On Fri, Sep 26, 2008 at 09:19:50AM -0400, Wietse Venema wrote:
> Wietse:
> > >Another possibility is that the
> > >Postfix SMTP server behind the content filter has problems when it
> > >tries to resolve the 127.0.0.1 client IP address to a hostname.
>
> Marco TCHI HONG:
> > How would be resolving a problem 127.0.0.1 when in my /etc/hosts.conf I
> > have : order hosts,bind and the right entry in /etc/hosts
>
> Just telnet to the "after-filter" SMTP port and see if there is a
> delay before Postfix responds.
>
KAV versions I've seen are not fully transparent proxies, they respond
with banner 220 and EHLO 250 before making a downstream connection. The
connection to the downstream server may happen as late as "." (after
the content is scanned). It is certainly important to make sure that
the configured concurrency into the filter is not too high and that
the downstream re-injection port concurrency is at least that high.
It is also a good idea to configure the scanner to use RAM-disk for
capturing message content for scanning (on a modern machine with
multiple GB of RAM).
The OP should measure process concurrency, CPU utilization, disk
utilization, ... Possibly tcpdump the Postfix -> KAV and
KAV->postfix traffic and look for delays.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
