OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
undelivered mail problem - SOLVED

From: aio shin (aioshingmail.com)
Date: Sun Sep 23 2007 - 03:49:36 CDT

On 9/20/07, aio shin <aioshingmail.com> wrote:
> On 9/18/07, Wietse Venema <wietseporcupine.org> wrote:
> > aio shin:
> > > Ok, just a while ago, I upgraded the postfix to
> > > postfix-2.3.12-1.rhel4.i386.rpm which I got from
> > > http://postfix.wl0.org/ftp/official/2.3/RPMS-rhel4-i386/ , then do
> > > some checking on the config, there's no changes since I did an rpm
> > > -Uvh, then restarted postfix. I then try to send to our distribution
> > > list and then I got 800 + undelivered messages due to false unknown
> > > users. What is should I have to do next? (note: am doin it now on a
> > > live system, so whenever I send to the list, it really affected the
> > > mail system.)
> >
> > Postfix uses the getpwnam() SYSTEM LIBRARY routine to find out what
> > users exist. getpwnam() then invokes the SYSTEM LIBRARY's PAM
> > helper for LDAP.
> >
> > When the SYSTEM LIBRARY's PAM helper for LDAP handles database
> > errors as "user not found", then no amount of Postfix reinstalls
> > will slve the problem.
> >
> > Unless you are willing to fix the PAM helper for LDAP to not return
> > "user not found" inappropriately, the best you can do is to provide
> > a database that doesn't drop requests. Look in your LDAP server
> > error logs, maybe it is trying to tell you something.
> >
> > Wietse
> > >
> > >
> > > On 9/18/07, aio shin <aioshingmail.com> wrote:
> > > > I'm getting my password file thru the ldap local service, which is via
> > > > pam. Im not getting something like this on my previous box, Its just
> > > > recently when I changed the machine to a higher specs ( which could
> > > > not be the factor). Anyway, Im running centos 4.5 on it, while on my
> > > > previous box, its centos 4.4. so, I might need to update the postfix
> > > > if available.. I'll post if updating will fix it.
> > > >
> > > > Thanks!...
> > > >
> > > > On 9/18/07, Wietse Venema <wietseporcupine.org> wrote:
> > > > > aio shin:
> > > > > > Helo postfix users,
> > > > > >
> > > > > > I dont understand, its getting wierd, I have set the
> > > > > > unknown_local_recipient_reject_code = 450 but still I got unknown user
> > > > > > error from those legit users on my mail server. I observed that it
> > > > > > usually happened when someone send an email to our distribution group
> > > > > > which the usual number of members that should be local recipient goes
> > > > > > to 200 or more.
> > > > >
> > > > > Are you using the UNIX password file for local users, or are you
> > > > > using something that involves LDAP, SQL or some other database
> > > > > service?
> > > > >
> > > > > It is possible that these report false "user unknown" under conditions
> > > > > of high load. Usually the bug is that the system library incorrectly
> > > > > reports failed database access as "user not found".
> > > > >
> > > > > Wietse
> > > > >
>
> I tried this
>
> Example: local(8) aliases
>
> Here's a basic example for using LDAP to look up local(8) aliases.
> Assume that in main.cf, you have:
>
> alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
>
> and in ldap:/etc/postfix/ldap-aliases.cf you have:
>
> server_host = ldap.example.com
> search_base = dc=example, dc=com
>
> and it succesfuly query the ldap database, which reduces the number of
> false unknown users, maybe due to the numbers of local recipient being
> sent to which cause the problem, or maybe other causes with the system
> which I dont know yet. anyway, thanks... I saw from google a post of
> yours that mentioned the LDAP_README...
>
> Really thanks for those who gave time to reply.
>

Hi List!

It seems that this problem is now solved, I already sent a message to
my distro list that has a member of more that 500 users now and I did
not get any unknown users bounced message, so far. What I did, was, I
made an update to the OS, kernel and others.. well, am not sure if its
with the kernel, but it might be, since the other updates were applied
for mostly php and mysql.. so when I re-boot, and booted on a new
kernel, then made a testing... no bounced unknown users so far...

Thanks to all!

PEACE!