just out of curiosity, does this KVM host uses some nas\san for VMs HD?
On 03/05/2012 10:10, Nikolaos Milas wrote:
On 3/5/2012 1:54 πμ, Wietse Venema wrote:
For other details, see the local mail logfile
Look at the last line!
Thank you Wietse,
The only thing probably related to the issue, logged with the same
timestamp *for the particular case I reported* is:
May 2 23:25:03 vmail postfix/cleanup[28676]: warning: 2136FC4D17A: read
timeout on cleanup socket
May 2 23:25:03 vmail postfix/cleanup[28585]: warning: 1748FC4D145: read
timeout on cleanup socket
Note however that I can't find such messages for all the cases for which
I received such a mail notification (not even with a close timestamp)
and, the opposite, I have not received similar notifications for all the
cases where a message "read timeout on cleanup socket" was logged.
The problem did not reappear after I rebooted (but this may be a
coincidence).
Until reboot (and not later), I had other evidence of some sort of
"instability":
May 2 20:58:10 vmail postfix/smtpd[25989]: warning: problem talking to
service rewrite: Connection reset by peer
May 2 20:58:10 vmail postfix/master[2486]: warning: process
/usr/libexec/postfix/trivial-rewrite pid 25067 exit status 1
...
May 2 22:46:24 vmail postfix/trivial-rewrite[29186]: warning:
dict_ldap_lookup: Search error -5: Timed out
May 2 22:46:24 vmail postfix/trivial-rewrite[29186]: fatal:
ldap:/etc/postfix/ldap-alias-vacation.cf(0,lock|fold_fix): table lookup
problem
I have not seen any successful deliveries of messages with the same info
(sender/recipient etc.) for these cases, so I assume that servers are
not retrying to re-send.
Two more errors that might be interesting / related to the above issue(?):
May 2 21:42:37 vmail postfix/cleanup[27234]: warning: file system clock
is 251 seconds behind local clock
May 2 21:42:37 vmail postfix/cleanup[27231]: warning: file system clock
is 253 seconds behind local clock
I have never seen these errors again, and they did not re-appear. What
is their significance? I am running ntp on this and on all other servers
(I remind you that Postfix is running on a CentOS virtual server on a
KVM host.)
I am not using postscreen on this server.
Nick
For reference, my config:
============================
# postconf -n
alias_database = hash:/etc/postfix/aliases,
hash:/etc/postfix/aliases.d/virtual_aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_logging_resolution_limit = 3
deliver_lock_attempts = 40
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4, ipv6
local_header_rewrite_clients = static:all
mail_owner = postfix
mailbox_command = /usr/lib/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 41943040
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = noa.gr
myhostname = vmail.noa.gr
mynetworks = 195.251.204.0/24, 195.251.202.0/24, 195.251.203.0/24,
194.177.194.0/24, 194.177.195.0/24, 127.0.0.0/8, 195.251.5.0/24,
[2001:648:2011::]/48
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
parent_domain_matches_subdomains =
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_canonical_maps = hash:/etc/postfix/domainrecipientmap
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sender_canonical_maps = hash:/etc/postfix/domainsendermap
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject
smtpd_delay_reject = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_destinations,
permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,
reject_unknown_recipient_domain,reject_unverified_recipient
smtpd_restriction_classes = controlled_senders,allowed_list1
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/certs/chain-180.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/cert-180.pem
smtpd_tls_exclude_ciphers = DES,3DES,MD5,aNULL,AES128,CAMELLIA128
smtpd_tls_key_file = /etc/pki/tls/private/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/aliases,
hash:/etc/postfix/aliases.d/virtual_aliases,
ldap:/etc/postfix/ldap-alias-vacation.cf, ldap:/etc/postfix/ldap-aliases.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /home/vmail/
virtual_mailbox_domains = $mydomain, space.$mydomain, admin.$mydomain,
nestor.$mydomain, gein.$mydomain, meteo.$mydomain, technet.$mydomain,
astro.$mydomain
virtual_mailbox_limit = 0
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_transport = dovecot
virtual_uid_maps = static:500
============================
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
