Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

postfix performance tuning as relay host

639 views
Skip to first unread message

Fernando Sanchez

unread,
Jul 3, 2003, 2:59:47 PM7/3/03
to
Hello,
I have a postfix server (version 2.0 patchlevel 13) running as an
incoming and outgoing relay host for another internal smtp server. Something
like this:

internet <---> my_server <---> internal_server

The problem is that this postfix server (my_server) has now lots of queued
mails (more than 10000 this morning, which is not usual at all). The
connection between my_server and internal_server is of course much faster
than internet <-> my_server, but most of the queued mails are waiting to be
delivered to internal_server. Most of the queued mails are in the active
queue.

I am getting messages like this from nqmgr now and then in the logs:

warning: mail for [192.168.1.2] is using up 6134 of 7887 active queue entries
warning: this may slow down other mail deliveries
warning: you may need a separate master.cf transport for [192.168.1.2]

192.168.1.2 is internal_server, and mail is redirected there with a
transport file like this:

my_server.my_domain.com local:
localhost.my_domain.com local:
my_domain.com smtp:[192.168.1.2]
.my_domain.com smtp:[192.168.1.2]

The smtp definition has a limit of 100 processes in master.cf. Postconf |
grep concurrency says this:

default_destination_concurrency_limit = 50
initial_destination_concurrency = 5
local_destination_concurrency_limit = 2
smtp_destination_concurrency_limit = $default_destination_concurrency_limit

Other possibly related line in main.cf:

smtp_connect_timeout = 30s

internal_server is not postfix, but it is configured to allow up to 50
simultaneous connections from my_server.

I have read Ralf Hildebrandt's 'postfix_bottleneck' document, and I think
that what he says in this paragraph would help me solve this problem:

If your machine relays a high volume of inbound mail arrange to have a
separate transport (say "relay") for the domains that are forwarded
inbound . Set a high relay_destination_concurrency_limit (say 50). The
master.cf entry for "relay" should have -o
smtp_connect_timeout=$relay_connect_timeout (no spaces around the =
sign!) Then set relay_connect_timeout in main.cf to "5s" or "1s".

It seems the same recommendation that nqmgr is giving me, but I do not
understand how to do this. Can anyone give me an example of the line I
should add to master.cf and/or transport or main.cf files?

Thanks a lot.


Kind regards,
--
Fernando Sanchez

Victor....@morganstanley.com

unread,
Jul 3, 2003, 3:37:24 PM7/3/03
to
On Thu, 3 Jul 2003, Fernando Sanchez wrote:

> warning: mail for [192.168.1.2] is using up 6134 of 7887 active queue entries
> warning: this may slow down other mail deliveries
> warning: you may need a separate master.cf transport for [192.168.1.2]
>

> my_server.my_domain.com local:
> localhost.my_domain.com local:
> my_domain.com smtp:[192.168.1.2]
> .my_domain.com smtp:[192.168.1.2]
>

> I have read Ralf Hildebrandt's 'postfix_bottleneck' document, and I think
> that what he says in this paragraph would help me solve this problem:
>
> If your machine relays a high volume of inbound mail arrange to have a
> separate transport (say "relay") for the domains that are forwarded
> inbound . Set a high relay_destination_concurrency_limit (say 50). The
> master.cf entry for "relay" should have -o
> smtp_connect_timeout=$relay_connect_timeout (no spaces around the =
> sign!) Then set relay_connect_timeout in main.cf to "5s" or "1s".
>
> It seems the same recommendation that nqmgr is giving me, but I do not
> understand how to do this. Can anyone give me an example of the line I
> should add to master.cf and/or transport or main.cf files?
>

This dedicated transport is built-in with Postfix 2.0.x, it is called
relay and is the default transport for "relay_domains".

my.domain relay:[192.168.1.2]
.my.domain relay:[192.168.1.2]

If the gateways relay domains are correctly configured in relay_domains
and not in mydestination (See ADDRESS_CLASS_README), the relay transport
is already the default, so you need only replace the nexthop:

my.domain :[192.168.1.2]
.my.domain :[192.168.1.2]

Finally the reason your active queue is congested is because you have too
many bounces destined to unreachable destinations, typically because you
are not doing recipient validation, and bounces from dictionary attacks
are saturating your queue.

To fix this, find a way of getting a complete list of all valid recipients
for the internal domains available to Postfix. Configure
"relay_recipient_maps" to check the validity of relay recipients. Prior to
that reduce maximal_queue_lifetime from 5d to 2d, increase
maximal_backoff_time to 8000s, but most importantly increase
default_process_limit to 200 or 500 if memory permits.

--
Viktor.

0 new messages