NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-09

Active+Incoming queue growing after separating amavis filtering.

From: Justin Kim (justin.kimmezine.com)
Date: Fri Sep 14 2007 - 12:59:54 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,
I really want to solve this problem.
Can someone help me?

I have postfix server with mysql for virtual domains and users.
I had amavisd-new installed on same machine as postfix.
I wanted to offload amavis like people suggested it would work better but I
think I misconfigured it so my postfix server queue is growing.
I don't know if I misconfigured the rate limit or process limit.or even
amavis sql lookup policy.
I got some answers from amavis list that my amavis timing is fine and it
seems working fine on amavis side.
But I think it is after amavis scan, it passes back to postfix to deliver
then it makes queues grow.
Is there any way that I can fix this problem?
I just want to send out everything that is scanned from amavis server
because all the spams and bad messages are discarded.

So my servers are:

Postfix : 2 x Xeon 3.0 Ghz (4 core CPU)
8 GB RAM
Fast 15K rpm disks RAIDed (no io bottleneck)

Amavis: 1 x Xeon 3.0 Ghz (2 core CPU)
4 GB RAM
Same fast 15K rpm SCSI disks RAIDed (no io bottleneck)

postconf -n
---------------------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = yes
bounce_queue_lifetime = 3d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavis:[10.150.10.150]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 1
default_destination_concurrency_limit = 20
default_process_limit = 150
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
local_destination_concurrency_limit = 2
local_header_rewrite_clients = static:all
local_transport = error:no local mail delivery
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 2h
maximal_queue_lifetime = 3d
minimal_backoff_time = 15m
mydestination = $myhostname localhost.$mydomain mail6.$mydomain
mail.$mydomain
mydomain = mailserver.com
myhostname = mail.mailserver.com
mynetworks = 127.0.0.0/8 10.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
queue_run_delay = 15m
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
receive_override_options = no_address_mappings
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
show_user_unknown_table_name = no
smtpd_banner = $myhostname ESMTP READY
smtpd_client_recipient_rate_limit = 50
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_recipient_limit = 1000
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination
reject_non_fqdn_recipient
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated reject_non_fqdn_sender
smtpd_timeout = 60s
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:89
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 100000000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 89
virtual_transport = virtual
virtual_uid_maps = static:89

master.cf
----------------------------------------------------------------------------
---
smtp inet n - n - 150 smtpd
#
amavis unix - - n - 12 smtp
       -o smtp_data_done_timeout=1200
       -o smtp_send_xforward_command=yes
       -o disable_dns_lookups=yes
       -o fallback_relay=127.0.0.1:10024
#
10.150.10.6:10025 inet n - n - -
smtpd
       -o smtpd_authorized_xforward_hosts=10.0.0.0/8
       -o content_filter=
       -o local_recipient_maps=
       -o relay_recipient_maps=
       -o smtpd_restriction_classes=
       -o smtpd_client_restrictions=
       -o smtpd_helo_restrictions=
       -o smtpd_sender_restrictions=
       -o smtpd_recipient_restrictions=permit_mynetworks,reject
       -o mynetworks=10.0.0.0/8
       -o strict_rfc821_envelopes=yes
       -o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
#
127.0.0.1:10025 inet n - n - - smtpd
       -o smtpd_authorized_xforward_hosts=127.0.0.0/8
       -o content_filter=
       -o local_recipient_maps=
       -o relay_recipient_maps=
       -o smtpd_restriction_classes=
       -o smtpd_client_restrictions=
       -o smtpd_helo_restrictions=
       -o smtpd_sender_restrictions=
       -o smtpd_recipient_restrictions=permit_mynetworks,reject
       -o mynetworks=127.0.0.0/8
       -o strict_rfc821_envelopes=yes
       -o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks

amavisd.conf
----------------------------------------------------------------------------
----
# COMMONLY ADJUSTED SETTINGS:

bypass_virus_checks_maps = (1); # controls running of anti-virus code
# bypass_spam_checks_maps = (1); # controls running of anti-spam code
$bypass_decode_parts = 1; # controls running of decoders&dearchivers

$max_servers = 20; # num of pre-forked children (2..15 is
common), -m
$daemon_user = "amavis"; # (no default; customary: vscan or
amavis), -u
$daemon_group = "amavis"; # (no default; customary: vscan or
amavis), -g

$forward_method = 'smtp:[10.150.10.6]:10025'; # set to undef with milter!
$notify_method = $forward_method;

$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with
$unix_socketname

$policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
auth_required_release => 0, # do not require secret_id for
amavisd-release
};

$sa_tag_level_deflt = -9999; # add spam info headers if at, or above that
level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 8.0; # triggers spam evasive actions (e.g. blocks
mail)
$sa_dsn_cutoff_level = 8.0; # spam level beyond which a DSN is not sent
$sa_quarantine_cutoff_level = 12; # spam level beyond which quarantine is
off
#$penpals_bonus_score = 8; # (no effect without a storage_sql_dsn
database)
#$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi
spam
$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is
larger
$sa_local_tests_only = 0; # only tests which do not require internet
access?

$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]