postfix mysql lookup table has some kind of caching?
Hy, I want to setup a system who warmes the sending ip`s, so i made a mysql transport map where per domain i can add how much % to relay from main ip pool to the warmup ip pool. The problem is that if manually I change in the database for example yahoo.com domain from 0 percent to 100 percent the postfix uses the old settings for around 20 seconds, so it means that i cant control the system, if i specify let say 20%. Thank U.
Re: How do I handle mails for only one user of a certain domain?
On Thu, Feb 23, 2012 at 07:21:03PM +, Luca Pacor wrote: Hello there, First of all I tell you that this is my first postfix installation so please be patient... I have following scenario: fetchmail -- postfix -- amavis-new -- postfix -- exchange 2010. Everything -except exchange ;-)- runs on an opensuse 12.1 box. Now, I have a list of domains entirely managed and hosted here so I have resolved everything using the transport file (do.main.name smtp: [exchange.ser.ver]) and the entries in the main.cf file (mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, do.main.one, do.main.two, domain.diffi.cult). So far so good, everything seems to work for the simple domains. Now, I have got one user with an address at domain.diffi.cult and this domain is not hosted by me. This user has a mailbox on the exchange server and everything is working fine on that side. How can I configure postfix to deliver the mails for myu...@domain.diffi.cultmailto:myu...@domain.diffi.cult locally and all the others @domain.diffi.cult to the internet? Change the entry for domain.diffi.cult and .domain.diffi.cult in your transport map to the MX for this domain: domain.diffi.cult smtp:domain.diffi.cult .domain.diffi.cult smtp:domain.diffi.cult For myu...@domain.diffi.cult add a sender_dependent_relayhost_maps (http://www.postfix.org/postconf.5.html#sender_dependent_relayhost_maps) in your main.cf and point your user to your exchange: myu...@domain.diffi.cultsmtp:[exchange.ser.ver] Dennis [..]
Re: postfix mysql lookup table has some kind of caching?
On 2/24/2012 2:04 AM, Bányász Botond wrote: Hy, I want to setup a system who warmes the sending ip`s, so i made a mysql transport map where per domain i can add how much % to relay from main ip pool to the warmup ip pool. The problem is that if manually I change in the database for example yahoo.com http://yahoo.com/ domain from 0 percent to 100 percent the postfix uses the old settings for around 20 seconds, so it means that i cant control the system, if i specify let say 20%. Thank U. The transport lookup has a 1-element cache. This is not configurable. -- Noel Jones
Re: postfix mysql lookup table has some kind of caching?
What means this 1-element cache? it caches the last lookup? Banyasz Botond Phone:0740138717 Ymes:banyasz_b From: Noel Jones njo...@megan.vbhcs.org To: Bányász Botond banyas...@yahoo.com; postfix-users@postfix.org postfix-users@postfix.org Sent: Friday, February 24, 2012 3:41 PM Subject: Re: postfix mysql lookup table has some kind of caching? On 2/24/2012 2:04 AM, Bányász Botond wrote: Hy, I want to setup a system who warmes the sending ip`s, so i made a mysql transport map where per domain i can add how much % to relay from main ip pool to the warmup ip pool. The problem is that if manually I change in the database for example yahoo.com http://yahoo.com/ domain from 0 percent to 100 percent the postfix uses the old settings for around 20 seconds, so it means that i cant control the system, if i specify let say 20%. Thank U. The transport lookup has a 1-element cache. This is not configurable. -- Noel Jones
Re: postfix mysql lookup table has some kind of caching?
On 2/24/2012 8:04 AM, Bányász Botond wrote: What means this 1-element cache? it caches the last lookup? Right. The cache is not specific to mysql, but is a feature of the trivial-rewrite transport lookup. This is only likely to be noticed when you use mysql-based transport_maps and a high percentage of the queue is for a single destination. This is not configurable. The workaround is to use a hash: or cdb: table, which triggers a restart of trivial-rewrite upon changes -- but note that frequent restarts of trivial-rewrite may be bad for performance. -- Noel Jones
Enabling SSL on SMTP Communications
I'm trying to enable postfix to use an SSL certificate for sending email but when I enable SMTP on my outlook client, I get this message: Send test e-mail message: Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Interenet service provider (ISP) for additional assistance. If I use TLS as an encryption method rather than SSL, it works. Here is the configuration in my main.cf: smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/pki/tls/certs/stopspam.nicanada.com.crt smtpd_tls_key_file = /etc/pki/tls/certs/stopspam.nicanada.com.key I have also added the following in my master.cf file as well: smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject Any ideas why it is not working?
Understanding address verification
Having a problem understanding where my issue is with AV for this one (maybe more) domain. I see the following message for this unknown user where AV seems to be working, I only cache positives mx1# grep 8024C2E2BD /var/log/maillog Feb 24 08:33:45 mx1 postfix/cleanup[7752]: 8024C2E2BD: message-id=20120224133345.8024c2e...@mx1.webtent.net Feb 24 08:33:45 mx1 postfix/qmgr[73990]: 8024C2E2BD: from=double-bou...@mx1.webtent.net, size=271, nrcpt=1 (queue active) Feb 24 08:33:50 mx1 postfix/smtp[6812]: 8024C2E2BD: enabling PIX workarounds: disable_esmtp delay_dotcrlf for x.x.x.x[x.x.x.x]:25 Feb 24 08:33:55 mx1 postfix/smtp[6812]: 8024C2E2BD: to=tmia...@example.com, relay=x.x.x.x[x.x.x.x]:25, delay=10, delays=0.01/0.01/5.1/5, dsn=5.1.1, status=undeliverable-but-not-cached (host x.x.x.x[x.x.x.x] said: 550 5.1.1 User unknown (in reply to RCPT TO command)) Feb 24 08:34:00 mx1 postfix/qmgr[73990]: 8024C2E2BD: removed But unlike other domains that we transport for, I do not see the NOQUEUE reject log entries for this user address, I do see the deliveries for this user to localhost for scanning. Does this mean the address is in the verify db already as a good address? But then I would not understand why it would be checking again if that was the case. I do understand that AV will not reject if it can answer promptly, but still can't figure out why these messages are getting to the local scanner mx1# grep 83C1B2E2D6 /var/log/maillog Feb 24 08:33:45 mx1 postfix/smtpd[7085]: 83C1B2E2D6: client=rot.hbagac.com[70.99.240.229] Feb 24 08:33:45 mx1 postfix/cleanup[7806]: 83C1B2E2D6: message-id=1psq9w1e2.xplsni5lho6...@hbagac.com Feb 24 08:33:45 mx1 postfix/qmgr[73990]: 83C1B2E2D6: from=cordial...@hbagac.com, size=8570, nrcpt=1 (queue active) Feb 24 08:33:48 mx1 postfix/smtp[5906]: 83C1B2E2D6: to=tmia...@example.com, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=0.47/0/0/2.9, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=07851-02) Feb 24 08:33:48 mx1 postfix/qmgr[73990]: 83C1B2E2D6: removed Can someone help me understand what I have going on here with this domain? Here is my postfconf if it can shed some light ... mx1# postconf -n address_verify_map = btree:$data_directory/verify address_verify_negative_cache = no address_verify_poll_count = 1 alias_maps = hash:/usr/local/etc/postfix/aliases bounce_queue_lifetime = 1d broken_sasl_auth_clients = yes canonical_maps = ldap:/usr/local/etc/postfix/ldap/canonical.cf command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix delay_warning_time = 4h disable_vrfy_command = yes html_directory = /usr/local/share/doc/postfix mail_owner = postfix mailbox_size_limit = 10240 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man maximal_backoff_time = 1000s maximal_queue_lifetime = 1d message_size_limit = 5120 mynetworks = 127.0.0.0/8, snip newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix relay_domains = ldap:/usr/local/etc/postfix/ldap/transport.cf sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = $myhostname ESMTP Mail Exchange smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_restrictions = permit_mynetworks smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_client_access cidr:/usr/local/etc/postfix/relay_clients, check_client_access ldap:/usr/local/etc/postfix/ldap/relay_clients.cf, check_client_access hash:/usr/local/etc/postfix/client_checks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_helo_access hash:/usr/local/etc/postfix/helo_checks, check_recipient_access pcre:/usr/local/etc/postfix/recipient_checks.pcre, check_recipient_access ldap:/usr/local/etc/postfix/ldap/verification.cf, reject_rbl_client zen.spamhaus.org, permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_mynetworks check_sender_access hash:/usr/local/etc/postfix/sender_access reject_unknown_sender_domain check_sender_access ldap:/usr/local/etc/postfix/ldap/verification-sender.cf smtpd_tls_CAfile = /usr/local/etc/postfix/cacert.pem smtpd_tls_cert_file = /usr/local/etc/postfix/mx1-cert.pem smtpd_tls_key_file = /usr/local/etc/postfix/mx1-key.pem smtpd_tls_security_level = may smtpd_use_tls = yes transport_maps = ldap:/usr/local/etc/postfix/ldap/transport.cf unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 Thank you.
Re: Understanding address verification
Robert Fitzpatrick: (maybe more) domain. I see the following message for this unknown user where AV seems to be working, I only cache positives ... Feb 24 08:33:55 mx1 postfix/smtp[6812]: 8024C2E2BD: to=tmia...@example.com, relay=x.x.x.x[x.x.x.x]:25, delay=10, delays=0.01/0.01/5.1/5, dsn=5.1.1, status=undeliverable (host x.x.x.x[x.x.x.x] said: 550 5.1.1 User unknown (in reply to RCPT TO command)) Feb 24 08:34:00 mx1 postfix/qmgr[73990]: 8024C2E2BD: removed But unlike other domains that we transport for, I do not see the NOQUEUE reject log entries for this user address, I do see the deliveries for If you don't save the probe result, then the result is thrown away. Telepathic computing is not yet commercially available. Wietse
Re: Understanding address verification
Robert Fitzpatrick: On 2/24/2012 2:44 PM, Wietse Venema wrote: Robert Fitzpatrick: (maybe more) domain. I see the following message for this unknown user where AV seems to be working, I only cache positives ... Feb 24 08:33:55 mx1 postfix/smtp[6812]: 8024C2E2BD: to=tmia...@example.com, relay=x.x.x.x[x.x.x.x]:25, delay=10, delays=0.01/0.01/5.1/5, dsn=5.1.1, status=undeliverable (host x.x.x.x[x.x.x.x] said: 550 5.1.1 User unknown (in reply to RCPT TO command)) Feb 24 08:34:00 mx1 postfix/qmgr[73990]: 8024C2E2BD: removed But unlike other domains that we transport for, I do not see the NOQUEUE reject log entries for this user address, I do see the deliveries for If you don't save the probe result, then the result is thrown away. Telepathic computing is not yet commercially available. Thanks, yes, I understand why it is doing AV. What I don't understand is how come another message to the same recipient around the same time gets delivered to localhost for scanning. Your configuration throws away negative probe results. Therefore, negative probe results never block mail. Wietse
Re: Understanding address verification
Wietse Venema: Robert Fitzpatrick: On 2/24/2012 2:44 PM, Wietse Venema wrote: Robert Fitzpatrick: (maybe more) domain. I see the following message for this unknown user where AV seems to be working, I only cache positives ... Feb 24 08:33:55 mx1 postfix/smtp[6812]: 8024C2E2BD: to=tmia...@example.com, relay=x.x.x.x[x.x.x.x]:25, delay=10, delays=0.01/0.01/5.1/5, dsn=5.1.1, status=undeliverable (host x.x.x.x[x.x.x.x] said: 550 5.1.1 User unknown (in reply to RCPT TO command)) Feb 24 08:34:00 mx1 postfix/qmgr[73990]: 8024C2E2BD: removed But unlike other domains that we transport for, I do not see the NOQUEUE reject log entries for this user address, I do see the deliveries for If you don't save the probe result, then the result is thrown away. Telepathic computing is not yet commercially available. Thanks, yes, I understand why it is doing AV. What I don't understand is how come another message to the same recipient around the same time gets delivered to localhost for scanning. Your configuration throws away negative probe results. Therefore, negative probe results never block mail. Additionally, when a previous probe result is cached, Postfix will attempt to refresh that before it expires. The purpose is to avoid delays that are visible to the SMTP client. There is also is some logic to prevent a negative probe result from replacing a positive result. This is needed because Postfix will try to refresh a probe result before it expires. Wietse
Re: Understanding address verification
On 2/24/2012 3:40 PM, Wietse Venema wrote: Robert Fitzpatrick: On 2/24/2012 2:44 PM, Wietse Venema wrote: Robert Fitzpatrick: (maybe more) domain. I see the following message for this unknown user where AV seems to be working, I only cache positives ... Feb 24 08:33:55 mx1 postfix/smtp[6812]: 8024C2E2BD: to=tmia...@example.com, relay=x.x.x.x[x.x.x.x]:25, delay=10, delays=0.01/0.01/5.1/5, dsn=5.1.1, status=undeliverable (host x.x.x.x[x.x.x.x] said: 550 5.1.1 User unknown (in reply to RCPT TO command)) Feb 24 08:34:00 mx1 postfix/qmgr[73990]: 8024C2E2BD: removed But unlike other domains that we transport for, I do not see the NOQUEUE reject log entries for this user address, I do see the deliveries for If you don't save the probe result, then the result is thrown away. Telepathic computing is not yet commercially available. Thanks, yes, I understand why it is doing AV. What I don't understand is how come another message to the same recipient around the same time gets delivered to localhost for scanning. Your configuration throws away negative probe results. Therefore, negative probe results never block mail. That is the part I didn't understand. What exactly triggers the other rejections I see with NOQUEUE? I thought each message would be rejected as an unverified address if not found in the verify db. And telling Postfix not to keep negative probes only meant that the downstream server would be probed every time an address is seen. Thanks again, I really appreciate you helping me get my head around how this works.
Re: Enabling SSL on SMTP Communications
On Fri, Feb 24, 2012 at 04:28:01PM +, Kaleb Hosie wrote: I'm trying to enable postfix to use an SSL certificate for sending email but when I enable SMTP on my outlook client, I get this message: You are misled by the confusing overloading of the various terms relating to transport layer security (TLS). - There are X.509 certificates, otherwise called SSL certificates used to authenticate the endpoint of a TLS connection. - There is a communications protocol that used to be called SSL, then renamed to SSLv3 when the prevalent form SSLv2 was found to be weak. This got standardized by the IETF and became TLSv1.0 (aka SSLv3.1). There are now also TLSv1.1 (SSLv3.2) and TLSv1.2 (SSLv3.3). All of these are variously called SSL or TLS. - There are two ways of using SSL/TLS in an application protocol, the first is to define a new service port for the application and start all connections to the alternate port with an SSL handshake. Mail clients confusingly call this SSL. The second is to use a single port for both encrypted and unencrypted traffic and to define an application-specific mechanism to negotiate a transition from plaintext to encryption. This mechanism is usually called STARTTLS, but mail clients confusingly call it TLS. All you want is a secure connection, but your mail client wants to know whether it will use encryption right away (which it will call SSL) or negotiate via STARTTLS (which it will call TLS). Since for SMTP the SSL variant is deprecated and non-standard and STARTTLS is the standard way to encrypt the transport, you should be using TLS (that is STARTTLS) in most cases, with SSL certs and the SSL/TLS protocol (negotiated inside SMTP). If I use TLS as an encryption method rather than SSL, it works. Good. Do that and you're all set. smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/pki/tls/certs/stopspam.nicanada.com.crt smtpd_tls_key_file = /etc/pki/tls/certs/stopspam.nicanada.com.key I have also added the following in my master.cf file as well: smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject Any ideas why it is not working? You've probably not told the client to use port 465. On either 25 or 587 you're likely offering STARTTLS. I would disable the smtps service unless your clients are a decade out of date and can't STARTTLS. -- Viktor.
Re: Understanding address verification
On 2/24/2012 4:17 PM, Wietse Venema wrote: There is also is some logic to prevent a negative probe result from replacing a positive result. This is needed because Postfix will try to refresh a probe result before it expires. Just read this after my last post. Perhaps this explains, the address is in the cache as positive and not expired. That would be why I don't see rejects. But why do I see the AV probe again each time the address comes in? Thanks again
Re: Understanding address verification
Robert Fitzpatrick: On 2/24/2012 4:17 PM, Wietse Venema wrote: There is also is some logic to prevent a negative probe result from replacing a positive result. This is needed because Postfix will try to refresh a probe result before it expires. Just read this after my last post. Perhaps this explains, the address is in the cache as positive and not expired. That would be why I don't see rejects. But why do I see the AV probe again each time the address comes in? That is explained in my two sentences above. I am not a pervert who has a better explanation but refuses to share it. Wietse
Re: Understanding address verification
Robert Fitzpatrick: But unlike other domains that we transport for, I do not see the NOQUEUE reject log entries for this user address, I do see the deliveries for If you don't save the probe result, then the result is thrown away. Telepathic computing is not yet commercially available. Thanks, yes, I understand why it is doing AV. What I don't understand is how come another message to the same recipient around the same time gets delivered to localhost for scanning. Your configuration throws away negative probe results. Therefore, negative probe results never block mail. That is the part I didn't understand. What exactly triggers the other rejections I see with NOQUEUE? I thought each message would be rejected What other rejections? You have shown nothing. Wietse
Re: Enabling SSL on SMTP Communications
Le 24/02/2012 17:28, Kaleb Hosie a écrit : I'm trying to enable postfix to use an SSL certificate for sending email but when I enable SMTP on my outlook client, I get this message: Send test e-mail message: Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Interenet service provider (ISP) for additional assistance. If I use TLS as an encryption method rather than SSL, it works. there are two ways to implement ssl/tls in smtp: - the non-standard way: smtp over ssl (smtps). in postfix, this is called wrapper mode tls. this is what old version of outluck suuport. you can use this by enabling smtps in your master.cf. your client needs to use the smtps port instead of the smtp port. - the standard is STARTTLS. this uses the standard smtp port (25). mail user agents may have different names for these mode. sometimes they use ssl for the first and tls for the second. this is a MUA UI choice. you'll need to figure out what your MUA is trying to say. if you can't, ask your vendor. Here is the configuration in my main.cf: smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/pki/tls/certs/stopspam.nicanada.com.crt smtpd_tls_key_file = /etc/pki/tls/certs/stopspam.nicanada.com.key I have also added the following in my master.cf file as well: smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject Any ideas why it is not working?
Re: Understanding address verification
On 2012-02-24 4:33 PM, Wietse Venema wie...@porcupine.org wrote: That is explained in my two sentences above. I am not a pervert who has a better explanation but refuses to share it. Maybe not, but you definitely have one of the driest senses of humor I've ever seen... thanks for making me spill my tea all over my desk... Rotflmao! -- Best regards, Charles
Re: Understanding address verification
On 2/24/2012 4:29 PM, Wietse Venema wrote: That is the part I didn't understand. What exactly triggers the other rejections I see with NOQUEUE? I thought each message would be rejected What other rejections? You have shown nothing. Yes, for I have failed to post all that I have referenced... Feb 24 16:04:29 mx1 postfix/smtpd[48318]: NOQUEUE: reject: RCPT from modadona.com[27.50.112.91]: 450 4.1.1 v...@example2.com: Recipient address rejected: unverified address: Address verification in progress; from=n...@batelco.com.bh to=v...@example2.com proto=ESMTP helo=modadona.com But I think I understand now, thanks for helping, excuse me for trying to completely understand your great works :)
Building Postfix without Berkeley DB
Hello, I am getting errors when trying to use -DNO_DB option (both from 2.9.1 and 2.10.x) # make makefiles CCARGS=-DNO_DB make -f Makefile.in MAKELEVEL= Makefiles (echo # Do not edit -- this file documents how Postfix was built for your machine.; /bin/sh makedefs) makedefs.tmp No db.h include file found. Install the appropriate db*-devel package first. See the RELEASE_NOTES file for more information. make: *** [Makefiles] Error 1 make: *** [makefiles] Error 2 and makedefs.tmp has just one comment. The above was not my original make statement. I had the ldap includes along with the above 'No DB, but the result was still the same. Should I be including any other options additionally? Thanks
Re: Building Postfix without Berkeley DB
Gamet A.: Hello, I am getting errors when trying to use -DNO_DB option (both from 2.9.1 and 2.10.x) # make makefiles CCARGS=-DNO_DB make -f Makefile.in MAKELEVEL= Makefiles (echo # Do not edit -- this file documents how Postfix was built for your machine.; /bin/sh makedefs) makedefs.tmp No db.h include file found. Install the appropriate db*-devel package first. See the RELEASE_NOTES file for more information. make: *** [Makefiles] Error 1 make: *** [makefiles] Error 2 and makedefs.tmp has just one comment. The above was not my original make statement. I had the ldap includes along with the above 'No DB, but the result was still the same. Should I be including any other options additionally? You will have to comment out the LINUX-specific Berkeley DB check in the makedefs script. Wietse
Disabling debug (DEBUG=)
Here are my compilation command list: --- installDir=/usr/local/postfix-2.10 make CCARGS='-DNO_DB' tidy make makefiles CCARGS=-DNO_DB -I/usr/local/ldap/include -DHAS_LDAP -DDEF_CONFIG_DIR='$installDir/etc' -DDEF_COMMAND_DIR='$installDir/sbin' -DDEF_DAEMON_DIR='$installDir/libexec' -DDEF_MAILQ_DIR='$installDir/bin' -DDEF_DATA_DIR='$installDir/data' -DDEF_QUEUE_DIR='/var/log/postfix/spool' -DDEF_MANPAGE_DIR='$installDir/man' DEBUG='' \ UXLIBS=-L/usr/local/ldap/lib -lldap -L/usr/local/ldap/lib -llber make --- Output: --- # make rm -f libexec/post-install ln -f conf/post-install libexec/post-install rm -f libexec/postfix-files ln -f conf/postfix-files libexec/postfix-files rm -f libexec/postfix-script ln -f conf/postfix-script libexec/postfix-script rm -f libexec/postfix-wrapper ln -f conf/postfix-wrapper libexec/postfix-wrapper rm -f libexec/main.cf ln -f conf/main.cf libexec/main.cf rm -f libexec/master.cf ln -f conf/master.cf libexec/master.cf rm -f libexec/postmulti-script ln -f conf/postmulti-script libexec/postmulti-script set -e; for i in src/util src/global src/dns src/tls src/xsasl src/milter src/master src/postfix src/fsstone src/smtpstone src/sendmail src/error src/pickup src/cleanup src/smtpd src/local src/trivial-rewrite src/qmgr src/oqmgr src/smtp src/bounce src/pipe src/showq src/postalias src/postcat src/postconf src/postdrop src/postkick src/postlock src/postlog src/postmap src/postqueue src/postsuper src/qmqpd src/spawn src/flush src/verify src/virtual src/proxymap src/anvil src/scache src/discard src/tlsmgr src/postmulti src/postscreen src/dnsblog src/tlsproxy; do \ (set -e; echo [$i]; cd $i; make 'CC=gcc -Wmissing-prototypes -Wformat -DNO_DB -I/usr/local/ldap/include -DHAS_LDAP -DDEF_CONFIG_DIR='/usr/local/postfix-2.10/etc' -DDEF_COMMAND_DIR='/usr/local/postfix-2.10/sbin' -DDEF_DAEMON_DIR='/usr/local/postfix-2.10/libexec' -DDEF_MAILQ_DIR='/usr/local/postfix-2.10/bin' -DDEF_DATA_DIR='/usr/local/postfix-2.10/data' -DDEF_QUEUE_DIR='/var/log/postfix/spool' -DDEF_MANPAGE_DIR='/usr/local/postfix-2.10/man' DEBUG='' -DSNAPSHOT' update MAKELEVEL=) || exit 1; \ done [src/util] gcc -Wmissing-prototypes -Wformat -DNO_DB -I/usr/local/ldap/include -DHAS_LDAP -DDEF_CONFIG_DIR=/usr/local/postfix-2.10/etc -DDEF_COMMAND_DIR=/usr/local/postfix-2.10/sbin -DDEF_DAEMON_DIR=/usr/local/postfix-2.10/libexec -DDEF_MAILQ_DIR=/usr/local/postfix-2.10/bin -DDEF_DATA_DIR=/usr/local/postfix-2.10/data -DDEF_QUEUE_DIR=/var/log/postfix/spool -DDEF_MANPAGE_DIR=/usr/local/postfix-2.10/man DEBUG= -DSNAPSHOT -g -O -I. -DLINUX2 -c alldig.c gcc: DEBUG=: No such file or directory make: *** [alldig.o] Error 1 make: *** [update] Error 1 --- I tried with both DEBUG= and DEBUG='', but with the same above outcome. Are there any other parameters to pass to disable debug? Thanks
Re: Disabling debug (DEBUG=)
I removed the DEBUG= to continue with the compilation and the compilation stopped at the following in both 2.9 and 2.10 versions: gcc -Wmissing-prototypes -Wformat -DNO_DB -I/usr/local/ldap/include -DHAS_LDAP -DDEF_CONFIG_DIR=/usr/local/postfix-2.10/etc -DDEF_COMMAND_DIR=/usr/local/postfix-2.10/sbin -DDEF_DAEMON_DIR=/usr/local/postfix-2.10/libexec -DDEF_MAILQ_DIR=/usr/local/postfix-2.10/bin -DDEF_DATA_DIR=/usr/local/postfix-2.10/data -DDEF_QUEUE_DIR=/var/log/postfix/spool -DDEF_MANPAGE_DIR=/usr/local/postfix-2.10/man -DSNAPSHOT -g -O -I. -I../../include -DLINUX2 -c mail_conf.c mail_conf.c: In function ‘mail_conf_checkdir’: mail_conf.c:127: error: expected expression before ‘/’ token mail_conf.c: In function ‘mail_conf_suck’: mail_conf.c:177: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token mail_conf.c:185: error: expected expression before ‘/’ token make: *** [mail_conf.o] Error 1 make: *** [update] Error 1 Here is my system info: # uname -a Linux localhost 2.6.32-042stab049.6 #1 SMP Mon Feb 6 19:17:43 MSK 2012 x86_64 x86_64 x86_64 GNU/Linux # gcc -v Using built-in specs. Target: x86_64-redhat-linux Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla--enable-bootstrap --enable-shared --enable-threads=posix --enable-checking=release --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk --disable-dssi --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib --with-ppl --with-cloog --with-tune=generic --with-arch_32=i686 --build=x86_64-redhat-linux Thread model: posix gcc version 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) Thanks On Fri, Feb 24, 2012 at 9:33 PM, Gamet A. game...@gmail.com wrote: Here are my compilation command list: --- installDir=/usr/local/postfix-2.10 make CCARGS='-DNO_DB' tidy make makefiles CCARGS=-DNO_DB -I/usr/local/ldap/include -DHAS_LDAP -DDEF_CONFIG_DIR='$installDir/etc' -DDEF_COMMAND_DIR='$installDir/sbin' -DDEF_DAEMON_DIR='$installDir/libexec' -DDEF_MAILQ_DIR='$installDir/bin' -DDEF_DATA_DIR='$installDir/data' -DDEF_QUEUE_DIR='/var/log/postfix/spool' -DDEF_MANPAGE_DIR='$installDir/man' DEBUG='' \ UXLIBS=-L/usr/local/ldap/lib -lldap -L/usr/local/ldap/lib -llber make --- Output: --- # make rm -f libexec/post-install ln -f conf/post-install libexec/post-install rm -f libexec/postfix-files ln -f conf/postfix-files libexec/postfix-files rm -f libexec/postfix-script ln -f conf/postfix-script libexec/postfix-script rm -f libexec/postfix-wrapper ln -f conf/postfix-wrapper libexec/postfix-wrapper rm -f libexec/main.cf ln -f conf/main.cf libexec/main.cf rm -f libexec/master.cf ln -f conf/master.cf libexec/master.cf rm -f libexec/postmulti-script ln -f conf/postmulti-script libexec/postmulti-script set -e; for i in src/util src/global src/dns src/tls src/xsasl src/milter src/master src/postfix src/fsstone src/smtpstone src/sendmail src/error src/pickup src/cleanup src/smtpd src/local src/trivial-rewrite src/qmgr src/oqmgr src/smtp src/bounce src/pipe src/showq src/postalias src/postcat src/postconf src/postdrop src/postkick src/postlock src/postlog src/postmap src/postqueue src/postsuper src/qmqpd src/spawn src/flush src/verify src/virtual src/proxymap src/anvil
Re: Disabling debug (DEBUG=)
On Fri, 2012-02-24 at 21:33:30 -0500, Gamet A. wrote: Here are my compilation command list: --- installDir=/usr/local/postfix-2.10 make CCARGS='-DNO_DB' tidy make makefiles CCARGS=-DNO_DB -I/usr/local/ldap/include -DHAS_LDAP -DDEF_CONFIG_DIR='$installDir/etc' -DDEF_COMMAND_DIR='$installDir/sbin' -DDEF_DAEMON_DIR='$installDir/libexec' -DDEF_MAILQ_DIR='$installDir/bin' -DDEF_DATA_DIR='$installDir/data' -DDEF_QUEUE_DIR='/var/log/postfix/spool' -DDEF_MANPAGE_DIR='$installDir/man' DEBUG='' \ UXLIBS=-L/usr/local/ldap/lib -lldap -L/usr/local/ldap/lib -llber AUXLIBS, not UXLIBS. See INSTALL, which explains how to turn off debugging, and the phrase: IMPORTANT: Be sure to get the quotes right. These details matter a lot. ... I tried with both DEBUG= and DEBUG='', but with the same above outcome. Are there any other parameters to pass to disable debug? ... DEBUG= -- Sahil Tandon
Re: Disabling debug (DEBUG=)
Here are my compilation command list: --- installDir=/usr/local/postfix-2.10 make CCARGS='-DNO_DB' tidy make makefiles CCARGS=-DNO_DB -I/usr/local/ldap/include -DHAS_LDAP -DDEF_CONFIG_DIR='$installDir/etc' -DDEF_COMMAND_DIR='$installDir/sbin' -DDEF_DAEMON_DIR='$installDir/libexec' -DDEF_MAILQ_DIR='$installDir/bin' -DDEF_DATA_DIR='$installDir/data' -DDEF_QUEUE_DIR='/var/log/postfix/spool' -DDEF_MANPAGE_DIR='$installDir/man' DEBUG='' \ UXLIBS=-L/usr/local/ldap/lib -lldap -L/usr/local/ldap/lib -llber AUXLIBS, not UXLIBS. See INSTALL, which explains how to turn off debugging, and the phrase: That was a typo. IMPORTANT: Be sure to get the quotes right. These details matter a lot. Quotes were not the issue. I got the error messages, kind of, half the way through compilation. A lot of files got compiled before the noted errors. ... I tried with both DEBUG= and DEBUG='', but with the same above outcome. Are there any other parameters to pass to disable debug? ... DEBUG= -- Sahil Tandon As I noted in the mail, that doesn't work. Thanks
Re: Disabling debug (DEBUG=)
Here are my compilation command list: --- installDir=/usr/local/postfix-2.10 make CCARGS='-DNO_DB' tidy make makefiles CCARGS=-DNO_DB -I/usr/local/ldap/include -DHAS_LDAP -DDEF_CONFIG_DIR='$installDir/etc' -DDEF_COMMAND_DIR='$installDir/sbin' -DDEF_DAEMON_DIR='$installDir/libexec' -DDEF_MAILQ_DIR='$installDir/bin' -DDEF_DATA_DIR='$installDir/data' -DDEF_QUEUE_DIR='/var/log/postfix/spool' -DDEF_MANPAGE_DIR='$installDir/man' DEBUG='' \ UXLIBS=-L/usr/local/ldap/lib -lldap -L/usr/local/ldap/lib -llber AUXLIBS, not UXLIBS. See INSTALL, which explains how to turn off debugging, and the phrase: That was a typo. IMPORTANT: Be sure to get the quotes right. These details matter a lot. Quotes were not the issue. I got the error messages, kind of, half the way through compilation. A lot of files got compiled before the noted errors. ... I tried with both DEBUG= and DEBUG='', but with the same above outcome. Are there any other parameters to pass to disable debug? ... DEBUG= -- Sahil Tandon As I noted in the mail, that doesn't work. Thanks My bad! Sahil is right. From the install document: --- % make makefiles CCARGS='-DDEF_CONFIG_DIR=\/some/where\' % make IMPORTANT: Be sure to get the quotes right. These details matter a lot. --- Changed the quotes around and compilation completed successful. On to next step, configuring.
Re: Delay before initial 220 greeting
On 2/23/2012 1:50 PM, Alex wrote: Hi, I have a postfix-2.8.7 system with fedora15 and amavisd-new-2.6.6. Lately I have been experiencing significant delays before receiving the initial postfix 220 greeting from all remote hosts. I've verified What is the output from: grep warning: /var/log/maillog Then you may want to read this webpage: http://www.postfix.org/STRESS_README.html You've already got a default_process_limit of 200 which should be more than plenty for a very large inbound stream, assuming everything else is in order. It turned out increasing default_process_limit to 300 solved the problem, although after reading your other comments, I understand there are other areas to be improved. Increasing the smtpd count is the quick/dirty way to fix such a problem, but doing thsi can create other problems. Which is why I had you look at other optimizations first. I do already have a local bind resolver and will investigate rbldnsd. I'm using munin to provide reports for bind, and it shows an average of 60 to 80 queries per second, with peaks above 120, but doesn't show latency. How can I report this information? I don't know that you can get this in real time, but you certainly don't need to. The important thing is that you have a local resolver. This alone guarantees you will decrease cached lookup latency to 1ms or so. Simply having a good local resolver in working order eliminates any latency issues. There is no need to measure it. I've removed the zen and psbl queries from smtpd and moved psbl to postscreen. As Wietse confirmed, this alone will decrease the number of smtpd processes used, and it's exactly why he created postscreen. Read the docs. How can I monitor the number of smtpd processes currently being utilized in real-time? I don't know of any off the shelf method for this, nor any API method for querying Postfix for such info. smtpd processes will sit for max_idle seconds before terminating, waiting on additional incoming connections. So you'll always have a combination of active and idle smtpds. However, knowing which is which in real time doesn't really benefit you. There is plenty of other data available to let you know if you've got the system configured and running properly. Even though it's set to 300, ps ax shows significantly fewer than that. It would be nice to have a log of that information over time. It's called default_process_limit. Note the last word. 300 is the peak you allowed. The default peak is 100. When everything else is tuned properly, you should be able to average 100 msgs/sec or more with the defaults. If you're seeing 60-80 dns queries/sec that would seem to indicate your connect rate is around 10-14 msgs/sec, given 6 dns lookups per connection. 10-14 connects/sec is very low connect rate. You shouldn't even need 100 smtpds for that load. Maybe my math is off here. If not, you've got more optimizing to do. Now, if every remote host connecting to you is slow, say you're in Singapore and all of your connections are in the US, it's going to take more smtpd time for each connection simply due to RTT delays, especially if satellite links are involved (unlikely today due to oceanic fiber, but possible). Now that you done some optimization, kick default_process_limit back down to 200 and see it that works. If so, keep backing it off by 25 each time until you start to see the slowdown again. Then bump it back up by 10 and leave it. Next I'd look at smtp-amavis and see if it's keeping up with demand. If it can't service requests fast enough postfix will spawn more smtpds to handle the incoming connections and then they'll sit and wait on amavis. Optimizing a complex setup as yours is a balancing act because you have so many layers depending on each other. Thanks so much for your help, Sure thing. If you know what your peak daily connection rate is, and can share that, it would be helpful. -- Stan
