--On Tuesday, May 08, 2012 4:28 PM -0700 Quanah Gibson-Mount
<[email protected]> wrote:
We have a firewall between our MTA and LDAP servers. The firewall is
currently (incorrectly) set to timeout all connections that are idle for
> 30 minutes. Since I'm using this MTA for testing only atm, this
regularly occurs.
Even though amavis is configured to rely on multiple LDAP servers, it
does not correctly failover to one of the other LDAP servers when its
connection is timed out by the firewall:
May 8 16:26:49 edge01-zcs postfix/smtp[544]: 8B820255:
to=<quanah@xxxxxxxxxx>, relay=127.0.0.1[127.0.0.1]:10026, delay=300,
delays=0.14/0.01/0.01/300, dsn=4.4.2, status=deferred (conversation with
127.0.0.1[127.0.0.1] timed out while sending RCPT TO)
May 8 16:27:25 edge01-zcs amavis[29194]: (29194-02) (!)lookup_ldap:
timed out at (eval 101) line 185, <GEN15> line 101.
May 8 16:27:25 edge01-zcs amavis[29194]: (29194-02) (!)Requesting
process rundown, task exceeded allowed time
It seems amavis should check if its connection is still active, and if
not, fallover to one of the other LDAP servers in this scenario.
I guess this is really an issue to bring up with the Net::LDAP folks... It
requires setting TCP keepalives at the network layer to keep the connection
open.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
