Re: 20-40+ second delays. Is this normal?
Am 18.03.2014 17:13, schrieb jmct: I spoke with one of our Linux administrators and he advised that SELinux didn't even cross his mind because he's so used to disabling it on install. :P Just curious: normally postfix runs quite well with selinux enabled. Have you checked the audit logs where selinux reports details of "violations"? Normally under /var/log/audit/ and grep the latest logfile for postdrop With that lines you might be able to create a selinux policy module that can be loaded. Just my 5 cents: disabling a security feature like selinux is not the best choice. Just one more thing: did you try selinux mode targeted as well? Same problem?
Re: 20-40+ second delays. Is this normal?
I just figured this out myself when the command failed. My $setgid_group is set to "postdrop" and $queue_directory set to "/var/spool/postfix". I have ran "ls -ld" for those directories you specified -- [root~]# ls -ld /var/spool/postfix/maildrop/ drwx-wx---. 2 postfix postdrop 4096 Mar 18 10:57 /var/spool/postfix/maildrop/ [root@~]# ls -ld /var/spool/postfix/public drwxrwxrwx. 2 postfix postdrop 4096 Mar 18 10:56 /var/spool/postfix/public I also took your advice and configured /etc/selinux/config to set "SELinux" to "disabled" - rather than "enforcing" and rebooted the server. It now appears that the error is no longer appearing! I set the "pickup" process back to 60 (as recommended) and see the e-mails leaving almost instantly. I spoke with one of our Linux administrators and he advised that SELinux didn't even cross his mind because he's so used to disabling it on install. :P Thanks a ton for all of your help - Sahil, Viktor and Wietse! -- View this message in context: http://postfix.1071664.n5.nabble.com/20-40-second-delays-Is-this-normal-tp65951p66132.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: 20-40+ second delays. Is this normal?
Am 18.03.2014 16:38, schrieb Wietse Venema: > Now, look for SELINUX warnings. > > Or see if the warning goes away with: > > /etc/selinux/config: SELINUX=disabled > > and > > $service selinux restart selinux is not a service http://www.cyberciti.biz/tips/enable-permissive-mode-for-selinux-troubleshooting-purpose.html
Re: 20-40+ second delays. Is this normal?
On Tue, Mar 18, 2014 at 08:29:43AM -0700, jmct wrote: > I have ran the command you requested. Here is the output: > > [root new]# ls -ld / /var /var/spool /var/spool/postfix > dr-xr-xr-x. 25 root root 4096 Mar 10 20:38 / > drwxr-xr-x. 20 root root 4096 Jan 20 08:37 /var > drwxr-xr-x. 13 root root 4096 Jan 20 08:35 /var/spool > drwxr-xr-x. 16 root root 4096 Jan 22 02:50 /var/spool/postfix Don't run these as root. Run as some other user. In addtion, this time as root, post "ls -ld" for: /var/spool/postfix/maildrop/ and /var/spool/postfix/public/ Finally, what is that "." at the end of "drwxr-xr-x."? I've never seen that before. For example I have: $ ls -ld / drwxr-xr-x 34 root wheel 1224 Feb 27 21:05 / No ".". Googling shows: https://superuser.com/questions/230559/what-does-the-dot-mean-at-the-end-of-rw-r-r-how-do-you-set-it-with-chmod An SELinux ACL, and there you are... SELinux not getting along with Postfix, complain to whoever configured SELinux on your system. -- Viktor.
Re: 20-40+ second delays. Is this normal?
jmct: > Hi Wietse, > > Apologies - I have VERY little Linux experience - all learned using Google > trying to get this mail server spun up. I've figured out the hard way that a > lot of my problems on getting this thing set up were permission related in > some form.. > > I have ran the command you requested. Here is the output: > > [root new]# ls -ld / /var /var/spool /var/spool/postfix > dr-xr-xr-x. 25 root root 4096 Mar 10 20:38 / > drwxr-xr-x. 20 root root 4096 Jan 20 08:37 /var > drwxr-xr-x. 13 root root 4096 Jan 20 08:35 /var/spool > drwxr-xr-x. 16 root root 4096 Jan 22 02:50 /var/spool/postfix Now, look for SELINUX warnings. Or see if the warning goes away with: /etc/selinux/config: SELINUX=disabled and $service selinux restart Wietse
Re: 20-40+ second delays. Is this normal?
Hi Wietse, Apologies - I have VERY little Linux experience - all learned using Google trying to get this mail server spun up. I've figured out the hard way that a lot of my problems on getting this thing set up were permission related in some form.. I have ran the command you requested. Here is the output: [root new]# ls -ld / /var /var/spool /var/spool/postfix dr-xr-xr-x. 25 root root 4096 Mar 10 20:38 / drwxr-xr-x. 20 root root 4096 Jan 20 08:37 /var drwxr-xr-x. 13 root root 4096 Jan 20 08:35 /var/spool drwxr-xr-x. 16 root root 4096 Jan 22 02:50 /var/spool/postfix Thanks, Joey -- View this message in context: http://postfix.1071664.n5.nabble.com/20-40-second-delays-Is-this-normal-tp65951p66124.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: 20-40+ second delays. Is this normal?
jmct: > I was working with another group within our company that uses Postfix just > for relay purposes and they noticed that in my /etc/postfix/master.cf - the > pickup process in the "never" column was set to a default of "60". I changed > this value to "1" and noticed that my e-mails are now sending out almost > instantly - instead of the long delay. Hi. I write Postfix so I please pay attention to what I write. Going from 60 to 1 second is insane. It only masks the problem that your maildrop program cannot notify the pickup daemon of a new submission. Possible causes: 1) You may have a permission problem on one of the PARENT DIRECTORIES of the Postfix $mail_queue_directory. By default this directory is /var/spool/postfix. What is the output from: $ ls -ld / /var /var/spool /var/spool/postfix 2) You may have a mis-configured SELINUX permissions. That will show up as warnings under /var/log/whatever. 3) Some other form of brain damage. Wietse
Re: 20-40+ second delays. Is this normal?
On Tue, Mar 18, 2014 at 07:27:01AM -0700, jmct wrote: > Hi Sahil, > > Sorry for my delayed response. I work in DEVOPS and we have had a crazy > release schedule! > > I ran "postfix set-permissions" as root and did not see anything following - > just sent me to the next line. > > I was working with another group within our company that uses Postfix just > for relay purposes and they noticed that in my /etc/postfix/master.cf - the > pickup process in the "never" column was set to a default of "60". I changed > this value to "1" and noticed that my e-mails are now sending out almost > instantly - instead of the long delay. This is wrong. It should be 60. The 60 is a safety net. Pickup is woken up by postdrop(1), which is setgid to a group can both write the maildrop directory and can write a wakeup trigger to the pickup socket in /var/spool/postfix/public. > I do still see the error "warning: unable to look up public/pickup: > Permission denied" - but it doesn't seem to be affecting the overall > delivery of the mail. It delays it by nearly a whole second, instead of typical 0.01s latency otherwise. You also have pickup scanning empty maildrop queues every second. > I was reading online elsewhere about this error and > saw that it could be just a red herring and nothing really to worry about. You can also read online that vaccinations are a bad idea, the moon landings were faked, ... > If you have any other suggestions on getting rid of that message, it would > be appreciated. Otherwise, I am happy with the performance now. Thanks again > for your help! :) The setgid $setgid_group postdrop(1) program running with any uid, MUST be able to: - Write files in $queue_directory/maildrop/ (owner $mail_owner, group $setgid_group mode 0730) - Open the $queue_directory/public/pickup unix-domain socket. The directory $queue_directory/public/ must be owned by $mail_owner, group $setgid_group and have mode 0710. The /var/spool/postfix ($queue_directory) directory and its parent permissions must be 0755 allowing read-only access for all users. No extended ACLs other than mode bits should be present on any directories above or their ancestors. The operating system MUST NOT cripple setgid programs by not honouring the setgid bit. You need a POSIX filesystem for the Postfix queue. This is trivial to fix. Fix the real problem. -- Viktor.
Re: 20-40+ second delays. Is this normal?
Hi Sahil, Sorry for my delayed response. I work in DEVOPS and we have had a crazy release schedule! I ran "postfix set-permissions" as root and did not see anything following - just sent me to the next line. I was working with another group within our company that uses Postfix just for relay purposes and they noticed that in my /etc/postfix/master.cf - the pickup process in the "never" column was set to a default of "60". I changed this value to "1" and noticed that my e-mails are now sending out almost instantly - instead of the long delay. I do still see the error "warning: unable to look up public/pickup: Permission denied" - but it doesn't seem to be affecting the overall delivery of the mail. I was reading online elsewhere about this error and saw that it could be just a red herring and nothing really to worry about. If you have any other suggestions on getting rid of that message, it would be appreciated. Otherwise, I am happy with the performance now. Thanks again for your help! :) -- View this message in context: http://postfix.1071664.n5.nabble.com/20-40-second-delays-Is-this-normal-tp65951p66115.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: 20-40+ second delays. Is this normal?
On Thu, 2014-03-13 at 06:26:10 -0700, jmct wrote:
> Thank you for the suggestion. I have ran "postfix set-permissions",
Was there any output? Did you run this command with superuser
priveledges?
> but it looks like the postdrop warning is still occurring on each
> message.
What, if anything, is output after you issue the following commands?
# ls -ld /var/spool/postfix/public{,/pickup}
and
# postfix check
--
Sahil Tandon
Re: 20-40+ second delays. Is this normal?
Hi Sahil, Thank you for the suggestion. I have ran "postfix set-permissions", but it looks like the postdrop warning is still occurring on each message. Thanks, Joey -- View this message in context: http://postfix.1071664.n5.nabble.com/20-40-second-delays-Is-this-normal-tp65951p65964.html Sent from the Postfix Users mailing list archive at Nabble.com.
Re: 20-40+ second delays. Is this normal?
Some guesses below; hopefully an expert will eventually chime in. On Wed, 2014-03-12 at 06:18:37 -0700, jmct wrote: > ... > When I try sending a basic test e-mail through PowerShell using my Postfix > box as the SMTP server - I'm seeing 20-40+ second delays in the > /var/log/maillog per e-mail. > > Here is what I see in the logs: > > Mar 12 07:59:36 postfix/smtpd[21189]: connect from unknown[10.1.10.45] > ... > Mar 12 07:59:36 postfix/postdrop[21196]: warning: unable to look up > public/pickup: Permission denied A permission issue prevents postdrop(1) from notifying the pickup(8) service of new mail arrival. Try running 'postfix set-permissions' to fix this. > Mar 12 07:59:36 postfix/pipe[21192]: 2E69C1E0203: to=, > relay=spamfilter, delay=0.17, delays=0.02/0.02/0/0.13, dsn=2.0.0, > status=sent (delivered via spamfilter service) > Mar 12 07:59:36 postfix/qmgr[20944]: 2E69C1E0203: removed Postfix delivers to the spamfilter relay in < 1s from initial connect, and removes the message from the queue. > Mar 12 *07:59:36* spamd[15542]: prefork: child states: II > Mar 12 *08:00:06* postfix/pickup[20942]: 5B5A81E01ED: uid=5001 > from= During its periodic scan of the "maildrop" queue, pickup(8) sees the new mail and passes it to cleanup(8), as logged below. > Mar 12 08:00:06 postfix/cleanup[21191]: 5B5A81E01ED: > message-id=<20140312130006.5B5A81E01ED@localhost> > Mar 12 08:00:06 postfix/qmgr[20944]: 5B5A81E01ED: from=, > ... -- Sahil Tandon
20-40+ second delays. Is this normal?
Hello, I have recently spun up a Postfix server that is currently in a testing phase. It is currently not being used at the moment - so there is zero load on this server. I am actively using Postfix 2.11, SpamAssassin 3.3.1 and Dovecot 2.0.9 for POP3. When I try sending a basic test e-mail through PowerShell using my Postfix box as the SMTP server - I'm seeing 20-40+ second delays in the /var/log/maillog per e-mail. Here is what I see in the logs: Mar 12 07:59:36 postfix/smtpd[21189]: connect from unknown[10.1.10.45] Mar 12 07:59:36 postfix/smtpd[21189]: 2E69C1E0203: client=unknown[10.1.10.45] Mar 12 07:59:36 postfix/cleanup[21191]: 2E69C1E0203: message-id=<> Mar 12 07:59:36 postfix/qmgr[20944]: 2E69C1E0203: from=, size=414, nrcpt=1 (queue active) Mar 12 07:59:36 spamd[15544]: spamd: connection from localhost [127.0.0.1] at port 56378 Mar 12 07:59:36 spamd[15544]: spamd: setuid to spamfilter succeeded Mar 12 07:59:36 spamd[15544]: spamd: processing message (unknown) for spamfilter:5001 Mar 12 07:59:36 spamd[15544]: spamd: clean message (-0.9/5.0) for spamfilter:5001 in 0.1 seconds, 439 bytes. Mar 12 07:59:36 spamd[15544]: spamd: result: . 0 - ALL_TRUSTED,MISSING_MID scantime=0.1,size=439,user=spamfilter,uid=5001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=56378,mid=(unknown),autolearn=no Mar 12 07:59:36 postfix/postdrop[21196]: warning: unable to look up public/pickup: Permission denied Mar 12 07:59:36 postfix/pipe[21192]: 2E69C1E0203: to=, relay=spamfilter, delay=0.17, delays=0.02/0.02/0/0.13, dsn=2.0.0, status=sent (delivered via spamfilter service) Mar 12 07:59:36 postfix/qmgr[20944]: 2E69C1E0203: removed Mar 12 *07:59:36* spamd[15542]: prefork: child states: II Mar 12 *08:00:06* postfix/pickup[20942]: 5B5A81E01ED: uid=5001 from= Mar 12 08:00:06 postfix/cleanup[21191]: 5B5A81E01ED: message-id=<20140312130006.5B5A81E01ED@localhost> Mar 12 08:00:06 postfix/qmgr[20944]: 5B5A81E01ED: from=, size=772, nrcpt=1 (queue active) Mar 12 08:00:08 postfix/smtp[21200]: 5B5A81E01ED: to=, relay=smtp.workdomain[10.10.106.10]:25, delay=32, delays=30/0.02/0.14/1.8, dsn=2.6.0, status=sent (250 2.6.0 <20140312130006.5B5A81E01ED@localhost> [InternalId=10592664] Queued mail for delivery) Mar 12 08:00:08 postfix/qmgr[20944]: 5B5A81E01ED: removed Mail originating from the Postfix server and being sent out are near instantaneous - it's just the relay portion that appears to be taking some time. Is the above normal? Or is there something I can tweak to have these go out quicker? I'm completely open to suggestions. Here is my Postfix configuration: >>postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = ipv4 local_recipient_maps = mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mime_header_checks = regexp:/etc/postfix/mime_header_checks mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = mydomain myhostname = localhost mynetworks = 10.1.1.0/24, 127.0.0.0/24, 10.1.10.0/24 mynetworks_style = subnet myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix notify_classes = resource, software, bounce queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.11.0/README_FILES relay_domains = $mydomain relayhost = sample_directory = /usr/share/doc/postfix-2.11.0/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = /etc/postfix/vhosts virtual_mailbox_maps = hash:/etc/postfix/vmaps virtual_minimum_uid = 1000 virtual_uid_maps = static:5000' Any help is very much appreciated! Thanks, Joey -- View this message in context: http://postfix.1071664.n5.nabble.com/20-40-second-delays-Is-this-normal-tp65951.html Sent from the Postfix Users mailing list archive at Nabble.com.
