|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Address verification causing SMTP timeouts
From: Noel Jones (njones
megan.vbhcs.org)
Date: Thu Dec 14 2006 - 07:44:41 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 06:59 AM 12/14/2006, Robert Fitzpatrick wrote:
>Well, my problem woke me up this morning again after it ran all
>afternoon and last night perfectly. As I mentioned in other threads, my
>SMTP connections on two different servers at different locations start
>to slow. And it started happening on both servers at the same time. So,
>I did some disabling on one server and it seems to be address
>verification.
This makes sense. Address verification holds the incoming connection
open a little longer to allow time to check the next hop for the
address. This can lead to using up all available smtpd processes.
Increase the MAXPROC column for smtpd in master.cf to fix this.
Make sure you enable the address verification cache:
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#caching
To speed up connections at the expense of deferring mail when a
recipient if first tried (effectively a crude form of greylisting), you can set
address_verify_poll_count = 1
http://www.postfix.org/postconf.5.html#address_verify_poll_count
>If I disable this feature, all is good, but queues begin
>to build and continue to build not being able to keep up. It looks like
>the only way I can fix this is to put all my user lists directly on the
>server or in LDAP? I have a lot of domains that users are managed on by
>the customer on different destination mail servers. Is there a way for
>me to setup Postfix to look locally first, then do the verification if
>is not found? Or, be able to go ahead and send to the content filter if
>not found locally? I guess using smtpd_recipient_restrictions?
Yes, something like:
smtpd_recipient_restrictins =
permit_mynetworks
reject_unauth_destination
... local UCE controls ...
check_recipient_access hash:/path/to/relay_recipinets
reject_unverified_recipient
Where relay_recipients contains a list of known valid recipients as:
user1example.com OK
user2example.com OK
...
Note you can dump valid addresses from the verification database with
something like:
# postmap -s btree:verify | awk '/\t0:0/ {print $1 " OK"}'
But the list will need to be cleaned periodically.
>Is there
>anything out there that will convert my Sendmail virtusertables to an
>list for Postfix from each server?
If you have the source for the table then your favorite text
processing tool (perl/sed/awk/vi) should be able to do the minor
changes needed.
--
Noel Jones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]