We have been running without TLS for many years. Some of the ISPs are
beginning to complain about not sending mail using TLS. We enabled
outbound smtp as a result. Postfix receives email only from our
private network -- we do not use inbound smtpd_tls as a result.
Our main.cf contains:
smtpd_tls_cert_file = <purchased certs we use with our website>
smtpd_tls_key_file = <key for above>
smtpd_tls_security_level = none
smtp_tls_security_level = may
I used smtp_tls_loglevel = 1 to verify that everything is working.
The ISPs are no longer complaining about the lack of TLS.
We have used connection caching in the past so we added:
* smtp_tls_connection_reuse=yes
* uncommented tlsproxy / maxproc = 0 in master.cf
* commented smtp_tls_loglevel -- no logging as a result
The outbound message transfer rate of our configuration is less than
500 emails per minute. I noted the following:
* we have four entries in master.cf for smtp -- each has a
unique ip address with maxproc=32; these are used with randmap{} in
main.cf
* queuing of inbound email is high
* the inbound email queue contains over 3,000 emails
* email average delay is over 400 seconds and 1,100
seconds for google.com where most of the email is delivered
* htop shows
* cpu utilization is low with Load average under 0.10 on
four physical processors and 4GB memory / 500MB used
* only one tlsproxy process running -- the highest cpu
utilization process most of the time
* 20 processes exist for each of our four ip address/smtp
entries in master.cf with maxproc=32
I am concerned that the queuing of inbound email is caused by there
only being one tlsproxy process. maxproc=0 seems to allow for an
unlimited number. We seem to have plenty of smtp processes as postfix
is not starting more of them to reach the maxproc=32.
Thank you for your assistance with this, Greg
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
