OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Delayed connection to Postfix

From: Greg Miller (gmillercommo.com)
Date: Wed May 02 2007 - 11:30:33 CDT

We have been running a Postfix server for several months (replaced our 7
year old Sendmail server). It is version 2.4 running on CentOS 4.4 and
authenticating to Dovecot. Everything was working perfectly with it
until last week, when we started noticing a delay each time a message is
sent. When I telnet to the SMTP port, it takes equally long for the
banner message to appear. After digging around everywhere I can think
to look, I still cannot figure out what is causing this problem.
According to the Postfix FAQ, this situation could be caused by a
process limit or by a DNS issue. I attempted to set the process limit
higher (200), but that had absolutely no effect (ps -ax doesn't show all
that many postfix processes anyway...). I could believe that this is a
DNS issue, since we changed Internet providers and DNS servers about the
time that we started experiencing problems. However, when I run a host
command on the server, it returns information in a split-second. When I
view the logs (even at a 5 verbosity), Postfix appears to be taking less
than a second to open the connection, send the mail, and close the
connection. If I telnet from the localhost to the SMTP port, Postfix
replies with a banner message instantaneously. There is no difference
in speed with no other users on the system.

While I am almost positive that this issue is caused by a DNS problem, I
don't know where else I could look to find the problem. Is there
anything in particular that I should check? How can I test for a DNS
problem? Is there any way to tell what is going on while the delay is
occurring (logs, etc.)?

Here are the details of my setup:

Server IP: 192.168.11.20 - 255.255.255.0 GW: 192.168.11.1 - located in
DMZ of my firewall with a 1:1 NAT to an external IP
Internal Network: 192.168.1.0 - 255.255.255.0 GW: 192.168.1.1

Outbound mail shows the following in the mail logs:

May 2 11:23:00 mail postfix/smtpd[13046]: connect from unknown[192.168.1.1]
May 2 11:23:00 mail postfix/smtpd[13046]: match_hostname: unknown ~? 192.168.0.0/16
May 2 11:23:00 mail postfix/smtpd[13046]: match_hostaddr: 192.168.1.1 ~? 192.168.0.0/16
May 2 11:23:00 mail postfix/smtpd[13046]: > unknown[192.168.1.1]: 220 Welcome to the SMTP Server

Output of postconf -n:

alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 5
debug_peer_list = 192.168.1.1
default_process_limit = 200
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix-2.4.0-documentation/html
mail_owner = postfix
mailbox_size_limit = 21474836480
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 209715200
mydestination = $myhostname, localhost.$mydomain, $mydomain
mynetworks = 192.168.0.0/16
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.4.0-documentation/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = Welcome to the SMTP Server
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550

Thank you for any help you can provide to me!