On Wed, 11 Jul 2007, Jim Knuth wrote:
> please use in main.cf
>
> smtpd_policy_service_max_idle = 3600s
Per the postfix documentation, "The time after which an idle SMTPD policy
service connection is closed."
> smtpd_policy_service_max_ttl = 3600s
Documented as, "The time after which an active SMTPD policy service
connection is closed."
Both of these would seem to be related to how long postfix uses an existing
connection to the policy server. I don't really understand how they would
resolve the errors?
There are two different errors: "Connection timed out", which seems to be
an error at the actual TCP level where the connection is never established,
and "timeout on 127.0.0.1:12525 while reading input attribute name", which
seems to be when an existing connection fails to respond appropriately.
Do you think the errors are caused by excessive re-connections to the
servers, and increasing the timeouts results in fewer re-connections and
hence fewer errors?
> policy_time_limit = 3730
I could not find this configuration parameter in the postfix
main.cf documentation. I eventually found it in the example section of the
policy server documentation:
---------------
To create a policy service that listens on a UNIX-domain socket called
"policy", and that runs under control of the Postfix spawn(8) daemon, you
would use something like this:
1 /etc/postfix/master.cf:
2 policy unix - n n - 0 spawn
3 user=nobody argv=/some/where/policy-server
4
5 /etc/postfix/main.cf:
6 smtpd_recipient_restrictions =
7 ...
8 reject_unauth_destination
9 check_policy_service unix:private/policy
10 ...
11 policy_time_limit = 3600
NOTES:
*
Lines 2, 11: the Postfix spawn(8) daemon by default kills its child
process after 1000 seconds. This is too short for a policy daemon that may
run for as long as an SMTP client is connected to an SMTP server process.
The default time limit is overruled in main.cf with an explicit
"policy_time_limit" setting. The name of the parameter is the name of the
master.cf entry ("policy") concatenated with the "_time_limit" suffix.
---------------
If I understand correctly, this parameter would only apply for a policy
server named "policy" which is being spawned out of master.cf, not the case
for policyd-weight. I don't think this parameter would have any effect on a
policyd-weight configuration.
I did find a different parameter:
----
smtpd_policy_service_timeout (default: 100s)
The time limit for connecting to, writing to or receiving from a delegated
SMTPD policy server.
----
Possibly increasing this might reduce the number of timeouts when the
server doesn't respond quickly enough, but 100 seconds seems like an
awfully long time. Ideally policyd-weight shouldn't take nearly that long
to do its job.
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | [EMAIL PROTECTED]
California State Polytechnic University | Pomona CA 91768
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
