--On Thursday, July 24, 2008 9:35 AM -0400 Victor Duchovni
<[EMAIL PROTECTED]> wrote:
On Wed, Jul 23, 2008 at 10:02:48PM -0700, Quanah Gibson-Mount wrote:
We found that if we are using startTLS with postfix, and heavily load
postfix, that it Postfix stops working, even though the LDAP server
continues to accept connections from other clients just fine using
startTLS. Here's an example snippet from the log:
Jul 23 21:34:08 qa96 postfix/cleanup[94633]: error: dict_ldap_connect:
Unable to set STARTTLS: -1: Can't contact LDAP server
Without "proxymap" a busy Postfix server will generate thousands of LDAP
connections. Strongly suggest that at least for tables used by smtpd(8),
cleanup(8), and smtp(8) you use proxymap(8):
Postfix tends to mainly use persistent connections. The persistent
connections are unaffected. It is only trivial-rewrite and cleanup that
have problems here. The LDAP server, as I noted previously, continues to
operate and take all other incoming connections just fine. I will see if
using the proxy bit makes any difference however.
As you can see, the problem is happening at 21:34:08, after which point
I issued an ldapsearch using startTLS, which succeeds just fine.
Postfix continues to be unable to create any new connections. Existing
connections, however, continue to work:
Naturally under connection overload, some succeed and others fail.
No, all other connections that are not generated by postfix succeed.
There's no evidence at all that Postfix is even attempting to make any
connection to the LDAP server.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
