Mail server reboot after got flood

2 msg	2 postfix server on the same domain in differen...
3 msg	mailer-deamon sends error messages to: question
3 msg	Procmail
15 msg	MAIL FROM timeout with ciphers=high
2 msg	milter, broken pipe
17 msg	How to listen on 587 as well as 25?
6 msg	reject_sender_login_mismatch doesnt work
2 msg	smtp auth
4 msg	Postfix with MYSQL compile error
8 msg	mynetworks=<empty> vs mynetworks=<defa...
3 msg	message_size_limit with ldap search parameter
2 msg	Pipe debugging
12 msg	destination_concurrency_limit not respected ?
13 msg	Virtual spam forwarding issues
2 msg	cleaning up deferred queue
2 msg	static nexthop per domain
2 msg	Simple postmap question
9 msg	Issues with Recipient_Canonical mapping

Mail server reboot after got flood
\ - Cygnus - (29 Nov 2007)
. \ Robert Schetterer (29 Nov 2007)
. . \ - Cygnus - (29 Nov 2007)

3 msg	can't create a virtual domain

Subject:	Mail server reboot after got flood
Group:	Postfix-users
From:	- Cygnus -
Date:	29 Nov 2007

Dear all,

I don't know whether this is related with postifix or the OS or other
application bugs, but I have mailbox server using postfix and freebsd
6.2 stable with mysql backend serving thousands of users. At first the
server was running fine, until we purchase anti spam boxes and put those
in front of mailbox server. Sometime when this anti spam boxes sending
quarantine notification, mailbox server got knocked out and then after
that it rebooted since the anti spam was sending thousands of
notification at extreme speed. I am very confuse here since no error log
from both OS, MTA and other applications when server reboot, and I am
desperatly seek any clue here from all of you.

This is output of my postconf -n :

alias_maps = cdb:/etc/aliases, hash:/usr/local/mailman/data/aliases
biff = no
bounce_queue_lifetime = 3h
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 80
disable_mime_input_processing = yes
disable_vrfy_command = yes
header_checks = pcre:/usr/local/etc/postfix/amavis_checks
home_mailbox = Maildir/
html_directory = no
ignore_mx_lookup_error = yes
inet_interfaces = all
inet_protocols = ipv4 , ipv6
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_size_limit = 115343360
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 2d
message_size_limit = 5242880
mydestination = localhost,$myhostname
myhostname = mailbox.example.org
mynetworks = xxx.xxx.xxx.xxx/19, 127.0.0.0/8 [::1]/128
myorigin = $myhostname
newaliases_path = /usr/local/bin/newaliases
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains
$virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps
$sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks
$virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
relay_domains =
$mydestination,proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
show_user_unknown_table_name = no
smtp_always_send_ehlo = yes
smtp_connect_timeout = 1m
smtp_destination_concurrency_limit = 500
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = check_client_access
cdb:/etc/postfix/client_checks
smtpd_hard_error_limit = 8
smtpd_recipient_limit = 500
smtpd_recipient_restrictions = permit_sasl_authenticated,
check_client_access cidr:/usr/local/etc/postfix/client_checks,
permit_mynetworks, reject_unauth_destination,
reject_unknown_recipient_domain, check_client_access
hash:/usr/local/etc/postfix/client_checks,
check_recipient_access cdb:/etc/postfix/filter_bypass
check_policy_service inet:127.0.0.1:12525
reject_unauth_pipelining, reject_invalid_hostname,
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access
cdb:/etc/postfix/sender_checks, reject_unknown_sender_domain,
reject_non_fqdn_sender
smtpd_timeout = 300s
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/mailbox.crt
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/mailbox.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/transport-map
unknown_address_reject_code = 550
unknown_local_recipient_reject_code = 500
virtual_alias_maps = cdb:/etc/postfix/alias_maps,
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf,
hash:/usr/local/mailman/data/virtual-mailman
virtual_gid_maps = static:1004
virtual_mailbox_base = /mailbox
virtual_mailbox_domains =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 157286400
virtual_mailbox_limit_maps =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_maildir_extended = yes
virtual_maildir_limit_message = Sorry, the user's mailbox is over quota,
please try again later.
virtual_overquota_bounce = yes
virtual_transport = virtual
virtual_trash_count = yes
virtual_uid_maps = static:1004

and I also tuning my freebsd server sysctl like this :

net.inet.carp.preempt=1
net.inet.carp.arpbalance=1
net.link.ether.inet.log_arp_movements=0
net.inet.ip.fw.verbose=1
net.inet.tcp.inflight.enable=0
kern.maxfiles=8192
kern.maxfilesperproc=6144
kern.ipc.somaxconn=512

--
- Cygnus -

'Veritas vos liberabit'