We got hit by an iContact run last night and I woke up with several hundred postmaster messages reporting a queue file write error. We run a before-queue amavis.
Here are the logs of one of these transactions: Jul 13 10:39:10 mx1 postfix/smtpd[14918]: connect from drone074.ral.icpbounce.com[216.27.86.131] Jul 13 10:39:10 mx1 postfix/smtpd[14918]: discarding EHLO keywords: DSN Jul 13 10:39:10 mx1 postfix/smtpd[14918]: NOQUEUE: client=drone074.ral.icpbounce.com[216.27.86.131] Jul 13 10:40:51 mx1 postfix/smtpd[14918]: warning: timeout talking to proxy localhost:10024 Jul 13 10:40:51 mx1 postfix/smtpd[14918]: proxy-reject: END-OF- MESSAGE: 451 4.3.0 Error: queue file write error; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<drone074.ral.icpbounce.com> Jul 13 10:40:51 mx1 postfix/smtpd[14918]: disconnect from drone074.ral.icpbounce.com[216.27.86.131] Now, I understand (I think) what happened: amavis was hung up scanning the other ninety gabillion junk messages that they spammed us with, so it didn't respond in time. But, I think my configuration should have the same number of amavis and smtpd processes available so postfix shouldn't even answer the door if amavis isn't available. Anything else I should be doing? # # master.cf # smtp inet n - n - 1 postscreen smtpd pass - - n - 100 smtpd dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard anvil unix - - n - 1 anvil scache unix - - n - 1 scache 127.0.0.1:10025 inet n - n - - smtpd -o smtpd_proxy_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= policyd-spf unix - n n - 0 spawn user=policyd-spf argv=/usr/bin/policyd-spf proxywrite unix - - n - 1 proxymap # # postconf -n # address_verify_positive_expire_time = 7d address_verify_positive_refresh_time = 3h address_verify_sender = [email protected] append_dot_mydomain = no config_directory = /etc/postfix default_database_type = cdb disable_vrfy_command = yes error_notice_recipient = [email protected] fast_flush_domains = inet_interfaces = 127.0.0.1, 65.246.80.15 local_recipient_maps = local_transport = error:local mail delivery is disabled. message_size_limit = 100000000 mydestination = mydomain = viabit.com myhostname = mx1.viabit.com mynetworks_style = host postscreen_bare_newline_action = enforce postscreen_bare_newline_enable = yes postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = psbl.surriel.com*2, bl.spamcop.net*2, zen.spamhaus.org*2, b.barracudacentral.org*2, bl.spameatingmonkey.net, spamtrap.trblspam.com, dnsbl.sorbs.net, dnsbl.njabl.org, dnsbl.ahbl.org, bl.mailspike.net postscreen_dnsbl_threshold = 2 postscreen_greet_action = enforce postscreen_non_smtp_command_action = enforce postscreen_non_smtp_command_enable = yes postscreen_pipelining_action = enforce postscreen_pipelining_enable = yes relay_domains = cdb:/etc/postfix/maps/relay_domains, cdb:/etc/postfix/maps/relay_domains-permanent, proxy:pgsql:/etc/postfix/maps/relay_domains.pgsql relay_recipient_maps = cdb:/etc/postfix/maps/relay_recipient_maps, cdb:/etc/postfix/maps/relay_recipient_maps-permanent,proxy:pgsql:/etc/postfix/maps/relay_recipient_maps.pgsql relayhost = mail1.viabit.com show_user_unknown_table_name = no smtp_discard_ehlo_keywords = dsn smtp_mx_session_limit = 3 smtp_skip_5xx_greeting = no smtpd_client_connection_count_limit = 20 smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_discard_ehlo_keywords = dsn smtpd_error_sleep_time = 10 smtpd_hard_error_limit = 5 smtpd_helo_required = yes smtpd_junk_command_limit = 3 smtpd_proxy_filter = localhost:10024 smtpd_proxy_options = speed_adjust smtpd_recipient_restrictions = reject_unauth_destination, reject_unlisted_recipient, check_recipient_access cdb:/etc/postfix/maps/recipient_verify_domains, check_recipient_access cdb:/etc/postfix/maps/rfc_addresses, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_unknown_reverse_client_hostname, reject_unknown_sender_domain, check_client_access cidr:/etc/postfix/maps/generic_rbl_clients.cidr, check_sender_access cdb:/etc/postfix/maps/backscatter_senders, reject_rhsbl_client dbl.spamhaus.org, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, check_sender_access pcre:/etc/postfix/maps/yahoo_domains.pcre, check_policy_service unix:private/policyd-spf, permit smtpd_restriction_classes = spf_pass_helo, spf_pass_from smtpd_soft_error_limit = 2 smtpd_tls_cert_file = /etc/ssl/mx1.viabit.com/mx1.viabit.com.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache strict_rfc821_envelopes = yes tls_append_default_CA = yes transport_maps = cdb:/etc/postfix/maps/transport_maps, proxy:pgsql:/etc/postfix/maps/transport_maps.pgsql unknown_address_reject_code = 550 unknown_client_reject_code = 550 unverified_recipient_reject_code = 550 virtual_transport = error:virtual mail delivery is disabled. # # amavisd daemon config # $max_servers = 100; $max_requests = 25; $child_timeout = 180; $smtpd_timeout = 120;
