Hi Leon, I don't think the problem is caused by policyd, and you are not the only postfix users complaint about this.
Try setting smtpd_timeout = 60s. I had this setup for ages and never giving me any problem. Read the whole thread : http://www.security-express.com/archives/postfix/2007-08/1312.html Regards, Rianto Wahyudi Adela Putri Tirta Belek On 8/31/07, Leon de Jager <[EMAIL PROTECTED]> wrote: > Hi, > > Thanks for the pointers. > > I have looked around and it seems that a higher than default maxproc > value is not unusual in large mailhub environments. > > I treated it as suspicious behaviour since we've been running the same > setup for several years (default maxprox (100)) without any problems. > > > Below are the settings I have; > > TRIPLET_TIME=4m > > Cleanup is performed 01:30 AM every day. > > 30 1 * * * /usr/local/policyd/cleanup -c /usr/local/policyd/policyd.conf > > mysql query: > > mysql> SELECT _count,_datenew,_datelast FROM triplet WHERE > _host='210.98.1' AND > _from='[EMAIL PROTECTED]' AND > _rcpt='[EMAIL PROTECTED]'; > +--------+------------+------------+ > | _count | _datenew | _datelast | > +--------+------------+------------+ > | 0 | 1188547827 | 1188547827 | > +--------+------------+------------+ > 1 row in set (0.01 sec) > > postfix main.cf: > > smtpd_recipient_restrictions = > reject_invalid_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_sender_domain,reject_unauth_pipelining,permit_mynetworks,reject_unauth_destination, > reject_rbl_client sbl.spamhaus.org, > reject_rbl_client bl.spamcop.net, > #check_policy_service inet:127.0.0.1:2525 > check_policy_service inet:127.0.0.1:10031 > > We are running a DNS cache locally, and policyd is running on a > dedicate database server handling all mail related stuff (Postfix > transports/virtual users etc). > > Thanks for the whitelisting tip - at the moment I am not whitelisting > anyone but will soon do. > > Thanks again for your pointers. > > On 8/31/07, Rianto Wahyudi <[EMAIL PROTECTED]> wrote: > > > > How often do you run cleanup script ? > > How long do you set the triplet expiry ? > > > > Try selecting a triplet from MySQL and see how long does it take .. > > > > My other suggestion : > > - Make sure that policyd is called after recipient verification / after > > blacklist. > > - run DNS cache locally > > - run RBL locally and combine the zone file so postfix only do 1 lookup for > > various RBL. > > - Run policyd database on dedicated machine. > > - separate incoming mail and outgoing mail server. > > > > - Try using following DNS_Whitelist. It will help you cut down the number > > of triplet in your DB and also, allow almost 80% of email coming from > > proper mail server: > > ----------------------------+-------------------------------------------------------------+---------+ > > | _whitelist | _description > > | _expire | > > +----------------------------+-------------------------------------------------------------+---------+ > > | bigfish.com | # bigfish.com has smtp servers behind > > multiple ips | 0 | > > | %mail% | mail server > > | 0 | > > | %smtp% | mail server > > | 0 | > > | %.server-web.com | webcentral web servers > > | 0 | > > | %.iserver.net | Verio Webhosting > > | 0 | > > | %.messagelabs.net | MessageLabs > > | 0 | > > | %.ev1servers.net | # ev1 hosting company > > | 0 | > > | %hosting% | # big possibility of running proper mail > > server | 0 | > > | %mx%.% | # big possibility of running proper mail > > server | 0 | > > | %server% | # big possibility of running proper mail > > server | 0 | > > | %post% | # big possibility of running proper mail > > server | 0 | > > | %exchange% | # big possibility of running proper mail > > server | 0 | > > | %return% | # big possibility of running proper mail > > server | 0 | > > | ns1% | # big possibility of running proper mail > > server | 0 | > > | ns2% | # big possibility of running proper mail > > server | 0 | > > | %google.com | # Google > > | 0 | > > | %yahoo.com% | # Yahoo > > | 0 | > > | %hotmail.com% | # Hotmail > > | 0 | > > | %mta% | # likely to e a proper mail server > > | 0 | > > | %pobox.com | # pobox > > | 0 | > > | %smarthost% | # big possibility of running proper mail > > server | 0 | > > | %relay% | # big possibility of running proper mail > > server | 0 | > > | %proxy% | # big possibility of running proper mail > > server | 0 | > > | %list% | big possibility of mailing list server > > | 0 | > > | %bounce% | big possibility of mailing list server > > | 0 | > > | %.shared.server-system.net | # ATO outgoing mail server > > | 0 | > > | %www% | # big possibility of running proper mail > > server | 0 | > > | ns3% | # big possibility of running proper mail > > server | 0 | > > | %.lnk.telstra.net | # Telstra business IP address > > | 0 | > > | %gw1% | # big possibility of running proper mail > > server | 0 | > > | %gw2% | # big possibility of running proper mail > > server | 0 | > > | %gw-% | # big possibility of running proper mail > > server | 0 | > > | %outbound% | # big possibility of running proper mail > > server | 0 | > > | %filter% | # big possibility of running proper mail > > server | 0 | > > > > > > Hope this help. > > > > Regards, > > Rianto Wahyudi > > > > > > --- "Adela Putri Tirta Belek" > > > > > > > > > > > > > > Leon de Jager wrote: > > Hi, > > > > I have a setup of 6 MX servers, each running policyd and a database > > server with approximately 9 million records in the triplet table. > > > > Recently every now and then the MX's starts timing out when attempting > > smtp connections to it and on closer inspection I can see the default > > maxproc of postfix has been reached. > > > > Postfix config is pretty standard with virtual mailboxes etc, policyd > > has the following enabled; > > > > FAILSAFE > > DATABASE_KEEPALIVE > > DAEMON > > WHITELISTING > > BLACKLIST_HELO > > HELO_CHECK > > GREYLISTING > > > > I've set the maxproc to 500 for now and closely monitoring the server > > and database server. > > > > mx03:~# ps aux | grep smtpd | wc -l > > 297 > > > > Has anyone here come across this behaviour? Any suggestions? > > Previously I had postfix-gld running and never came across this... > > > > Many thanks in advance. > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. > > Still grepping through log files to find problems? Stop. > > Now Search log events and configuration files using AJAX and a browser. > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > _______________________________________________ > > policyd-users mailing list > > policyd-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/policyd-users > > > > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. > > Still grepping through log files to find problems? Stop. > > Now Search log events and configuration files using AJAX and a browser. > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > _______________________________________________ > > policyd-users mailing list > > policyd-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/policyd-users > > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > policyd-users mailing list > policyd-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/policyd-users > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
