On Wed, Aug 14, 2019 at 12:44:30PM -0700, Sean Hogberg wrote:
[ The OP should consider using a paragraph break now and then. ]
> Anyway, I'm seeing mail sit in the active queue (picked up by qmgr, but
> not sent to smtp) for 20-40 mins.
Perhaps your MTA is accepting mail to invalid recipients, only to
bounce it after a failed inbound delivery. If the sender address
is also bogus, the bounces may tempfail, and clog the queue.
The solution is to configure the MTA to reject invalid (and, if
applicable, over-quota) recipient addresses, thereby eliminating
the source of the congestion. You should probably also raise the
smtp transport ("unix" not "inet") process limit in master.cf, and
perhaps also the default_process_limit.
> Then it seems like the qmgr process
> restarts and processes all mail in the active queue, then handles the queue
> as you'd expect for 20-40 mins.
What do you mean by "restarts"? If some cron job is actually
restarting the queue manager ("postfix reload") that's rather
conterproductive, and you should get rid of that cron job.
Similarly, any periodic "postfix flush" is a bad idea.
What can help a bit is raising the ratio of the minimal_backoff_time
and maximal_backoff_time:
miminal_backoff_time = 225s
maximal_backoff_time = 14400s
This retries fresh mail more quickly, but then retries messages
that failed multiple times less often. Overall, the amount
of time mail that ultimately bounces will spend less time
clogging the queue.
> Logs\conf:
> https://pastebin.com/qEweh4ph
Static connection caching is probably unwise:
smtp_connection_cache_destinations = static:all
The bounce_queue_lifetime = 2h hints at excessive bounce rates,
address the root cause, not the symptoms. For legitimate mail,
bounces should be retried substantially longer than that.
This MTA appears to only process outbound mail, mydestination is
empty and there are no relay or virtual domains. Any mail to
problem destinations is therefore originating with the trusted
clients (mynetworks). If they're doing poor recipient validation,
address that. This MTA looks like a bulk mail engine, perhaps
for clients with "dirty" lists. If so, "good luck" with that...
If your syslog-daemon is doing synchronous writes to the log file,
then performance can be impacted by silly logging such as:
postfix-mainqueue/smtp[25032]: CD992CCAB3099: warning: header X-...
do you really need those? And of course, if applicable, turn off
synchronous syslog writes:
http://www.postfix.org/BASIC_CONFIGURATION_README.html#syslog_howto
--
Viktor.
