Sudden degradation in Postfix performance.
Greetings, I've been using Postfix for many years - since about 2002 - and I've finally come across a problem I've not been able to resolve by searching online, or from tapping into my personal network. So I have come to you all for help. I have two machines: Machine A: My primary 8 core Xeon 2.27GHz, 24Gb RAM primarily running Postfix 2.6.6 (SLES 6.6 distro) Machine B: A test box 16 core Xeon 2.2Ghz w/16Gb RAM, primarily running Apache, RabbitMQ, MemcacheD and finally Postfix 2.9 (Ubuntu 12.04). Machine A is used to distribute to a couple of double-opt-in mailing lists a week, total recipients between 30,000 and 180,000. The 'sendmail' binary is used to inject messages into the queue from a distribution manager. The setup on the server is simple: Postfix with two header checks to prepend a List-Unsubscribe and a Precedence header, and using an OpenDKIM milter for Domain Keys signing. Nothing other than that. Prior to the last week of October using the distribution manager, it was possible on machine A to inject around 25 messages (full size - about 70k each) a second into the maildrop queue. Since the end of October, that number has dropped to 16 a second on a good day. I wrote a test script (basic for-loop which sent a 1 line, 500 byte email) and disabled the milters (OpenDKIM and header_checks), it took 12.75 seconds to inject 500 messages onto Machine A. As a test, I ran exactly the same script on Machine B. It injected 1000 messages (about 500 bytes in size) into the maildrop queue in 4.95 seconds. (I appreciate Machine B is slightly higher spec, but I wouldn't expect such disparity!) I ran qshape during the last mailing on machine A, and the machine was able to send mails out as fast as it received them; there was no congestion in any of the queues (maildrop, incoming, outgoing, etc). I have no machine stats prior to October - I only came onto the project last week - do I don't know what (if anything) changed on that week to cause performance to drop so suddenly. I have run read/write tests on both disks - Machine A and B do about 500Mb/second reads, and 380Mb/second writes; all looks OK. I'm not sure why SLES 6.6 was chosen as it was a new build in August, but know only Postfix 2.6.6 is officially available in the repo for that distribution. I have 2.11.3 built and ready to go on that machine but would prefer not to just upgrade on the off-chance it'll 'fix' the problem when there may be something I'm missing entirely. Have there been huge improvements to the efficiency of the code base between 2.6 and 2.9 (or 2.11)? Does anyone have suggestions on where else I can look for the cause? Thank you in advance for any help you can provide. -- Jonathan K. Tullett
Re: Sudden degradation in Postfix performance.
Am 21.12.2014 um 10:13 schrieb Jonathan K. Tullett jonathan+postfix@dda.systems: Greetings, I've been using Postfix for many years - since about 2002 - and I've finally come across a problem I've not been able to resolve by searching online, or from tapping into my personal network. So I have come to you all for help. I have two machines: Machine A: My primary 8 core Xeon 2.27GHz, 24Gb RAM primarily running Postfix 2.6.6 (SLES 6.6 distro) Machine B: A test box 16 core Xeon 2.2Ghz w/16Gb RAM, primarily running Apache, RabbitMQ, MemcacheD and finally Postfix 2.9 (Ubuntu 12.04). Machine A is used to distribute to a couple of double-opt-in mailing lists a week, total recipients between 30,000 and 180,000. The 'sendmail' binary is used to inject messages into the queue from a distribution manager. The setup on the server is simple: Postfix with two header checks to prepend a List-Unsubscribe and a Precedence header, and using an OpenDKIM milter for Domain Keys signing. Nothing other than that. Prior to the last week of October using the distribution manager, it was possible on machine A to inject around 25 messages (full size - about 70k each) a second into the maildrop queue. Since the end of October, that number has dropped to 16 a second on a good day. I wrote a test script (basic for-loop which sent a 1 line, 500 byte email) and disabled the milters (OpenDKIM and header_checks), it took 12.75 seconds to inject 500 messages onto Machine A. As a test, I ran exactly the same script on Machine B. It injected 1000 messages (about 500 bytes in size) into the maildrop queue in 4.95 seconds. (I appreciate Machine B is slightly higher spec, but I wouldn't expect such disparity!) I ran qshape during the last mailing on machine A, and the machine was able to send mails out as fast as it received them; there was no congestion in any of the queues (maildrop, incoming, outgoing, etc). I have no machine stats prior to October - I only came onto the project last week - do I don't know what (if anything) changed on that week to cause performance to drop so suddenly. I have run read/write tests on both disks - Machine A and B do about 500Mb/second reads, and 380Mb/second writes; all looks OK. I'm not sure why SLES 6.6 was chosen as it was a new build in August, but know only Postfix 2.6.6 is officially available in the repo for that distribution. I have 2.11.3 built and ready to go on that machine but would prefer not to just upgrade on the off-chance it'll 'fix' the problem when there may be something I'm missing entirely. Have there been huge improvements to the efficiency of the code base between 2.6 and 2.9 (or 2.11)? Does anyone have suggestions on where else I can look for the cause? Does atop exist for SLES6.6? I love all these *top slabtop, htop and atop. With atop I could find I/O problems on my monitoring server. Maybe one of such tools might give you information? Christian -- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com signature.asc Description: Message signed with OpenPGP using GPGMail
A transport maps dilema
Hello, Is it possibble to make Postfix relay to some specific domain using a specific relay, and relay all the other domains by default rules (put the mail to an inbox if local or relay outbound by the given restrictions etc)? I guess it'd involve a transport_maps pointer in the main.cf to a specific (let's say) hash table which will contain something like: myspecialdomain.tld.com relay:[myspecialrelay:port] * relay:[what_do_i_put_here?] If I'd relay * to my own smtp, I guess it would create an endless loop, and this is where my dilema starts.
Re: A transport maps dilema
Am 21.12.2014 um 13:53 schrieb Istvan Prosinger: Is it possibble to make Postfix relay to some specific domain using a specific relay, and relay all the other domains by default rules (put the mail to an inbox if local or relay outbound by the given restrictions etc)? I guess it'd involve a transport_maps pointer in the main.cf to a specific (let's say) hash table which will contain something like: myspecialdomain.tld.com relay:[myspecialrelay:port] * relay:[what_do_i_put_here?] in doubt *nothing*, your LMTP but in any case don't use * here, a table is a table and should list anything clear we have a transport_map for every single domain to 127.0.0.1:24 and for special routings instead the destination smtp server, all in mysql-tables and so created on-demand based on database views If I'd relay * to my own smtp, I guess it would create an endless loop, and this is where my dilema starts http://www.postfix.org/postconf.5.html#relayhost http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps http://www.postfix.org/postconf.5.html#transport_maps
Re: A transport maps dilema
You allmost got it. Transport_map is used to override the default transport and the ones you don't want to override just left out. Just take the * and that should work as you intended. José Borges Ferreira On Dec 21, 2014 12:55 PM, Istvan Prosinger ist...@prosinger.net wrote: Hello, Is it possibble to make Postfix relay to some specific domain using a specific relay, and relay all the other domains by default rules (put the mail to an inbox if local or relay outbound by the given restrictions etc)? I guess it'd involve a transport_maps pointer in the main.cf to a specific (let's say) hash table which will contain something like: myspecialdomain.tld.com relay:[myspecialrelay:port] * relay:[what_do_i_put_here?] If I'd relay * to my own smtp, I guess it would create an endless loop, and this is where my dilema starts.
Re: Sudden degradation in Postfix performance.
Christian R??ner: Prior to the last week of October using the distribution manager, it was possible on machine A to inject around 25 messages (full size - about 70k each) a second into the maildrop queue. Since the end of October, that number has dropped to 16 a second on a good day. What has changed? Obiously, Postfix didn't change, and replacing Postfix isn't going to make a difference. Wietse
Re: A transport maps dilema
Istvan Prosinger: Hello, Is it possibble to make Postfix relay to some specific domain using a specific relay, and relay all the other domains by default rules (put the mail to an inbox if local or relay outbound by the given restrictions etc)? I guess it'd involve a transport_maps pointer in the main.cf to a specific (let's say) hash table which will contain something like: myspecialdomain.tld.com relay:[myspecialrelay:port] And use main.cf:relayhost for the rest. Wietse
Re: Sudden degradation in Postfix performance.
On 12/21/2014 3:13 AM, Jonathan K. Tullett wrote: Greetings, I've been using Postfix for many years - since about 2002 - and I've finally come across a problem I've not been able to resolve by searching online, or from tapping into my personal network. So I have come to you all for help. I have two machines: Machine A: My primary 8 core Xeon 2.27GHz, 24Gb RAM primarily running Postfix 2.6.6 (SLES 6.6 distro) Machine B: A test box 16 core Xeon 2.2Ghz w/16Gb RAM, primarily running Apache, RabbitMQ, MemcacheD and finally Postfix 2.9 (Ubuntu 12.04). Machine A is used to distribute to a couple of double-opt-in mailing lists a week, total recipients between 30,000 and 180,000. The 'sendmail' binary is used to inject messages into the queue from a distribution manager. The setup on the server is simple: Postfix with two header checks to prepend a List-Unsubscribe and a Precedence header, and using an OpenDKIM milter for Domain Keys signing. Nothing other than that. Prior to the last week of October using the distribution manager, it was possible on machine A to inject around 25 messages (full size - about 70k each) a second into the maildrop queue. Since the end of October, that number has dropped to 16 a second on a good day. I wrote a test script (basic for-loop which sent a 1 line, 500 byte email) and disabled the milters (OpenDKIM and header_checks), it took 12.75 seconds to inject 500 messages onto Machine A. As a test, I ran exactly the same script on Machine B. It injected 1000 messages (about 500 bytes in size) into the maildrop queue in 4.95 seconds. (I appreciate Machine B is slightly higher spec, but I wouldn't expect such disparity!) I ran qshape during the last mailing on machine A, and the machine was able to send mails out as fast as it received them; there was no congestion in any of the queues (maildrop, incoming, outgoing, etc). I have no machine stats prior to October - I only came onto the project last week - do I don't know what (if anything) changed on that week to cause performance to drop so suddenly. I have run read/write tests on both disks - Machine A and B do about 500Mb/second reads, and 380Mb/second writes; all looks OK. I'm not sure why SLES 6.6 was chosen as it was a new build in August, but know only Postfix 2.6.6 is officially available in the repo for that distribution. I have 2.11.3 built and ready to go on that machine but would prefer not to just upgrade on the off-chance it'll 'fix' the problem when there may be something I'm missing entirely. Have there been huge improvements to the efficiency of the code base between 2.6 and 2.9 (or 2.11)? Does anyone have suggestions on where else I can look for the cause? Thank you in advance for any help you can provide. -- Jonathan K. Tullett Are you sure you're comparing apples to apples? The sendmail command is limited by disk performance, with fairly modest CPU requirements. Check your disk subsystem. -- Noel Jones
Re: One user per domain and sender management
Am 20.12.2014 um 20:44 schrieb nh: I have a postfix/dovecot server, and I want to have one account per domain, ie. : *@Domain1.tld - User1 (+ sender only users (only [hidden email] /user/SendEmail.jtp?type=nodenode=73310i=0 in example), like php mail function) *@Domain2.tld - User2 *@Domain3.tld - User3 *@Domain4.tld - User4 I already succeed to make many domain to one user (except for other Linux account (root, ...), who catch their mail, but I don't want that). I also see if the logged user want to send on one of other domain, he can. After some hours of tries, I ask for some help in my search. How-to make one user receive all mail from one domain and can only send mails from his domain (can send from all mails for his domain, and rejected from others owner domain) http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch If you reply to this email, your message will be added to the discussion below: http://postfix.1071664.n5.nabble.com/One-user-per-domain-and-sender-management-tp73309p73310.html To unsubscribe from One user per domain and sender management, click here http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_codenode=73309code=cG9zdGZpeC1uYWJibGVAbmhlbnJ5LmZyfDczMzA5fC0xOTk5Nzg2Nzc2. NAML http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble%3Aemail.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespacebreadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml So I make some test before go to sleep, and it's not work fully as I want : - When I try to send a mail for a other domain, I'm reject, it's OK. - I try with an other account, and, all incoming mails go in the first mailbox (us...@domain1.tld), but I can send mails from each of 2 available domains (the 2 others are in production, so I just declare them, but not change DNS entries at this moment). - When I try with virtual_alias_domains (and emptied mydestination), it's reject all incoming mails. The line with error when incoming mails are reject : Dec 21 01:16:36 mailserver postfix/error[5138]: A5BF24081E: to=us...@domain1.tld, orig_to=test...@domain1.tld, relay=none, delay=0.47, delays=0.18/0.1/0/0.19, dsn=5.0.0, status=bounced (User unknown in virtual alias table) Dec 21 01:16:36 mailserver postfix/error[5139]: 96B8540815: to=us...@domain1.tld, orig_to=test...@domain2.tld, relay=none, delay=0.69, delays=0.25/0.17/0/0.27, dsn=5.0.0, status=bounced (User unknown in virtual alias table) All accounts are Unix account. user1 and user2 exists in /home directory and the directory Maildir exists too for both. Configuration : /etc/postfix/main.cf : smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no append_dot_mydomain = no readme_directory = no # TLS parameters ...snip... myhostname = domain1.tld alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases #set if virtual_alias_domains is set #mydestination = #else this is the declaration used mydestination = domain1.tld domain2.tld domain3.tld domain4.tld relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all myorigin = /etc/mailname inet_protocols = ipv4 home_mailbox = Maildir/ mailbox_command = smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = ...snip... smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_sender_restrictions=reject_sender_login_mismatch smtpd_sender_login_maps=hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual #When I try that, it's reject all address #virtual_alias_domains = domain1.tld domain2.tld domain3.tld domain4.tld /etc/postfix/virtual : @domain1.tld user2 @domain2.tld user1 @domain3.tld user2 @domain4.tld user1 /etc/aliases is empty /etc/mailname contains only one line : domain1.tld Thanks. -- View this message in context: http://postfix.1071664.n5.nabble.com/One-user-per-domain-and-sender-management-tp73309p73314.html Sent from the Postfix Users mailing list archive at Nabble.com. Sorry, I don't understand you answer. It's failed when I activate virtual_alias_domains, but when I used mydestination, I can send an receive mails, but all incoming mail go in one mailbox, not in the right account.
smtpd_sasl_path ignores native DNS lookups?
Could it be smtpd_sasl_path ignores local (native) lookups even if I specified native lookup for smtp/lmtp client like this in main.cf: smtp_host_lookup = native, dns lmtp_host_lookup = native, dns This works: smtpd_sasl_path = inet:192.168.6.100:12345 Using a hostname set in /etc/hosts e.g. vlan-director won't: # grep vlan-director /etc/hosts 192.168.6.100 vlan-director smtpd_sasl_path = inet:vlan-director:12345 This results in the following error: Dec 21 01:51:37 mx2 postfix-bulk/smtpd[18434]: fatal: host/service vlan-director/12345 not found: No such file or directory Dec 21 01:51:38 mx2 postfix-bulk/master[18505]: warning: process /usr/libexec/postfix/smtpd pid 18434 exit status 1 Dec 21 01:51:38 mx2 postfix-bulk/master[18505]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Am I missing another parameter to configure lookup strategy for smtpd_sasl_path? Thanks p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: smtpd_sasl_path ignores native DNS lookups?
Patrick Ben Koetter: smtp_host_lookup = native, dns lmtp_host_lookup = native, dns Those are SMTP (and LMTP) client settings. Thanks to Postfix's architecture, those settings do not change how the SMTP server works. This works: smtpd_sasl_path = inet:192.168.6.100:12345 That looks like Dovecot. Using a hostname set in /etc/hosts e.g. vlan-director won't: Maybe that's because Postfix is chrooted to /var/spool/postfix? Wietse
Re: One user per domain and sender management
I changed following lines : myhostname = local.mailhost mydestination = $myhostname, localhost.$mydomain, $mydomain smtpd_sender_restrictions=reject_sender_login_mismatch,reject_authenticated_sender_login_mismatch virtual_alias_domains = domain1.tld domain2.tld domain3.tld domais4.tld And I can send mails from domain1 and domain2, but all incoming mails are reject : Dec 21 17:16:00 mailserver postfix/error[3240]: 0187E40794: to=us...@domain1.tld, orig_to=test...@domain2.tld, relay=none, delay=0.11, delays=0.1/0/0/0.01, dsn=5.0.0, status=bounced (User unknown in virtual alias table) The file /etc/postfix/sasl/smtpd.conf contails : pwcheck_method: saslauthd mech_list: plain login I think I'm near the solution, but I can't see where I need to search. On 21/12/2014 02:01, li...@rhsoft.net [via Postfix] wrote: stay on list! reject_authenticated_sender_login_mismatch is simple and straight you list the envelope senders allowed or a SASL username it don't and does not need to know anything about domains Am 21.12.2014 um 01:55 schrieb Henry Nicolas: Am 20.12.2014 um 20:44 schrieb nh: I have a postfix/dovecot server, and I want to have one account per domain, ie. : *@Domain1.tld - User1 (+ sender only users (only [hidden email] /user/SendEmail.jtp?type=nodenode=73315i=0 in example), like php mail function) *@Domain2.tld - User2 *@Domain3.tld - User3 *@Domain4.tld - User4 I already succeed to make many domain to one user (except for other Linux account (root, ...), who catch their mail, but I don't want that). I also see if the logged user want to send on one of other domain, he can. After some hours of tries, I ask for some help in my search. How-to make one user receive all mail from one domain and can only send mails from his domain (can send from all mails for his domain, and rejected from others owner domain) http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch http://www.postfix.org/postconf.5.html#reject_authenticated_sender_login_mismatch So I make some test before go to sleep, and it's not work fully as I want : - When I try to send a mail for a other domain, I'm reject, it's OK. - I try with an other account, and, all incoming mails go in the first mailbox ([hidden email] /user/SendEmail.jtp?type=nodenode=73315i=1), but I can send mails from each of 2 available domains (the 2 others are in production, so I just declare them, but not change DNS entries at this moment). - When I try with virtual_alias_domains (and emptied mydestination), it's reject all incoming mails. The line with error when incoming mails are reject : Dec 21 01:16:36 mailserver postfix/error[5138]: A5BF24081E: to=[hidden email] /user/SendEmail.jtp?type=nodenode=73315i=2, orig_to=[hidden email] /user/SendEmail.jtp?type=nodenode=73315i=3, relay=none, delay=0.47, delays=0.18/0.1/0/0.19, dsn=5.0.0, status=bounced (User unknown in virtual alias table) Dec 21 01:16:36 mailserver postfix/error[5139]: 96B8540815: to=[hidden email] /user/SendEmail.jtp?type=nodenode=73315i=4, orig_to=[hidden email] /user/SendEmail.jtp?type=nodenode=73315i=5, relay=none, delay=0.69, delays=0.25/0.17/0/0.27, dsn=5.0.0, status=bounced (User unknown in virtual alias table) All accounts are Unix account. user1 and user2 exists in /home directory and the directory Maildir exists too for both. Configuration : /etc/postfix/main.cf : smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no append_dot_mydomain = no readme_directory = no # TLS parameters ...snip... myhostname = domain1.tld alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases #set if virtual_alias_domains is set #mydestination = #else this is the declaration used mydestination = domain1.tld domain2.tld domain3.tld domain4.tld relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all myorigin = /etc/mailname inet_protocols = ipv4 home_mailbox = Maildir/ mailbox_command = smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = ...snip... smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom smtpd_sender_restrictions=reject_sender_login_mismatch smtpd_sender_login_maps=hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual #When I try that, it's reject all address #virtual_alias_domains = domain1.tld domain2.tld domain3.tld domain4.tld /etc/postfix/virtual :
Re: One user per domain and sender management
Am 21.12.2014 um 17:24 schrieb nh: I changed following lines : myhostname = local.mailhost mydestination = $myhostname, localhost.$mydomain, $mydomain smtpd_sender_restrictions=reject_sender_login_mismatch,reject_authenticated_sender_login_mismatch virtual_alias_domains = domain1.tld domain2.tld domain3.tld domais4.tld And I can send mails from domain1 and domain2, but all incoming mails are reject : Dec 21 17:16:00 mailserver postfix/error[3240]: 0187E40794: to=us...@domain1.tld, orig_to=test...@domain2.tld, relay=none, delay=0.11, delays=0.1/0/0/0.01, dsn=5.0.0, status=bounced (User unknown in virtual alias table) your setup don't know the valid users http://www.postfix.org/VIRTUAL_README.html
Re: One user per domain and sender management
On Sun, 21 Dec 2014 09:24:05 -0700 (MST) nh postfix-nab...@nhenry.fr wrote: virtual_alias_domains = domain1.tld domain2.tld domain3.tld domais4.tld you must have virtual_alias_maps in your main.cf, look here for details... http://www.postfix.org/VIRTUAL_README.html
Re: One user per domain and sender management
If you see the file main.cf I sent before, I already have this line : virtual_alias_maps = hash:/etc/postfix/virtual file /etc/postfix/virtual contains : @domain2.tld user2 @domain1.tld user1 @domain4.tld user2 @domain3.tld user1 Users user1 and user2 are knew by my server (raspian), and I changed : myhostname = hostname like I can see in command line : pi@hostname I read the section Postfix virtual ALIAS example: separate domains, UNIX system accounts but I can't see in what the suggested configuration differ from mine. On 21/12/2014 17:35, Koko Wijatmoko wrote: On Sun, 21 Dec 2014 09:24:05 -0700 (MST) nh postfix-nab...@nhenry.fr wrote: virtual_alias_domains = domain1.tld domain2.tld domain3.tld domais4.tld you must have virtual_alias_maps in your main.cf, look here for details... http://www.postfix.org/VIRTUAL_README.html
Re: Sudden degradation in Postfix performance.
On Sun, Dec 21, 2014 at 09:13:53AM +, Jonathan K. Tullett wrote: Have there been huge improvements to the efficiency of the code base between 2.6 and 2.9 (or 2.11)? Does anyone have suggestions on where else I can look for the cause? Thank you in advance for any help you can provide. Injection of mail into the maildrop directory is delayed primarily by disk seek latency (write+fsync performace) and getpwuid() latency. To measure Postfix-related disk performance use the fsstone program that is included in the Postfix source distribution. Make sure passwd(5) lookups are not slowed down by remote LDAP servers, ... Otherwise, make sure that pickup(8) is not slowed down by inflow_delay, because during message injection qmgr is not scheduled often enough. Or the DKIM milter is not slowed down by DNS lookup timeouts. -- Viktor.
Re: A transport maps dilema
On Sun, Dec 21, 2014 at 08:57:52AM -0500, Wietse Venema wrote: Istvan Prosinger: Hello, Is it possibble to make Postfix relay to some specific domain using a specific relay, and relay all the other domains by default rules (put the mail to an inbox if local or relay outbound by the given restrictions etc)? I guess it'd involve a transport_maps pointer in the main.cf to a specific (let's say) hash table which will contain something like: myspecialdomain.tld.com relay:[myspecialrelay:port] And use main.cf:relayhost for the rest. And use the documented syntax: relay:[smtp.example.net]:25 relay:[smtp.example.net]:smtp -- Viktor.
Re: smtpd_sasl_path ignores native DNS lookups?
* Wietse Venema postfix-users@postfix.org: Patrick Ben Koetter: smtp_host_lookup = native, dns lmtp_host_lookup = native, dns Those are SMTP (and LMTP) client settings. Thanks to Postfix's architecture, those settings do not change how the SMTP server works. This works: smtpd_sasl_path = inet:192.168.6.100:12345 That looks like Dovecot. Yep. Using a hostname set in /etc/hosts e.g. vlan-director won't: Maybe that's because Postfix is chrooted to /var/spool/postfix? Indeed, it was. Someone had 'optimized' the setup. Everything works now. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: One user per domain and sender management
Thanks for your help, I finally find my problem (after 3 hours of rereading and grep configuration files in /etc), it's so simple ... I have a line to declare myorigin in /etc/postfix/main.cf , after comment that line, the configuration work fine. #myorigin = /etc/mailname On 21/12/2014 17:52, postfix-nabble wrote: If you see the file main.cf I sent before, I already have this line : virtual_alias_maps = hash:/etc/postfix/virtual file /etc/postfix/virtual contains : @domain2.tld user2 @domain1.tld user1 @domain4.tld user2 @domain3.tld user1 Users user1 and user2 are knew by my server (raspian), and I changed : myhostname = hostname like I can see in command line : pi@hostname I read the section Postfix virtual ALIAS example: separate domains, UNIX system accounts but I can't see in what the suggested configuration differ from mine. On 21/12/2014 17:35, Koko Wijatmoko wrote: On Sun, 21 Dec 2014 09:24:05 -0700 (MST) nhpostfix-nab...@nhenry.fr wrote: virtual_alias_domains = domain1.tld domain2.tld domain3.tld domais4.tld you must have virtual_alias_maps in your main.cf, look here for details...http://www.postfix.org/VIRTUAL_README.html
Re: A transport maps dilema
Works like a charm, thank you all!! On 21.12.2014 14:42, Jose Borges Ferreira wrote: You allmost got it. Transport_map is used to override the default transport and the ones you don't want to override just left out. Just take the * and that should work as you intended. José Borges Ferreira On Dec 21, 2014 12:55 PM, Istvan Prosinger ist...@prosinger.net mailto:ist...@prosinger.net wrote: Hello, Is it possibble to make Postfix relay to some specific domain using a specific relay, and relay all the other domains by default rules (put the mail to an inbox if local or relay outbound by the given restrictions etc)? I guess it'd involve a transport_maps pointer in the main.cf http://main.cf to a specific (let's say) hash table which will contain something like: myspecialdomain.tld.com http://myspecialdomain.tld.com relay:[myspecialrelay:port] * relay:[what_do_i_put_here?] If I'd relay * to my own smtp, I guess it would create an endless loop, and this is where my dilema starts.
Re: A transport maps dilema
On 21.12.2014 18:21, Viktor Dukhovni wrote: On Sun, Dec 21, 2014 at 08:57:52AM -0500, Wietse Venema wrote: Istvan Prosinger: Hello, Is it possibble to make Postfix relay to some specific domain using a specific relay, and relay all the other domains by default rules (put the mail to an inbox if local or relay outbound by the given restrictions etc)? I guess it'd involve a transport_maps pointer in the main.cf to a specific (let's say) hash table which will contain something like: myspecialdomain.tld.com relay:[myspecialrelay:port] And use main.cf:relayhost for the rest. And use the documented syntax: relay:[smtp.example.net]:25 relay:[smtp.example.net]:smtp Indeed! It was a typo, thanks!
Re: Sudden degradation in Postfix performance.
Jonathan K. Tullett: On 21 December 2014 at 13:56, Wietse Venema wie...@porcupine.org wrote: Since the end of October, that number has dropped to 16 a second on a good day. What has changed? Obiously, Postfix didn't change, and replacing Postfix isn't going to make a difference. I don't have access to any logs from that period, so I don't know what changed that week (though it's obvious something did.). I have come into this blind and am working backward. If you want a random guess, the authorized_submit_users feature in Postfix sendmail and postdrop invokes getpwuid which in the worst case requires a sequential scan over the entire password file. If you have a hashed password file or not then that makes a huge difference. Wietse
postmap called by a httpd-php-script
Hi i try to execute postmap like below from a PHP script running on a webserver via passthru() - the temp-file exists and works out from a root shell, but called from the webserver no return or error the idea behind is * load live ptr-rules via webservice * store them in a temp file * fire the input against postmap to check matches (FP/FN) /usr/sbin/postmap -v -q 'static-164-148-4-96.hardin.tn.ena.net' regexp:/tmp/ptr-filter-temp.cf any idea where postmap needs access and probably not have on the restricted webserver and why even with -v no output at all happens?
Re: postmap called by a httpd-php-script
li...@rhsoft.net: Hi i try to execute postmap like below from a PHP script running on a webserver via passthru() - the temp-file exists and works out from a root shell, but called from the webserver no return or error the idea behind is * load live ptr-rules via webservice * store them in a temp file * fire the input against postmap to check matches (FP/FN) /usr/sbin/postmap -v -q 'static-164-148-4-96.hardin.tn.ena.net' regexp:/tmp/ptr-filter-temp.cf any idea where postmap needs access and probably not have on the restricted webserver and why even with -v no output at all happens? Good, your PHP engine does not run as root. To find out what fails, use strace -o file.$$ /usr/sbin/postmap... or strace /usr/sbin/postmap... BTW, regexps in Postfix tables must come from a trusted source. Wietse
Re: postmap called by a httpd-php-script
Am 21.12.2014 um 22:56 schrieb Wietse Venema: li...@rhsoft.net: i try to execute postmap like below from a PHP script running on a webserver via passthru() - the temp-file exists and works out from a root shell, but called from the webserver no return or error the idea behind is * load live ptr-rules via webservice * store them in a temp file * fire the input against postmap to check matches (FP/FN) /usr/sbin/postmap -v -q 'static-164-148-4-96.hardin.tn.ena.net' regexp:/tmp/ptr-filter-temp.cf any idea where postmap needs access and probably not have on the restricted webserver and why even with -v no output at all happens? Good, your PHP engine does not run as root. and much much more restricted which was the problem :-) the setup has disabled acess of any filesystemöparts which are not needed for the services to provide in fact InaccessibleDirectories=/usr/lib64/mysql which is not needed in context of php-mysqlnd but in case of postmap the mysql-client libs are linked - i was in front of a long InaccessibleDirectories list and hoped while comment out trial-and-error to get a hint... To find out what fails, use strace -o file.$$ /usr/sbin/postmap... or strace /usr/sbin/postmap... not possible that easy in the context, but solved anyways BTW, regexps in Postfix tables must come from a trusted source just because of interest: what means trusted source here? it works now just fine from /tmp in context of PrivateTmp=yes for the web-instance
Re: postmap called by a httpd-php-script
li...@rhsoft.net: not possible that easy in the context, but solved anyways BTW, regexps in Postfix tables must come from a trusted source just because of interest: what means trusted source here? it works now just fine from /tmp in context of PrivateTmp=yes for the web-instance The idea is to prevent privilege escalation. Suppose that the regexp library has a memory corruption error. If the postmap command is used as part of a network service, then some random remote client should not be able to hijack the postmap process. Wietse
Master process running after stopping postfix
Hi there, I am migrating a postfix installation from an old server to new server. Stopping postfix does not appear to be stopping the actual process master. What is the best way to fix this situation? running ubuntu 12.04 DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION=Ubuntu 12.04.5 LTS :~$ sudo /etc/init.d/postfix stop * Stopping Postfix Mail Transport Agent postfix [ OK ] :~$ sudo ps -auxww | grep postfix | grep master Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html root 32259 0.2 0.0 25112 560 ?Ss Nov22 100:13 /usr/lib/postfix/master Cheers, Noah
Re: Master process running after stopping postfix
On Sun, Dec 21, 2014 at 06:18:27PM -0800, Noah wrote: :~$ sudo /etc/init.d/postfix stop * Stopping Postfix Mail Transport Agent postfix [ OK ] :~$ sudo ps -auxww | grep postfix | grep master Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html root 32259 0.2 0.0 25112 560 ?Ss Nov22 100:13 /usr/lib/postfix/master Post the output of: $ postconf -n config_directory $ sudo ls -l /proc/32259/cwd Perhaps this particular master is from a different Postfix configuration. Also why all the indirection throuh init.d. Simpler: $ sudo postfix stop Finally: http://www.postfix.org/DEBUG_README.html#mail Don't overly minimize the information you post, Are any other postfix processes running, whose parent process id is 32259? -- Viktor.
Re: valvula or policyd
Sorry, the word Quota I meant Sent Quotas , not mailbox quotas. thanks. Selcuk On Sun, Dec 21, 2014 at 12:53 AM, Wietse Venema wie...@porcupine.org wrote: Peter: On 12/20/2014 04:04 AM, Selcuk Yazar wrote: we are using for quota management policyd v2.0.11 . i want to upgrage policyd to 2.0.14 . what is the best policyd software for postfix . Valvula in fist order on list Since quotas have to be implemented in your IMAP server as well it's best to use a quota scheme that is integrated there. Dovecot quotas comes to mind (if you're using dovecot, of course). For an example of Postfix-Dovecot quota integration, see: https://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ Wietse -- Selçuk YAZAR
