 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | May-2008 | Next-Thread | Next-Msg |
| Subject: | Re: mailq lockups |
| Group: | Postfix-users |
| From: | Victor Duchovni |
| Date: | 6 May 2008 |
> > This is sadly useless. This would be a good time to report a complete
> > "postconf -n".
Other than some unnecessary duplication or tweaking of defaults, nothing
too unusual there.
> > Look at *your* connection table with
> >
> > # lsof tcp@remoteip:25
> >
> > for each connection in an "ESTABLISHED" state, and a corresponding "smtp"
> > process id, find the process start time (ps -o pid,stime,comm -p $pid)
> > and check whether the process reported any previous deliveries between
> > the start time and the present. The age of the connection (if not cached)
> > is measured approximately from the later of the process start time and
> > the last completed delivery report.
> >
> > If no long-lived connections exist on the Linux end, find out why Exchange
> > still believes there are unfinished connections (this is where packet
> > captures and verbose logging are handy).
So, have you made any progress on this front?
> Definitely exchange is keeping those connections open for an excessive
> amount of time, and the postfix side does get dropped at some point.
> Even after the postfix side drops the connection, exchange still shows them
> as open. It looks like postfix is dropping the connection at about 10
> minutes.
And the logs for those events? If the non-refused connections consistently
fail after ~10 minutes, that's the "smtp_data_done_timeout" which means
Postfix sends "." and Exchange fails to respond.
- Understand Path MTU, and determine whether that's an issue
- Understand what firewalls are between you and the servers in
question.
- Consider disabling PIPELINING to Exchange, because older versions
(or broken firewalls) may mishandle "<CRLF>.<CRLF>QUIT<CRLF>".
> On the exchange side those connections remain open and basically don't close
> unless terminated.
Exchange really should NOT be allowing client connections to sit idle
for 12 hours tying up resources. What prehistoric version of the software
are these sites running?
> One thing I noticed is it appears that some messages make it through without
> problem, while certain messages which look like they are spam are the ones
> locking up. The exchange server has no anti-spam applications or anti-virus
> so that's not what stopping it. This seems to be true in all 3 servers this
> is happening in.
Message size may have a lot to do with if the issue is path MTU. Message
size also changes how packets are emitted, and may alter how PIPELINING
interacts with Exchange.
- Fix the firewalls if too much ICMP is blocked.
- Fix the firewalls if they inspect SMTP and are confused by
PIPELINING
- Disable PIPELINING to Exchange (smtp_discard_ehlo_keywords)
if Exchange PIPELINING is buggy.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomo?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
| Prev-Msg | Prev-Thread | Postfix-users | May-2008 | Next-Thread | Next-Msg |