|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andreas Winkelmann (ml
awinkelmann.de)
Date: Tue Aug 28 2007 - 13:02:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tuesday 28 August 2007 09:39, Simone Felici wrote:
> I've set up a CentOS release 4.5 (Final) with postfix-2.2.10. This server
> accept mails only from some front-end servers and delivers via transportmap
> to final destination (only 3 domains). The mails are accepted and cleaned
> with amavisd/clamav. Until here all ok. Here My config:
>
>
> *******************POSTFIX*******************
>
> [rootclamav ~]# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> bounce_queue_lifetime = 1d
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = vscan:[127.0.0.1]:10024
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> default_process_limit = 500
Hmm, you know what this means?
> html_directory = no
> inet_interfaces = all
> local_transport = error:local mail delivery is disabled
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> mynetworks = 213.21.176.0/24, 127.0.0.1
> newaliases_path = /usr/bin/newaliases.postfix
> parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> sample_directory = /usr/share/doc/postfix-2.2.10/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_client_connection_count_limit = 200
> smtpd_recipient_restrictions = permit_mynetworks,
> reject_unauth_destination, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unknown_sender_domain,
> reject_unknown_recipient_domain
> smtpd_sender_restrictions = reject_unknown_sender_domain,
> reject_non_fqdn_sender transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
>
> master.cf:
> [...]
> vscan unix - - n - 50 smtp
> -o smtp_data_done_timeout=1200
> -o disable_dns_lookup=yes
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
>
>
>
> *******************CLAMAV*******************
> LogFile /var/log/clamav/clamd.log
> LogFileMaxSize 0
> LogTime yes
> LogSyslog yes
> PidFile /var/run/clamav/clamd.pid
> TemporaryDirectory /var/tmp
> DatabaseDirectory /var/clamav
> LocalSocket /var/run/clamav/clamd.sock
> FixStaleSocket yes
> MaxConnectionQueueLength 150
> MaxThreads 150
> ReadTimeout 300
> User clamav
> AllowSupplementaryGroups yes
> ScanPE yes
> ScanELF yes
> DetectBrokenExecutables yes
> ScanOLE2 yes
> ScanMail yes
> PhishingSignatures yes
> ScanArchive yes
> ArchiveMaxCompressionRatio 300
> ArchiveBlockEncrypted no
> ArchiveBlockMax no
>
> *******************AMAVISD*******************
> [...]
> $max_servers = 100; # num of pre-forked children (2..15 is
Hmm, 100 amavisd Servers and only 50 smtp's which delivers to them. Seems like
50 of them are useless.
> common), -m $daemon_user = "amavis"; # (no default; customary: vscan
> or amavis), -u $daemon_group = "amavis"; # (no default; customary:
> vscan or amavis), -g [...]
>
> Since friday my problems. The queue is growed up until 150,000 mails. After
> every restart the queue was moved from active to incoming and back to
> active 'til 20.000 mails. The server start to spool fast, but after 10
> minutes back very slow to spool out the mails. Why? Tried 'postqueue -f'
> and 'postsuper -r ALL', but nothing. 20000 mails into active, 60000 into
> incoming, the rest into maildrop. The mails into maildrop are never
> delivered.
>
> Are some settings I've to modify to tune-up the server?
>
> output from 'qshape active':
>
> T 5 10 20 40 80 160 320 640 1280 1280+
> TOTAL 27259 0 0 0 0 1 8108 13683 3072 1650
> 745 domain.net 27157 0 0 0 0 0 8078 13621 3067 1647 744
>
> I cannot understood very well the output.
>
>
> After this, I've bypassed the server so that no more mails are delivered to
> the antivirus. During the night the 150.000 mails queue was delivered....
> strange.
Check your Logs, why no mail gets delivered.
> Some suggestions befor I reactivate the traffic trought this server?
>
> Last question: Why I cannot set-up checks on the sender (MAIL FROM:)? Are
> these bypassed because the mails are coming from trusted network? How
> enable these checks?
Remove permit_mynetworks from the restrictions or move it behind the checks.
--
Andreas
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]