 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | May-2008 | Next-Thread | Next-Msg |
| Subject: | RE: mailq lockups |
| Group: | Postfix-users |
| From: | Joey |
| Date: | 7 May 2008 |
> -----Original Message-----
> From: owner-postfix-users
> [mailto:owner-postfix-users]
> On Behalf Of Victor Duchovni
> Sent: Tuesday, May 06, 2008 1:29 PM
> To: postfix-users
> Subject: Re: mailq lockups
>
> On Tue, May 06, 2008 at 08:52:22AM -0400, Joey wrote:
>
> > > This is sadly useless. This would be a good time to report a
> > > complete "postconf -n".
>
> Other than some unnecessary duplication or tweaking of defaults,
> nothing too unusual there.
>
> > > Look at *your* connection table with
> > >
> > > # lsof tcp@remoteip:25
> > >
> > > for each connection in an "ESTABLISHED" state, and a corresponding
"smtp"
> > > process id, find the process start time (ps -o pid,stime,comm -p
> > > $pid) and check whether the process reported any previous
> > > deliveries between the start time and the present. The age of the
> > > connection (if not cached) is measured approximately from the
> > > later of the process start time and the last completed delivery
report.
> > >
> > > If no long-lived connections exist on the Linux end, find out why
> > > Exchange still believes there are unfinished connections (this is
> > > where packet captures and verbose logging are handy).
>
> So, have you made any progress on this front?
No progress yet...
>
> > Definitely exchange is keeping those connections open for an
> > excessive amount of time, and the postfix side does get dropped at some
point.
> > Even after the postfix side drops the connection, exchange still
> > shows them as open. It looks like postfix is dropping the
> > connection at about 10 minutes.
>
> And the logs for those events? If the non-refused connections
> consistently fail after ~10 minutes, that's the
> "smtp_data_done_timeout" which means Postfix sends "." and Exchange fails
to respond.
>
> - Understand Path MTU, and determine whether that's an issue
>
> - Understand what firewalls are between you and the servers in
> question.
>
> - Consider disabling PIPELINING to Exchange, because older versions
> (or broken firewalls) may mishandle "<CRLF>.<CRLF>QUIT<CRLF>".
>
> > On the exchange side those connections remain open and basically
> > don't close unless terminated.
>
> Exchange really should NOT be allowing client connections to sit idle
> for 12 hours tying up resources. What prehistoric version of the
> software are these sites running?
Running server 2003 & exchange 2003 nothing outdated there...
>
> > One thing I noticed is it appears that some messages make it through
> > without problem, while certain messages which look like they are
> > spam are the ones locking up. The exchange server has no anti-spam
> > applications or anti-virus so that's not what stopping it. This
> > seems to be true in all 3 servers this is happening in.
>
> Message size may have a lot to do with if the issue is path MTU.
> Message size also changes how packets are emitted, and may alter how
> PIPELINING interacts with Exchange.
>
> - Fix the firewalls if too much ICMP is blocked.
>
> - Fix the firewalls if they inspect SMTP and are confused by
> PIPELINING
>
> - Disable PIPELINING to Exchange (smtp_discard_ehlo_keywords)
> if Exchange PIPELINING is buggy.
>
Will try this now...
So create smtp_discard_ehlo_keyword_address_maps = hash:/etc/postfix/mapname
And in the mapname file put:
Client-domain.com pipelining
I only see the 3 options of: pipelining, starttls, auth in the doc I see,
should it bee nopipelining?
Thanks!
| Prev-Msg | Prev-Thread | Postfix-users | May-2008 | Next-Thread | Next-Msg |