Loading ...
Sorry, an error occurred while loading the content.
 

problem talking to server private/tlsmgr: Resource temporarily unavailable

Expand Messages
  • micah anderson
    I m running a busy server that is periodically experiencing problems with tlsmgr, at various times (typically once a day at minimum), the following appears in
    Message 1 of 8 , Jun 21, 2012
      I'm running a busy server that is periodically experiencing problems
      with tlsmgr, at various times (typically once a day at minimum), the
      following appears in the logs:

      Jun 16 07:34:40 willet postfix/smtp[24449]: warning: connect to private/tlsmgr: Resource temporarily unavailable
      Jun 16 07:34:40 willet postfix/smtp[24449]: warning: problem talking to server private/tlsmgr: Resource temporarily unavailable

      (repeated)

      this sometimes results in mailer-daemon bounces to postmaster with the
      SMTP protocol messages including "TLS unavailable due to local
      problem". Typically mail is working fine, and TLS connections work
      normally, with this happening every once and a while.

      This is using postfix version: 2.7.1-1+squeeze1, what follows is the
      postconf -n output, as well as the master.cf:

      # postconf -n
      alias_database = hash:$maps_dir/aliases
      alias_maps = hash:$maps_dir/aliases,mysql:$maps_dir/mysql_aliases.cf,pcre:$maps_dir/bounce.pcre
      allow_percent_hack = no
      biff = no
      body_checks = pcre:$checks_dir/body_checks
      command_directory = /usr/sbin
      config_directory = /etc/postfix
      daemon_directory = /usr/lib/postfix
      data_directory = /var/lib/postfix
      default_privs = mail
      default_process_limit = 200
      disable_vrfy_command = yes
      inet_interfaces = all
      local_recipient_maps = $alias_maps, proxy:unix:passwd.byname
      mail_owner = postfix
      mailq_path = /usr/bin/mailq
      manpage_directory = /usr/share/man
      maximal_backoff_time = 4h
      maximal_queue_lifetime = 5d
      message_size_limit = 5120000
      milter_default_action = accept
      mime_header_checks = pcre:$checks_dir/mime_header_checks
      mydestination = $myhostname, $myorigin, localhost.$mydomain, localhost, lists.riseup.net
      mydomain = xxx.net
      myhostname = willet.xxx.net
      mynetworks = x.x.x.0/24, x.x.x.x.0/24, 127.0.0.0/8
      myorigin = $myhostname
      newaliases_path = /usr/bin/newaliases
      queue_directory = /var/spool/postfix
      rbl_reply_maps = hash:$maps_dir/dnsbl-reply-map
      readme_directory = no
      recipient_delimiter = +
      relayhost = outmx.xxxx.net
      sample_directory = /etc/postfix/samples
      sender_dependent_relayhost_maps = pcre:$maps_dir/sender_relayhost.pcre
      sendmail_path = /usr/sbin/sendmail
      setgid_group = postdrop
      show_user_unknown_table_name = no
      smtp_connect_timeout = 10s
      smtp_destination_concurrency_limit = 140
      smtp_destination_recipient_limit = 200
      smtp_helo_timeout = 100s
      smtp_tls_CAfile = /etc/certs/roots/wildcard.pem
      smtp_tls_CApath = /etc/ssl/certs/
      smtp_tls_cert_file = /etc/certs/wildcard/cert.pem
      smtp_tls_exclude_ciphers = aNULL, MD5, DES
      smtp_tls_fingerprint_digest = sha1
      smtp_tls_key_file = /etc/certs/wildcard/key.pem
      smtp_tls_loglevel = 1
      smtp_tls_mandatory_exclude_ciphers = aNULL, MD5, DES
      smtp_tls_policy_maps = hash:$maps_dir/tls_policy
      smtp_tls_security_level = may
      smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
      smtpd_banner = $myhostname ESMTP (spam is not appreciated)
      smtpd_client_connection_count_limit = 20
      smtpd_client_restrictions = permit_mynetworks, check_client_access cidr:$checks_dir/client_whitelist.cidr, reject_rbl_client zen.dnsbl, permit
      smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, permit
      smtpd_delay_reject = yes
      smtpd_error_sleep_time = 0
      smtpd_helo_required = yes
      smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access hash:$checks_dir/helo_checks, permit
      smtpd_milters = unix:/var/run/clamav/milter.ctl,unix:/var/spool/postfix/spamass/spamass.sock
      smtpd_recipient_restrictions = reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, permit
      smtpd_sender_restrictions = check_sender_access hash:$checks_dir/sender_access, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
      smtpd_tls_CAfile = /etc/certs/roots/wildcard.pem
      smtpd_tls_ask_ccert = yes
      smtpd_tls_cert_file = /etc/certs/wildcard/cert.pem
      smtpd_tls_dh1024_param_file = /etc/certs/dh_1024.pem
      smtpd_tls_dh512_param_file = /etc/certs/dh_512.pem
      smtpd_tls_exclude_ciphers = aNULL, MD5, DES
      smtpd_tls_fingerprint_digest = sha1
      smtpd_tls_key_file = /etc/certs/wildcard/key.pem
      smtpd_tls_loglevel = 1
      smtpd_tls_received_header = yes
      smtpd_tls_security_level = may
      smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
      smtpd_tls_session_cache_timeout = 28800
      swap_bangpath = no
      tls_random_exchange_name = /var/lib/postfix/prng_exch


      1 willet:/home/micah# cat /etc/postfix/master.cf |egrep -v ^#
      smtp inet n - n - - smtpd
      smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
      pickup fifo n - - 60 1 pickup
      cleanup unix n - n - 0 cleanup
      qmgr fifo n - n 300 1 qmgr
      tlsmgr unix - - n 1500? 1 tlsmgr
      rewrite unix - - - - - trivial-rewrite
      bounce unix - - - - 0 bounce
      defer unix - - - - 0 bounce
      trace unix - - - - 0 bounce
      verify unix - - - - 1 verify
      flush unix n - - 1000? 0 flush
      proxymap unix - - n - - proxymap
      proxywrite unix - - n - 1 proxymap
      smtp unix - - n - - smtp
      -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
      relay unix - - - - - smtp
      -o smtp_fallback_relay=
      -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
      showq unix n - - - - showq
      error unix - - - - - error
      retry unix - - n - - error
      discard unix - - - - - discard
      local unix - n n - - local
      virtual unix - n n - - virtual
      lmtp unix - - n - - lmtp
      anvil unix - - n - 1 anvil
      scache unix - - - - 1 scache
      maildrop unix - n n - - pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}


      thanks for any suggestions for things to try!
      micah


      --
    • Patrick Ben Koetter
      ... Running a virtualized system and running out of random? # apt-get install haveged p@rick -- All technical questions asked privately will be automatically
      Message 2 of 8 , Jun 21, 2012
        * micah anderson <micah@...>:
        >
        > I'm running a busy server that is periodically experiencing problems
        > with tlsmgr, at various times (typically once a day at minimum), the
        > following appears in the logs:
        >
        > Jun 16 07:34:40 willet postfix/smtp[24449]: warning: connect to private/tlsmgr: Resource temporarily unavailable
        > Jun 16 07:34:40 willet postfix/smtp[24449]: warning: problem talking to server private/tlsmgr: Resource temporarily unavailable
        >
        > (repeated)
        >
        > this sometimes results in mailer-daemon bounces to postmaster with the
        > SMTP protocol messages including "TLS unavailable due to local
        > problem". Typically mail is working fine, and TLS connections work
        > normally, with this happening every once and a while.
        >
        > This is using postfix version: 2.7.1-1+squeeze1, what follows is the
        > postconf -n output, as well as the master.cf:

        Running a virtualized system and running out of random?

        # apt-get install haveged

        p@rick


        --
        All technical questions asked privately will be automatically answered on the
        list and archived for public access unless privacy is explicitely required and
        justified.

        saslfinger (debugging SMTP AUTH):
        <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
      • Wietse Venema
        ... Your kernel runs out of resources. Reduce Postfix process limits, or get a bigger/faster machine. ... You may save some file resources when you use
        Message 3 of 8 , Jun 21, 2012
          micah anderson:
          >
          > I'm running a busy server that is periodically experiencing problems
          > with tlsmgr, at various times (typically once a day at minimum), the
          > following appears in the logs:
          >
          > Jun 16 07:34:40 willet postfix/smtp[24449]: warning: connect to private/tlsmgr: Resource temporarily unavailable

          Your kernel runs out of resources. Reduce Postfix process limits,
          or get a bigger/faster machine.

          > alias_maps = hash:$maps_dir/aliases,mysql:$maps_dir/mysql_aliases.cf,pcre:$maps_dir/bounce.pcre

          You may save some file resources when you use proxy:mysql instead of mysql.

          Wietse
        • micah anderson
          ... No, its not virtualized. ... Not only am I already running haveged, but I have an entropykey feeding as well. I graph the entropy on the system and it
          Message 4 of 8 , Jun 21, 2012
            Patrick Ben Koetter <p@...> writes:

            > * micah anderson <micah@...>:
            >>
            >> I'm running a busy server that is periodically experiencing problems
            >> with tlsmgr, at various times (typically once a day at minimum), the
            >> following appears in the logs:
            >>
            >> Jun 16 07:34:40 willet postfix/smtp[24449]: warning: connect to private/tlsmgr: Resource temporarily unavailable
            >> Jun 16 07:34:40 willet postfix/smtp[24449]: warning: problem talking to server private/tlsmgr: Resource temporarily unavailable
            >>
            >> (repeated)
            >>
            >> this sometimes results in mailer-daemon bounces to postmaster with the
            >> SMTP protocol messages including "TLS unavailable due to local
            >> problem". Typically mail is working fine, and TLS connections work
            >> normally, with this happening every once and a while.
            >>
            >> This is using postfix version: 2.7.1-1+squeeze1, what follows is the
            >> postconf -n output, as well as the master.cf:
            >
            > Running a virtualized system and running out of random?

            No, its not virtualized.

            > # apt-get install haveged

            Not only am I already running haveged, but I have an entropykey feeding
            as well. I graph the entropy on the system and it maintains an average
            of 2kbytes dipping down to 960bytes at worst.

            thanks for the suggestion!

            micah
          • gloriamh
            Hello! We re experiencing the same kind of problem. Did you find the cause of the problem? Is there some log we can activate to help us diagnose it? Thanks! --
            Message 5 of 8 , Apr 9, 2013
              Hello!

              We're experiencing the same kind of problem. Did you find the cause of the
              problem? Is there some log we can activate to help us diagnose it?

              Thanks!



              --
              View this message in context: http://postfix.1071664.n5.nabble.com/problem-talking-to-server-private-tlsmgr-Resource-temporarily-unavailable-tp45909p56870.html
              Sent from the Postfix Users mailing list archive at Nabble.com.
            • Stan Hoeppner
              ... You re replying to a message that is 9 months old. You are doing so through the nabble web forum, which nobody here reads. In other words, nobody has any
              Message 6 of 8 , Apr 9, 2013
                On 4/9/2013 3:18 AM, gloriamh wrote:
                > Hello!
                >
                > We're experiencing the same kind of problem. Did you find the cause of the
                > problem? Is there some log we can activate to help us diagnose it?

                > View this message in context: http://postfix.1071664.n5.nabble.com/problem-talking-to-server-private-tlsmgr-Resource-temporarily-unavailable-tp45909p56870.html
                > Sent from the Postfix Users mailing list archive at Nabble.com.

                You're replying to a message that is 9 months old. You are doing so
                through the nabble web forum, which nobody here reads. In other words,
                nobody has any idea what your problem is. Do not use the nabble web
                forum to participate.

                If you'd like to discuss your problem, join the postfix-users mailing
                list, read the instructions that will be sent to you upon your
                subscription, and follow them.

                --
                Stan
              • Wietse Venema
                ... The most likely explanation is that tls_random_source uses a blocking random device (traditionally named as /dev/random). Postfix needs a non-blocking
                Message 7 of 8 , Apr 10, 2013
                  gloriamh:
                  > We're experiencing the same kind of problem. Did you find the cause of the
                  > problem? Is there some log we can activate to help us diagnose it?

                  The most likely explanation is that tls_random_source uses a blocking
                  random device (traditionally named as /dev/random). Postfix needs
                  a non-blocking random device (traditionally named as /dev/urandom).

                  Wietse
                • Glòria Martínez
                  Thanks! We re already using /dev/urandom. We ve installed haveged, to increase the available entropy. Let s see if this works...
                  Message 8 of 8 , Apr 12, 2013
                    Thanks! We're already using /dev/urandom. We've installed haveged, to
                    increase the available entropy. Let's see if this works...

                    On Wed, Apr 10, 2013 at 1:58 PM, Wietse Venema <wietse@...> wrote:
                    >
                    > gloriamh:
                    > > We're experiencing the same kind of problem. Did you find the cause of the
                    > > problem? Is there some log we can activate to help us diagnose it?
                    >
                    > The most likely explanation is that tls_random_source uses a blocking
                    > random device (traditionally named as /dev/random). Postfix needs
                    > a non-blocking random device (traditionally named as /dev/urandom).
                    >
                    > Wietse
                  Your message has been successfully submitted and would be delivered to recipients shortly.