We have a firewall between our MTA and LDAP servers. The firewall is
currently (incorrectly) set to timeout all connections that are idle for >
30 minutes. Since I'm using this MTA for testing only atm, this regularly
occurs.
Even though amavis is configured to rely on multiple LDAP servers, it does
not correctly failover to one of the other LDAP servers when its connection
is timed out by the firewall:
May 8 16:26:49 edge01-zcs postfix/smtp[544]: 8B820255:
to=<quanah@xxxxxxxxxx>, relay=127.0.0.1[127.0.0.1]:10026, delay=300,
delays=0.14/0.01/0.01/300, dsn=4.4.2, status=deferred (conversation with
127.0.0.1[127.0.0.1] timed out while sending RCPT TO)
May 8 16:27:25 edge01-zcs amavis[29194]: (29194-02) (!)lookup_ldap: timed
out at (eval 101) line 185, <GEN15> line 101.
May 8 16:27:25 edge01-zcs amavis[29194]: (29194-02) (!)Requesting process
rundown, task exceeded allowed time
It seems amavis should check if its connection is still active, and if not,
fallover to one of the other LDAP servers in this scenario.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
