I believe I've solved my delivery time problem.

I setup round-robining in our DNS for smtp.ourdomain.dom and set the MX handler to smtp.ourdomain.dom. This split the load for our incoming AND outgoing SMTP traffic and antivirus load.

I also setup our pop.ourdomain.dom to relay to [smtp.ourdomain.dom] and everything is hammerin' - my delivery times went back down to under 5 minutes!

Thanks for everyone's help!!

Denny Snyder
Network Engineer
Susquehanna Communications
1050 E. King St
York, PA 17403
Office: (717)771-2613
Fax: (717)843-5400
dsnyder at suscom dot com
dsnyder at suscom dot net

Registered Linux User 280537

"If I had it all to do over again,
  I would be a plumber."
                       - Albert Einstein

>>> "Denny Snyder" <DSnydersuscom.com> 08/02/02 04:59PM >>>
Hello all,

I have 2 smtp servers round-robining via DNS and setup with amavisd-new and Antivir. These 2 servers then in turn have have their transports file pushing all the mail for the domains I service to the main central server - also running Postfix.

I am having some serious delivery time issues.... with some messages taking over 8 hours to deliver! I know that amavisd introduces a "double-whammy" (actually a triple-whammy) with the introduction of 2 more hops in the smtp process flow - but sheesh! A ton of mail seems to just sit in my mail queue - and fast flushing the queue doesn't seem to help in any way.

I've heard of using a second cleanup agent but am unsure of the consequences (or the config of such an agent) since I use header checks/body checks as well as black-list lookups. These smtp servers have no local users and only serve to relay inbound mail and accept and deliver email from my cable-modem customers. I love Postfix and have ran it since the beginning with only about 5K users. But since adding amavisd-new, these delivery times have started to kill me!

Any help in improving my performance would be greatly appreciated!! (You'll definitely get a smiley sticker on your calendar!!) ;)

Here are my relevant conf files:

SMTP1:
postconf -n output :

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_percent_hack = no
body_checks = regexp:/etc/postfix/body_checks
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[local ip address]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_process_limit = 100
disable_vrfy_command = yes
fast_flush_domains = $relay_domains
header_checks = regexp:/etc/postfix/header_checks
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maps_rbl_domains = relays.osirusoft.com relays.orbs.org relays.ordb.org
maps_rbl_reject_code = 554
message_size_limit = 9216000
mydestination = $myhostname, localhost.$mydomain
myhostname = smtp2.suscom.net
mynetworks = 127.0.0.1/8 ip/subnetofcablemodemcustomers
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
prepend_delivered_header = forward
queue_directory = /var/spool/postfix
queue_minfree = 102400000
readme_directory = /etc/postfix/README_FILES
relay_domains = suscom.net bakerlandon.com fishre.com suscombroadband.com keystonead.com worthingtontrailers.com mieleinc.com
sample_directory = /usr/share/doc/postfix-1.1.7/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = hash:/etc/postfix/access, reject_maps_rbl
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_limit = 175
transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport:
.suscom.net smtp:[ip of POP server]
suscom.net smtp:[ip of POP server]
.bakerlandon.com smtp:[ip of POP server]
bakerlandon.com smtp:[ip of POP server]
.suscombroadband.com smtp:[ip of POP server]
suscombroadband.com smtp:[ip of POP server]
.keystonead.com smtp:[ip of POP server]
keystonead.com smtp:[ip of POP server]
.fishre.com smtp:[ip of POP server]
fishre.com smtp:[ip of POP server]
.worthingtontrailers.com smtp:[ip of POP server]
worthingtontrailers.com smtp:[ip of POP server]
.mieleinc.com smtp:[ip of POP server]
mieleinc.com smtp:[ip of POP server]

/etc/postfix/master.cf:
smtp inet n - y - - smtpd
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
#qmgr fifo n - n 300 1 qmgr
qmgr fifo n - y 300 1 nqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
flush unix n - y 1000? 0 flush
smtp unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
local unix - n n - - local
virtual unix - n y - - virtual
lmtp unix - - y - - lmtp
cyrus unix - n n - - pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
uucp unix - n n - - pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail.postfix ($recipient)
ifmail unix - n n - - pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
vscan unix - n n - 10 pipe
  flags=q user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
smtp-amavis unix - - y - 20 smtp
  -o smtp_data_done_timeout=1200s
  -o smtp_never_send_ehlo=yes
  -o disable_dns_lookups=yes
ip_of_local_machine:10025 inet n - y - - smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o smtpd_helo_restrictions=
  -o smtpd_client_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=ip_of_this_machine

/etc/amavisd.conf:
$DO_SYSLOG = "yes";
$LOGDIR = "/var/amavis";
$LOGFILE = "amavis.log";f
pickup f
$log_level = 1;
$log_templ = 'infected ([%V|,]), from=[?%o|(?)|<%o>], to=[<%R>|,][? %q ||, quarantine %i]';
$max_servers = 20; # number of pre-forked children
$max_requests = 30; # retire a child after that many accepts
$child_timeout=3*60; # abort child if it does not complete each task in n sec
$warnadmin = "yes";
$warnsender = "yes";
$warnrecip = "no";
$warn_offsite = "yes";
$mailfrom = 'postmaster';
$mailfrom_quarantine = undef; # use original sender
$MAXLEVELS = 20;
$MAX_ARCHIVE_NESTING = 3;
$MAXFILES = 500;
$final_virus_destiny = 0; # -1=reject, 0=discard, 1=pass
$final_spam_destiny = -1; # -1=reject, 0=discard, 1=pass
$addr_extension_virus = 'virus';
$addr_extension_spam = 'spam';
$recipient_delimiter = '+';
map { $whitelist_sender{lc($_)}=1 } (qw(
  cert-advisory-ownercert.org
  owner-alertiss.net
  slashdotslashdot.org
  bugtraqsecurityfocus.com
  NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
  security-alertslinuxsecurity.com
  amavis-user-adminlists.sourceforge.net
  razor-users-adminlists.sourceforge.net
  notification-returnlists.sophos.com
  mailman-announce-adminpython.org
  zope-announce-adminzope.org
  owner-postfix-userspostfix.org
  owner-postfix-announcepostfix.org
  owner-sendmail-announceLists.Sendmail.ORG
  owner-technewspostel.ACM.ORG
  lvs-users-adminLinuxVirtualServer.org
  ietf-123-ownerloki.ietf.org
  cvs-commits-list-admingnome.org
));

SMTP2:
Server config files are identical minus the local IP address info

POP3:

Everything here points to the DNS name of my smtp server pair for relay_host - that's it!

Outbound and Inbound deliveries are suffering badly - especially during peak usage times. CPU utilization is almost nil on both SMTP boxes. These boxes are running RedHat 7.2 and 7.3 with file handles raised up to 130K or so. They are Dell 2550s with Dual PIII 933s with 1Gb RAM on ext3 with Hardware Mirroring. One server is running Postfix 1.1.7 (on RH 7.3) while the other is running 1.1.11 (on RH 7.2) Both with AMaViS new-20020517.

I just sent myself a simple 1K text email and it took about 40 minutes - here are the headers:

Received: from smtp.domain.dom (smtp.domain.dom [nn.nn.nn.nn])
        by pop.domain.dom (Postfix) with ESMTP id 5A7CB3A8016
        for <wolverinedomain.dom>; Fri, 2 Aug 2002 19:41:41 +0000 (UTC)
Received: from localhost (smtp.domain.dom [nn.nn.nn.nn])
        by smtp.domain.dom (Postfix) with ESMTP id 9980F214EC
        for <wolverinedomain.dom>; Fri, 2 Aug 2002 15:04:28 -0400 (EDT)
Received: from fs-src-02.anotherdomain.dom (fs-src-02.anotherdomain.dom[nn.nn.nn.nn])
        by smtp.domain.dom (Postfix) with SMTP id 3360F207C9
        for <wolverinedomain.dom>; Fri, 2 Aug 2002 15:04:28 -0400 (EDT)

And Maillogs of this process:

Aug 2 15:04:28 smtp2 postfix/smtpd[21771]: connect from fs-src-02.domain.dom[nn.nn.nn.nn]
Aug 2 15:04:28 smtp2 postfix/smtpd[21771]: 3360F207C9: client=fs-src-02.domain.dom[nn.nn.nn.nn]
Aug 2 15:04:28 smtp2 postfix/cleanup[29316]: 3360F207C9: message-id=<sd4a9f76.062fs-src-02.anotherdomain.dom>
Aug 2 15:04:28 smtp2 postfix/nqmgr[23579]: 3360F207C9: from=<otheraccountanotherdomain.dom>, size=990, nrcpt=1 (queue active)
Aug 2 15:04:28 smtp2 amavis[27975]: SMTP-in [64.78.119.252] /var/amavis/amavis-20020802T145330-27975: <otheraccountanotherdomain.dom> -> <wolverinedomain.dom>
Aug 2 15:04:28 smtp2 amavis[27975]: Checking: <otheraccountanotherdomain.dom> -> <wolverinedomain.dom>
Aug 2 15:04:28 smtp2 postfix/smtpd[21771]: disconnect from fs-src-02.anotherdomain.dom[nn.nn.nn.nn]
Aug 2 15:04:28 smtp2 amavis[27975]: fwd via smtp: [ip.of.local.machine:10025] <otheraccountanotherdomain.dom> -> <wolverinedomain.dom>
Aug 2 15:04:28 smtp2 postfix/nqmgr[23579]: 9980F214EC: from=<otheraccountanotherdomain.dom>, size=1216, nrcpt=1 (queue active)
Aug 2 15:04:28 smtp2 postfix/smtpd[29190]: disconnect from smtp.suscom.net[ip.of.local.machine]
Aug 2 15:04:28 smtp2 amavis[27975]: mail checking ended: DELIVERED
Aug 2 15:04:28 smtp2 postfix/smtp[29328]: 3360F207C9: to=<wolverinedomain.dom>, relay=ip.of.local.machine[ip.of.local.machine], delay=0, status=sent (250 Ok, id=27975-16, from MTA: Ok: queued as 9980F214EC)
Aug 2 15:41:41 smtp2 postfix/smtp[30292]: 9980F214EC: to=<wolverinedomain.dom>, relay=ip.of.POP.Server[ip.of.POP.Server], delay=2233, status=sent (250 Ok: queued as 5A7CB3A8016)

Why the delay=2233!?

It appears that the virus scan process is quick as hell but then the email gets stuck awaiting final delivery.....

Confusing!

Any suggestions from the group would greatly help me out!

Thanks!

Denny Snyder
Network Engineer
Susquehanna Communications
1050 E. King St
York, PA 17403
Office: (717)771-2613
Fax: (717)843-5400
dsnyder at suscom dot com
dsnyder at suscom dot net
-Registered Linux User 280537- visit http://counter.li.org and be assimilated. ;)
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]