Loading ...
Sorry, an error occurred while loading the content.

Re: how long does smtpd leave connection open?

Expand Messages
  • Wietse Venema
    ... http://www.postfix.org/postconf.5.html#smtpd_timeout It s stress-dependent. ... Does your box have multiple IP addresses? When Sendmail gets a 4XX RCPT TO
    Message 1 of 4 , Aug 4 7:19 AM
    • 0 Attachment
      Stan Hoeppner:
      > Would someone kindly point me to the docs that describe the behavior of
      > smtpd socket open time in relation to clients that do connection caching?

      http://www.postfix.org/postconf.5.html#smtpd_timeout

      It's stress-dependent.

      > I've been assisting in a troubleshooting effort. A sendmail/mailman
      > based list server is opening more than 4 concurrent connections to my MX
      > even when it has less than a half dozen messages to deliver, which
      > suggests connection caching on their end is not working properly.

      Does your box have multiple IP addresses? When Sendmail gets a 4XX
      RCPT TO reply, it will try to connect to an alternate address WHILE
      KEEPING THE 4XX-ed CONNECTION OPEN. I see this all the time with
      my postscreen setup.

      postscreen listens on multiple IP addresses, and uses
      postscreen_whitelist_interfaces to block clients that connect to
      the backup address only.

      Wietse
    • Viktor Dukhovni
      ... $ postconf -d smtpd_timeout smtpd_timeout = ${stress?10}${stress:300}s ... Sendmail s connection cache is rather crude. The fact that it is crude is
      Message 2 of 4 , Aug 4 8:19 AM
      • 0 Attachment
        On Sat, Aug 04, 2012 at 09:11:07AM -0500, Stan Hoeppner wrote:

        > Would someone kindly point me to the docs that describe the behavior of
        > smtpd socket open time in relation to clients that do connection caching?

        $ postconf -d smtpd_timeout
        smtpd_timeout = ${stress?10}${stress:300}s

        > I've been assisting in a troubleshooting effort. A sendmail/mailman
        > based list server is opening more than 4 concurrent connections to my MX
        > even when it has less than a half dozen messages to deliver, which
        > suggests connection caching on their end is not working properly.

        Sendmail's connection cache is rather crude. The fact that it is
        crude is unavoidable, Sendmail lacks a queue manager, scache daemon,
        ... so connections are cached in process, and thus the probability
        of actual re-use is lower, and the TTLs are longer. IMHO the whole
        thing is a bad idea on an Internet-facing MTA (which delivers mail
        to a broad list of destinations), it may make some sense on an internal
        network with a small number of peer MTAs.

        --
        Viktor.
      • Stan Hoeppner
        ... Thanks Wietse, will be reading shortly. ... No, single IP, and a single MX for the domain. ... I never implemented postscreen as my volume is too low to
        Message 3 of 4 , Aug 4 8:28 AM
        • 0 Attachment
          On 8/4/2012 9:19 AM, Wietse Venema wrote:
          > Stan Hoeppner:
          >> Would someone kindly point me to the docs that describe the behavior of
          >> smtpd socket open time in relation to clients that do connection caching?
          >
          > http://www.postfix.org/postconf.5.html#smtpd_timeout
          >
          > It's stress-dependent.

          Thanks Wietse, will be reading shortly.

          >> I've been assisting in a troubleshooting effort. A sendmail/mailman
          >> based list server is opening more than 4 concurrent connections to my MX
          >> even when it has less than a half dozen messages to deliver, which
          >> suggests connection caching on their end is not working properly.
          >
          > Does your box have multiple IP addresses? When Sendmail gets a 4XX
          > RCPT TO reply, it will try to connect to an alternate address WHILE
          > KEEPING THE 4XX-ed CONNECTION OPEN. I see this all the time with
          > my postscreen setup.

          No, single IP, and a single MX for the domain.

          > postscreen listens on multiple IP addresses, and uses
          > postscreen_whitelist_interfaces to block clients that connect to
          > the backup address only.

          I never implemented postscreen as my volume is too low to really need it.

          I think the main problem with this list server is that they had set

          # open connection cache size
          O ConnectionCacheSize=5

          # open connection cache timeout
          O ConnectionCacheTimeout=5m

          The default for the first is 1 and the docs say never go over 4. The
          default for the 2nd is 5 mins.

          They've since, at my prodding, changed the cache size, to 2. I
          recommended going back to the default which is 1. AFAIK anvil hasn't
          tripped since these last changes but it's only been a couple of days and
          list traffic has been mild. Dropping from 5 to 2 should reduce memory
          pressure on their host, and I'd think going to 1 would help even more.
          But that has nothing to do with postfix so sorry for veering a little OT.

          Anyway, I was just wanting to understand the postfix smtpd behavior to
          better understand the interaction between the hosts.

          Thanks again Wietse.

          --
          Stan
        Your message has been successfully submitted and would be delivered to recipients shortly.