On Fri, Sep 26, 2008 at 05:44:28PM +0300, Marco TCHI HONG wrote:
> >KAV versions I've seen are not fully transparent proxies, they respond
> >with banner 220 and EHLO 250 before making a downstream connection. The
> >connection to the downstream server may happen as late as "." (after
> >the content is scanned). It is certainly important to make sure that
> >the configured concurrency into the filter is not too high and that
> >the downstream re-injection port concurrency is at least that high.
>
> The downstream re-injection port concurrency is a bit higher than the
> concurrency into the filter.
>
> Below is the chain a message follows :
>
> smtpd (port 25, 100) -> spawn/kas-pipe (port 9026, 50) ->
> spawn/smtpscanner (port 10025, 60) -> spawn (port 9025, 70).
These concurrency numbers are very high. Running A/V scanning
at concurrency substantially higher than ~20 (on Dual CPU boxes) is
generally counter-productive.
What is the destination concurrency limit for mail heading to the
"kas-pipe" process?
How many concurrent threads is "aveserver" configured for?
> Escape character is '^]'.
> 220 mx.dts.mg ESMTP Kaspersky Lab. -> It takes forever to get this one ...
>
> So I guess my problem is with the antivirus...
The smtpscanner may be taking a long time to connect to aveserver...
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
