On Thu, Jul 24, 2008 at 08:29:27AM -0700, Quanah Gibson-Mount wrote:
> --On Thursday, July 24, 2008 9:35 AM -0400 Victor Duchovni
> <[EMAIL PROTECTED]> wrote:
>
> >On Wed, Jul 23, 2008 at 10:02:48PM -0700, Quanah Gibson-Mount wrote:
> >
> >>We found that if we are using startTLS with postfix, and heavily load
> >>postfix, that it Postfix stops working, even though the LDAP server
> >>continues to accept connections from other clients just fine using
> >>startTLS. Here's an example snippet from the log:
> >>
> >>Jul 23 21:34:08 qa96 postfix/cleanup[94633]: error: dict_ldap_connect:
> >>Unable to set STARTTLS: -1: Can't contact LDAP server
> >
> >Without "proxymap" a busy Postfix server will generate thousands of LDAP
> >connections. Strongly suggest that at least for tables used by smtpd(8),
> >cleanup(8), and smtp(8) you use proxymap(8):
>
> Postfix tends to mainly use persistent connections. The persistent
> connections are unaffected. It is only trivial-rewrite and cleanup that
> have problems here. The LDAP server, as I noted previously, continues to
> operate and take all other incoming connections just fine. I will see if
> using the proxy bit makes any difference however.
Your mental model of this is flawed. Postfix runs hundreds of cleanup
servers, hundreds of smtpd servers, further-more, if tables are not
carefully defined to have identical values for connection-related
parameters, multiple connections may be made from the same process.
Listen carefully when Wietse and I recommend "proxymap".
Step 1: migrate to "proxy:ldap:" tables
Step 2: debug any problems that remain after Step 1.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
