sims wrote:
> Changes:
> * certs back to defaults
> * smtp_tls_loglevel = 1
Better. Now it is time to post a more detailed transcript of a single
message (the sender and recipient addresses can be obfuscated if you
wish, the recipient domain would ideally stay untouched).
See:
https://github.com/vdukhovni/postfix/tree/master/postfix/auxiliary/collate
> Here is a set of delays from the logs:
>
> delays=0.01/2639/25/0.41
> delays=0.01/2639/25/0.58
> delays=0.01/2641/25/0.58
> delays=0.01/2644/25/0.69
> delays=0.01/2643/25/0.58
> delays=0.01/2640/25/0.57
As noted by Wietse that 25s "connection setup" time is the source of the
problem, but it might represent more than one connection attempt, as it
is the time from the beginning of the delivery attempt to the start of
the mail transaction that delivered that envelope recipient, and so if
there are multiple connections attempted (or DNS lookup issues, ...)
this would include the associated latency.
A complete message history (for one such message) from "collate" may
show some of the associated activity. You should also check for
any relevant related logs from "tlsproxy".
If that's still not illuminating, it may be helpful to run at least one
smtp(8)-based transport in verbose mode ("-v" flag in master.cf), and
to see all the activity that went on behind the scenes.
Also, do you have a TLS client session cache configured?
I have:
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
this can substantially speed up TLS handshakes with the remote servers,
and perhaps also avoid running into potential (speculative) TLS session
creation rate limits.
Have you changed any of the SMTP client timeouts? DNS aside, the only
significant timeout that is south of 20s is:
smtp_rset_timeout = 20s
which is relevant because the first command to sanity-check a cached
connection is "RSET", which is issued just before starting the new mail
transaction. If for some reason the remote servers are tarpitting
"RSET", that could be the source of the problem.
This is perhaps a good time to ask you for your full configuration,
not just cherry-picked individual settings. Please post the outputs of:
$ postconf -nf
$ postconf -Mf
with all whitespace (including linebreaks) preserved.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
