Re: Ldap queries optimization

[Angel L. Mateo]

El 17/02/12 17:18, Viktor Dukhovni escribió:


Some queries are repeated, this should have no significant impact.
Focus on overalll performance rather than optimizing non-critical
paths. Postfix is not monolithic, so cleanup(8) repeats some queries
made by smtpd(8), and in smtpd(8) some queries are repeated because
this makes the code more modular. This works well enough for a
large number of Postfix sites, it will work for you too if you
don't sweat the small stuff.

	I know it needs to repeat queries. But, in this case, why not 
implementing a cache for such maps? If I remember well in previous 
versions it did. And it did for other maps, like the one for 
address_verify_map.


	And I know I should focus on the real problem with my ldap server. But 
I would like postfix to make things better (and it doesn't mean it 
doesn't do well)


--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información   _o)
y las Comunicaciones Aplicadas (ATICA)  / \\
http://www.um.es/atica_(___V
Tfo: 868887590
Fax: 86337

Re: Postfix unable to send email for specific domain

[Wietse Venema]

kshitij mali:
 I have postfix chroot i think
[master.cf]

Indeed. Both smtpd (server) and smtp (client) are chrooted. Your
current problem is with the client. You may run into other problems
with the server.

 but i want to know that the problem is with the resolution and sending
 email to specfic domain what its relate to chroot config ?

Please follow my instructions. If the problem disappears, complain
to your Postfix distributor for providing you with broken software.

Wietse

Re: Ldap queries optimization

[Wietse Venema]

Angel L. Mateo:
  Some queries are repeated, this should have no significant impact.
  Focus on overalll performance rather than optimizing non-critical
  paths. Postfix is not monolithic, so cleanup(8) repeats some queries
  made by smtpd(8), and in smtpd(8) some queries are repeated because
  this makes the code more modular. This works well enough for a
  large number of Postfix sites, it will work for you too if you
  don't sweat the small stuff.
 
   I know it needs to repeat queries. But, in this case, why not 
 implementing a cache for such maps? If I remember well in previous 

If you believe this is a problem, contribute a solution.

Wietse

Re: Where should Feature-Wishes go?

[Wietse Venema]

Jean Bruenn:
 On Wed, 22 Feb 2012 07:06:28 -0500 (EST)
 Wietse Venema wie...@porcupine.org wrote:
 
  Jean Bruenn:
   Hello,
   
   I was wondering where feature-wishes should be written to, so I
   assume this maillinglist might be a good start. Might well be that
   other people asked for similar features already, a fast look
   through the archive didn't result in anything like that though.
  
  Discuss designs on the postfix-devel list, then contribute code.
 
 And if I can't code C/C++?

Then you can write it as a Python/Ruby/Perl policy/Milter extension.
For the past 8 years or so, major features have been implemented
by adding programs, not by constantly tinkering with existing code.

If you can't provide working code, then your efforts will remain
an academic exercise.

There is no shortage of ideas, but there is a shortage of cycles
to ensure that new code does not negatively affect the qualities
of the mail system, including its interface for legitimate users,
its surface for attackers, and its worst-case performance
characteristics.

Wietse

Postfix 2.9.1 stable release

[Wietse Venema]

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.9.1.html]

Postfix stable release 2.9.1 is available. This contains fixes that
are already part of Postfix 2.10.

* The change header Milter request could replace the wrong
  header. A long header name could match a shorter one, because
  a length check was done on the wrong string. Reported by
  Vladimir Vassiliev. This was introduced with Postfix 2.3.

* sendmail -bs segfault, due to a missing guard statement
  after an smtpd_check_rewrite() call was moved closer to the
  command processor loop. Fix by Bartek Szady. This was introduced
  20111219 near the end of the 2.9 development cycle.

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.

Wietse

Re: rewrite from: address

[Noel Jones]

On 2/22/2012 6:49 AM, polloxx wrote:
 I also thought to use canonical_maps, but only Return-Path: is
 changed, not the From:
 

Please see
http://www.postfix.org/postconf.5.html#local_header_rewrite_clients



  -- Noel Jones

Re: rewrite from: address

[polloxx]

Thanks Noël.

On Wed, Feb 22, 2012 at 2:47 PM, Noel Jones njo...@megan.vbhcs.org wrote:
 On 2/22/2012 6:49 AM, polloxx wrote:
 I also thought to use canonical_maps, but only Return-Path: is
 changed, not the From:


 Please see
 http://www.postfix.org/postconf.5.html#local_header_rewrite_clients



  -- Noel Jones

using postgres functions for domain tables

[Matthias Leopold]

hi,

i want to use postgres (8.3) plperl functions to provide 
virtual_mailbox_domains/relay_domains.


is this possible?

how do i make a postgres plperl function return a value/row only when 
certain conditions are met and otherwise return nothing/void/0 rows? 
right now my function returns 1 row even when i return undef.


i know this is more of a postgres question, but i couldn't find an 
answer in postgres docs/lists yet. maybe someone here can help me out ;-)


thx
matthias

postfix schema

[vishesh kumar]

Hi All

I want to setup Postfix+LDAP on Redhat EL6. The problem i am facing is
Postfix schema file . The openldap version on EL6 is 2.4.19 and its support
LDAP enabled schema file . I can't see Ldap enabled schema file on my
server and unable to find it on net as well. Can you people guide me in
right direction for this


Thanks  Regards
Vishesh Kumar

Re: using postgres functions for domain tables

[k...@rice.edu]

On Wed, Feb 22, 2012 at 05:30:02PM +0100, Matthias Leopold wrote:
 hi,
 
 i want to use postgres (8.3) plperl functions to provide
 virtual_mailbox_domains/relay_domains.
 
 is this possible?
 
 how do i make a postgres plperl function return a value/row only
 when certain conditions are met and otherwise return
 nothing/void/0 rows? right now my function returns 1 row even
 when i return undef.
 
 i know this is more of a postgres question, but i couldn't find an
 answer in postgres docs/lists yet. maybe someone here can help me
 out ;-)
 
 thx
 matthias
 

The documentation for plperl states:

...to return an SQL null value from a PL/Perl function,
return an undefined value...

Did you try that?

Cheers,
Ken

mailq not showing the recipient

[Ralf Hildebrandt]

A few seconds ago I logged in on our mailbox server and found:

postamt:~# mailq
Queue ID- --Size-- ---Arrival Time --Sender/Recipient--
3TtQjD72G4z2r0c*  1237 Wed Feb 22 18:31:28 s.sxxx...@charite.de

-- 2 Kbytes in 1 Request.
postamt:~# logout

I didn't notice at first, but I then wondered - huh? Why is mailq only
displaying so little information? Is this a freaky timing issue?

The log:

Feb 22 18:31:29 postamt postfix/smtpd[31110]: 3TtQjD72G4z2r0c: 
client=webmail.charite.de[141.42.206.38]
Feb 22 18:31:29 postamt postfix/cleanup[27987]: 3TtQjD72G4z2r0c: 
message-id=04a9a765f941f3fb639ca825d2ac7899.squir...@webmail.charite.de
Feb 22 18:31:29 postamt postfix/qmgr[8645]: 3TtQjD72G4z2r0c: 
from=s.sxxx...@charite.de, size=1237, nrcpt=2 (queue active)
Feb 22 18:31:29 postamt postfix/discard[930]: 3TtQjD72G4z2r0c: 
to=fisc...@charite.de.invalid, relay=none, delay=0.15, delays=0.09/0.06/0/0, 
dsn=2.0.0, status=sent (Sie haben eine nicht vollqualifizierte Emailadresse 
verwendet)
Feb 22 18:31:29 postamt postfix/smtp[19296]: 3TtQjD72G4z2r0c: 
to=rt.fisc...@charite.de, relay=mail2.charite.de[141.42.206.200]:25, 
delay=0.52, delays=0.09/0.01/0.06/0.37, dsn=2.0.0, status=sent (250 2.0.0 from 
MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 3TtQjF3BJLz1tLN) 
Feb 22 18:31:29 postamt postfix/qmgr[8645]: 3TtQjD72G4z2r0c: removed

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Adding custom header

[Jack Knowlton]

On Wed, February 22, 2012 1:20 am, Wietse Venema wrote:
 Jack Knowlton:
 Hi guys.
 My mailserver uses a relayhost which basically only signs messages with
 DKIM and delivers them.
 I would like to add a custom header, something like X-Abuse: if
 spam/uce
 email ab...@mydomain.com.
 How should I go about, without postfix adding the header twice (before
 and
 after dkimfilter-out)?

 See the discussion of receive_override_options in the FILTER_README
 documentation (http://www.postfix.org/FILTER_README.html).

   Wietse


Thanks. It does seem to work :)

Now I would like to add another header, right under the X-Abuse. How can I
perform that?
I tried with the same regex based on /^Subject: .*/, but it doesn't seem
to be adding both..

-JK

Re: mailq not showing the recipient

[Ralf Hildebrandt]

* Ralf Hildebrandt ralf.hildebra...@charite.de:

 Feb 22 18:31:29 postamt postfix/cleanup[27987]: 3TtQjD72G4z2r0c: 
 message-id=04a9a765f941f3fb639ca825d2ac7899.squir...@webmail.charite.de
 Feb 22 18:31:29 postamt postfix/qmgr[8645]: 3TtQjD72G4z2r0c: 
 from=s.sxxx...@charite.de, size=1237, nrcpt=2 (queue active)
 Feb 22 18:31:29 postamt postfix/discard[930]: 3TtQjD72G4z2r0c: 
 to=fisc...@charite.de.invalid, relay=none, delay=0.15, 
 delays=0.09/0.06/0/0, dsn=2.0.0, status=sent (Sie haben eine nicht 
 vollqualifizierte Emailadresse verwendet)
 Feb 22 18:31:29 postamt postfix/smtp[19296]: 3TtQjD72G4z2r0c: 
 to=rt.fisc...@charite.de, relay=mail2.charite.de[141.42.206.200]:25, 
 delay=0.52, delays=0.09/0.01/0.06/0.37, dsn=2.0.0, status=sent (250 2.0.0 
 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 3TtQjF3BJLz1tLN) 
 Feb 22 18:31:29 postamt postfix/qmgr[8645]: 3TtQjD72G4z2r0c: removed

This is postfix-2.10-20120218

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: mailq not showing the recipient

[Wietse Venema]

Ralf Hildebrandt:
 A few seconds ago I logged in on our mailbox server and found:
 
 postamt:~# mailq
 Queue ID- --Size-- ---Arrival Time --Sender/Recipient--
 3TtQjD72G4z2r0c*  1237 Wed Feb 22 18:31:28 s.sxxx...@charite.de
 
 -- 2 Kbytes in 1 Request.
 postamt:~# logout
 
 I didn't notice at first, but I then wondered - huh? Why is mailq only
 displaying so little information? Is this a freaky timing issue?

It shows only recipients that are still need to be delivered.

Wietse

Re: mailq not showing the recipient

[Viktor Dukhovni]

On Wed, Feb 22, 2012 at 06:37:04PM +0100, Ralf Hildebrandt wrote:

 postamt:~# mailq
 Queue ID- --Size-- ---Arrival Time --Sender/Recipient--
 3TtQjD72G4z2r0c*  1237 Wed Feb 22 18:31:28 s.sxxx...@charite.de
 
 I didn't notice at first, but I then wondered - huh? Why is mailq only
 displaying so little information? Is this a freaky timing issue?

Not freaky, but yes timing, all the recipients were delivered, but
the message had not yet been deleted from the active queue.

 The log:
 
 Feb 22 18:31:29 postamt postfix/smtpd[31110]: 3TtQjD72G4z2r0c: 
 client=webmail.charite.de[141.42.206.38]
 Feb 22 18:31:29 postamt postfix/cleanup[27987]: 3TtQjD72G4z2r0c: 
 message-id=04a9a765f941f3fb639ca825d2ac7899.squir...@webmail.charite.de
 Feb 22 18:31:29 postamt postfix/qmgr[8645]: 3TtQjD72G4z2r0c: 
 from=s.sxxx...@charite.de, size=1237, nrcpt=2 (queue active)
 Feb 22 18:31:29 postamt postfix/discard[930]: 3TtQjD72G4z2r0c: 
 to=fisc...@charite.de.invalid, relay=none, delay=0.15, 
 delays=0.09/0.06/0/0, dsn=2.0.0, status=sent (Sie haben eine nicht 
 vollqualifizierte Emailadresse verwendet)
 Feb 22 18:31:29 postamt postfix/smtp[19296]: 3TtQjD72G4z2r0c: 
 to=rt.fisc...@charite.de, relay=mail2.charite.de[141.42.206.200]:25, 
 delay=0.52, delays=0.09/0.01/0.06/0.37, dsn=2.0.0, status=sent (250 2.0.0 
 from MTA(smtp:[127.0.0.1]:10026): 250 2.0.0 Ok: queued as 3TtQjF3BJLz1tLN) 

You ran mailq at approximately this juncture.

 Feb 22 18:31:29 postamt postfix/qmgr[8645]: 3TtQjD72G4z2r0c: removed

-- 
Viktor.

Re: Adding custom header

[Wietse Venema]

Jack Knowlton:
 I would like to add a custom header, something like X-Abuse: if
 spam/uce email ab...@mydomain.com.  How should I go about, without
 postfix adding the header twice (before and after dkimfilter-out)?

Wietse
 See the discussion of receive_override_options in the FILTER_README
 documentation (http://www.postfix.org/FILTER_README.html).

Jack Knowlton:
 Thanks. It does seem to work :)
 
 Now I would like to add another header, right under the X-Abuse.
 How can I perform that?  I tried with the same regex based on
 /^Subject: .*/, but it doesn't seem to be adding both..

Postfix header/body_checks are not intended to provide a complete
message content manipulation system.

In this case, a Milter plug-in would be more appropriate. 

Applying header/body_checks etc. rules to output from header/body_checks
rules would be unsafe.

Wietse

Re: mailq not showing the recipient

[Ralf Hildebrandt]

* Wietse Venema wie...@porcupine.org:
 Ralf Hildebrandt:
  A few seconds ago I logged in on our mailbox server and found:
  
  postamt:~# mailq
  Queue ID- --Size-- ---Arrival Time --Sender/Recipient--
  3TtQjD72G4z2r0c*  1237 Wed Feb 22 18:31:28 s.sxxx...@charite.de
  
  -- 2 Kbytes in 1 Request.
  postamt:~# logout
  
  I didn't notice at first, but I then wondered - huh? Why is mailq only
  displaying so little information? Is this a freaky timing issue?
 
 It shows only recipients that are still need to be delivered.

Thanks for the clarification.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: postfix schema

[Jeroen Geilman]

On 02/22/2012 05:46 PM, vishesh kumar wrote:

Hi All

I want to setup Postfix+LDAP on Redhat EL6. The problem i am facing is 
Postfix schema file . The openldap version on EL6 is 2.4.19 and its 
support LDAP enabled schema file . I can't see Ldap enabled schema 
file on my server and unable to find it on net as well. Can you people 
guide me in right direction for this



Thanks  Regards
Vishesh Kumar


There is no postfix schema.

An LDAP map file contains the details required to perform an LDAP 
lookup, and interpret the results in a way postfix can use them.


See http://www.postfix.org/ldap_table.5.html for details.

--
J.

Delay before initial 220 greeting

[Alex]

Hi,

I have a postfix-2.8.7 system with fedora15 and amavisd-new-2.6.6.
Lately I have been experiencing significant delays before receiving
the initial postfix 220 greeting from all remote hosts. I've verified
DNS is working properly and can resolve hosts properly. It seems to be
related to system load and doesn't occur as frequently when the server
is less busy.

I've experimented with various parameters but am really unsure where
to start. I was unsure if it was somehow related to
smtpd_client_connection_count_limit or some other limit parameter. My
guess is it's related to not spawning enough smtp processes to accept
the incoming connections?

This issue occurs even when amavisd is otherwise idle, with a least a
few processes idle. This server is a dual quad-core Xeon with 16GB.

I've also enabled debug_peer_list and it really doesn't reveal
anything helpful. I can see the initial postscreen connection, then a
large delay, then immediately the match_hostname, match_hostaddr
statements, and the 220 greeting:

Feb 22 13:14:35 mail01 postfix/postscreen[25319]: CONNECT from
[64.XXX.YYY.2]:48144
Feb 22 13:14:35 mail01 postfix/postscreen[25319]: WHITELISTED
[64.XXX.YYY.2]:48144
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: connect from
rogue.example.com[64.XXX.YYY.2]
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: match_hostname:
rogue.example.com ~? 127.0.0.0/8
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: match_hostaddr:
64.XXX.YYY.2 ~? 127.0.0.0/8
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: match_hostname:
rogue.example.com ~? 192.168.1.0/24
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: match_hostaddr:
64.XXX.YYY.2 ~? 192.168.1.0/24
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: match_hostname:
rogue.example.com ~? 192.168.6.0/24
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: match_hostaddr:
64.XXX.YYY.2 ~? 192.168.6.0/24
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: match_hostname:
rogue.example.com ~? 68.XXX.YYY.40/29
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: match_hostaddr:
64.XXX.YYY.2 ~? 68.XXX.YYY.40/29
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: match_hostname:
rogue.example.com ~? 64.XXX.YYY.0/27
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: match_hostaddr:
64.XXX.YYY.2 ~? 64.XXX.YYY.0/27
Feb 22 13:16:31 mail01 postfix/smtpd[3184]: 
rogue.example.com[64.XXX.YYY.2]: 220 mail01.example.com ESMTP Postfix

I've included my postfinger output below. I also have another issue
that I'm unsure is related. I've had to create a client_checks_special
and sender_checks_special maps, in addition to my normal sender and
client maps, because something in my smtpd_recipient_restrictions was
rejecting my exceptions in those maps before reaching my other
sender_checks and client_checks maps.

postfinger - postfix configuration on Wed Feb 22 13:03:09 EST 2012
version: 1.30

--System Parameters--
mail_version = 2.8.7
hostname = mail01.example.com
uname = Linux mail01.example.com 2.6.42.3-2.fc15.x86_64 #1 SMP Thu Feb
9 01:42:06 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

--Packaging information--
looks like this postfix comes from RPM package: postfix-2.8.7-1.fc15.x86_64

--main.cf non-default parameters--
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_mail_to_files = alias,forward
always_bcc = bcc-user
biff = no
body_checks = regexp:/etc/postfix/body_checks.pcre
content_filter = smtp-amavis:[127.0.0.1]:10024
debug_peer_list = 64.XXX.YYY.0/27
default_process_limit = 200
delay_warning_time = 4h
disable_vrfy_command = yes
header_checks =
pcre:/etc/postfix/header_checks.pcre
pcre:/etc/postfix/header_checks-jimsun.pcre
initial_destination_concurrency = 20
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 20
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 13312000
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = $myhostname, localhost.$mydomain
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 192.168.6.0/24,
68.XXX.YYY.40/29, 64.XXX.YYY.0/27, 206.XXX.YYY.45/32,
167.XXX.YYY.192/26, 74.XXX.YYY.160/27, 67.XXX.YYY.224/28,
160.XXX.YYY.3
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1
b.barracudacentral.org*1
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix-2.8.7/README_FILES
relay_domains = $mydestination, $transport_maps, example.com,
cs.example.com, hotel.example.com, example.com
sample_directory = /usr/share/doc/postfix-2.8.7/samples
smtpd_recipient_restrictions =
reject_non_fqdn_recipient,  check_client_access
hash:/etc/postfix/client_checks_special,check_sender_access
hash:/etc/postfix/sender_checks_special,reject_non_fqdn_sender, 
reject_unlisted_recipient,  permit_mynetworks,  
reject_unauth_destination,  

Re: Delay before initial 220 greeting

[Wietse Venema]

Alex:
 Hi,
 
 I have a postfix-2.8.7 system with fedora15 and amavisd-new-2.6.6.
 Lately I have been experiencing significant delays before receiving
 the initial postfix 220 greeting from all remote hosts. I've verified

What is the output from:

grep warning: /var/log/maillog

Then you may want to read this webpage:

http://www.postfix.org/STRESS_README.html

Wietse

Re: postfix schema

[Nikolaos Milas]

On 22/2/2012 8:13 μμ, Jeroen Geilman wrote:

There is no postfix schema. 


Indeed, there is no official Postfix schema.

However, it will be interesting to read the following threads:

http://www.openldap.org/lists/openldap-technical/201105/msg00033.html
and
http://www.openldap.org/lists/openldap-technical/201202/msg00147.html

In my implementation we use the former for virtual aliases AND user 
aliases, while we use mail,uid attributes of people entries for mail 
and mailboxes (standard inetOrgPerson schema).


This is the simplest solution (described in the former thread).

I am now planning a change, based on my thoughts mentioned in the latter 
thread. When finished, the Postfix schema mentioned in the former 
thread, will be used only for virtual aliases, while the rest will use a 
schema like the one sketched in the latter thread.


I wish there was a standardized/optimized schema for this use, but I am 
afraid there is not. Yet, if you research based on the above info, 
you'll find your way through.


Best regards,
Nick



smime.p7s
Description: S/MIME Cryptographic Signature

postscreen dnsbl logging

[Wietse Venema]

I have changed postscreen DNSBL reject logging, so that it now
gives credit to the DNSBL with the largest weight, instead of the
DNSBL that replies first. I think that the result resembles more
what some people expected to see.

Wietse

Before:

dnsblog[75702]: addr 124.42.204.113 listed by domain b.barracudacentral.org as 
127.0.0.2
dnsblog[75702]: addr 124.42.204.113 listed by domain zen.spamhaus.org as 
127.0.0.4
postscreen[75699]: DNSBL rank 3 for [124.42.204.113]:3566
postscreen[75699]: NOQUEUE: reject: RCPT from [124.42.204.113]:3566: 550 5.7.1 
Service unavailable; client [124.42.204.113] blocked using 
b.barracudacentral.org; ...

After:

dnsblog[99956]: addr 124.42.204.113 listed by domain b.barracudacentral.org as 
127.0.0.2
dnsblog[99937]: addr 124.42.204.113 listed by domain zen.spamhaus.org as 
127.0.0.4
postscreen[99920]: DNSBL rank 3 for [124.42.204.113]:2446
postscreen[99920]: NOQUEUE: reject: RCPT from [124.42.204.113]:2446: 550 5.7.1 
Service unavailable; client [124.42.204.113] blocked using zen.spamhaus.org; ...

Re: Delay before initial 220 greeting

[Stan Hoeppner]

On 2/22/2012 12:33 PM, Wietse Venema wrote:
 Alex:
 Hi,

 I have a postfix-2.8.7 system with fedora15 and amavisd-new-2.6.6.
 Lately I have been experiencing significant delays before receiving
 the initial postfix 220 greeting from all remote hosts. I've verified
 
 What is the output from:
 
 grep warning: /var/log/maillog
 
 Then you may want to read this webpage:
 
 http://www.postfix.org/STRESS_README.html

You've already got a default_process_limit of 200 which should be more
than plenty for a very large inbound stream, assuming everything else is
in order.

In addition to the recommendations in the STRESS_README WRT decreasing
time spent per connection by each smtpd, I'd add that if you're not
already running a local caching DNS resolver on your Postfix host, you
should implement such.  It could shave up to a second off the smtpd
processing time for each connection, which is significant for a loaded
server with 200 smtpds experiencing this problem.

On 2/22/2012 12:23 PM, Alex wrote:

 postscreen_blacklist_action = enforce
 postscreen_dnsbl_action = enforce
 postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1
 b.barracudacentral.org*1
 postscreen_dnsbl_threshold = 2

 reject_rbl_client zen.spamhaus.org, reject_rbl_client psbl.surriel.com

You're rejecting based on zen twice, once in Postscreen and once in
smtpd.  May as well remove the smtpd entry.  And you may as well move
psbl into postscreen.  If it's going to kill a connection you may as
well do it before tying up an smtpd process, which is currently a problem.

You're currently doing a combined 5 dnsbl lookups per connection plus
two for the forward and reverse names, for a total of 7 per connection.
 This may likely be part of your current problem, especially if using a
high latency external resolver (ISP for instance).

Four external dnsbl queries per connect may be a bit excessive for a
host under this kind of load.  In addition to a local caching resolver,
consider using a local rbldnsd instance for serving the spamcop and psbl
zones, and zen if you're a paying customer.  This will cut total
external dns queries down to 4 or 3 from your current 7.  Along with a
local resolver, this should pretty much eliminate dns latency as a
factor in tying up smtpd processes.

If your current average dns latency is 10ms you're looking at 0.7
seconds of time in smtpd just for dns lookups.  If it's 30ms it's 2.1
seconds.  That's peanuts on a lightly loaded MX, but more than
significant on a host with 200 smtpds that can't seem to keep up with
the load currently.

-- 
Stan

Re: using postgres functions for domain tables

[Peter]

On 23/02/12 05:30, Matthias Leopold wrote:
 how do i make a postgres plperl function return a value/row only when
 certain conditions are met and otherwise return nothing/void/0 rows?
 right now my function returns 1 row even when i return undef.

Have you tried using your function in the WHERE clause of your SQL query?


Peter