On Thu, May 23, 2024 at 7:07 AM Greg Sims <g...@headingup.net> wrote:
>
> Thank you Viktor. All recommended changes have been made. I hope to
> collect useful "collate" data with our next distribution at Noon today
> pacific.
>
Still having problems with the inbound smtpd from our private network
flooding "collate". This could be caused by the process number always
being the same.
May 23 11:30:07 mail01 postfix/smtpd[12433]: E050630F1BE6:
client=web01-p[192.168.122.11]
May 23 11:30:08 mail01 postfix/smtpd[12433]: 2245330F1BEA:
client=web01-p[192.168.122.11]
May 23 11:30:08 mail01 postfix/smtpd[12433]: 5711630F1BEC:
client=web01-p[192.168.122.11]
root@mail01 0523zh]# ll
total 99M
-rw-r--r-- 1 root root 2.6M May 23 12:45 0523zh.log
-rw-r--r-- 1 root root 94M May 23 12:46 0523zh.log.collate
-rw-r--r-- 1 root root 1.9M May 23 12:51 0523zh.log.collate.no_priv
I removed the smtpd records with grep -v to create the last file above
with no private ip addresses (no_priv).
One thing I noticed changing with the updates to main.cf and
master.cf. I now see only "Untrusted TLS connection established".
Last night (before the changes) we had 40K Trusted and TLS_Anonymous:
35, TLS_Untrusted: 78. Could this have something to do with deleting
the default Certs associated with TLS?
And now some "collate" data.
The run starts at 11:30 -- we already have a long delay of 10 seconds:
May 23 11:30:07 mail01 postfix/smtpd[12438]: discarding EHLO
keywords: CHUNKING
May 23 11:30:11 mail01 postfix/cleanup[12440]: F3B3630F1C5C:
message-id=<62994d8ff3eb719d8ddc674c2cae6b38@swift.generated>
May 23 11:30:11 mail01 postfix/qmgr[11016]: F3B3630F1C5C:
from=<zh-devo-bounce+<delete>=hotmail....@devotion.raystedman.org>,
size=50829, nrcpt=1 (queue active)
May 23 11:30:21 mail01 postfix/t124/smtp[12472]: Untrusted TLS
connection established to
hotmail-com.olc.protection.outlook.com[52.101.42.8]:25: TLSv1.3 with
cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE
(P-384) server-signature RSA-PSS (2048 bits) server-digest SHA256
May 23 11:30:21 mail01 postfix/t124/smtp[12472]: F3B3630F1C5C:
to=<<delete>@hotmail.com>,
relay=hotmail-com.olc.protection.outlook.com[52.101.42.8]:25,
delay=11, delays=0.01/0.01/10/0.38, dsn=2.6.0, status=sent (250 2.6.0
<62994d8ff3eb719d8ddc674c2cae6b38@swift.generated>
[InternalId=21569325775951,
Hostname=CO3P220MB0782.NAMP220.PROD.OUTLOOK.COM] 60415 bytes in 0.104,
566.038 KB/sec Queued mail for delivery -> 250 2.1.5)
May 23 11:30:21 mail01 postfix/qmgr[11016]: F3B3630F1C5C: removed
Now 20 seconds:
May 23 11:30:07 mail01 postfix/smtpd[12433]: discarding EHLO
keywords: CHUNKING
May 23 11:30:09 mail01 postfix/cleanup[12441]: 3634330F1BF4:
message-id=<826855425363d60cc81d5b8f49e83579@swift.generated>
May 23 11:30:09 mail01 postfix/qmgr[11016]: 3634330F1BF4:
from=<zh-devo-bounce+<delete>=yahoo....@devotion.raystedman.org>,
size=50821, nrcpt=1 (queue active)
May 23 11:30:29 mail01 postfix/t123/smtp[12455]: Untrusted TLS
connection established to mta6.am0.yahoodns.net[98.136.96.75]:25:
TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange
X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
May 23 11:30:30 mail01 postfix/t123/smtp[12455]: 3634330F1BF4:
to=<<delete>@yahoo.com>, relay=mta6.am0.yahoodns.net[98.136.96.75]:25,
delay=21, delays=0.01/0.01/20/0.54, dsn=2.0.0, status=sent (250 ok
dirdel)
May 23 11:30:30 mail01 postfix/qmgr[11016]: 3634330F1BF4: removed
Towards the end of the run -- 30 seconds:
May 23 11:30:07 mail01 postfix/smtpd[12433]: discarding EHLO
keywords: CHUNKING
May 23 11:33:49 mail01 postfix/cleanup[12690]: BFB3B30F279B:
message-id=<6e7c80dbfbec093a18061cdca1ae4b9c@swift.generated>
May 23 11:33:49 mail01 postfix/qmgr[11016]: BFB3B30F279B:
from=<zh-devo-bounce+<delete>=gmail....@devotion.raystedman.org>,
size=50821, nrcpt=1 (queue active).
May 23 11:35:28 mail01 postfix/t121/smtp[12668]: Untrusted TLS
connection established to gmail-smtp-in.l.google.com[142.251.2.27]:25:
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange
X25519 server-signature ECDSA (P-256) server-digest SHA256
May 23 11:35:29 mail01 postfix/t121/smtp[12668]: BFB3B30F279B:
to=<<delete>@gmail.com>,
relay=gmail-smtp-in.l.google.com[142.251.2.27]:25, delay=100,
delays=0.01/69/30/0.8, dsn=2.0.0, status=sent (250 2.0.0 OK
1716489329 d2e1a72fcca58-6f4d2b41c18si755622b3a.334 - gsmtp)
May 23 11:35:29 mail01 postfix/qmgr[11016]: BFB3B30F279B: removed
Max connections from hotmail:
May 23 11:30:07 mail01 postfix/smtpd[12433]: discarding EHLO
keywords: CHUNKING
May 23 11:32:45 mail01 postfix/cleanup[12681]: 9433130F50E9:
message-id=<6ace7587b9302b23a29b052a5503afb9@swift.generated>
May 23 11:32:45 mail01 postfix/qmgr[11016]: 9433130F50E9:
from=<zh-devo-bounce+<delete>=hotmail....@devotion.raystedman.org>,
size=50833, nrcpt=1 (queue active)
May 23 11:32:45 mail01 postfix/t121/smtp[12559]: Untrusted TLS
connection established to
hotmail-com.olc.protection.outlook.com[52.101.11.16]:25: TLSv1.3 with
cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE
(P-384) server-signature RSA-PSS (2048 bits) server-digest SHA256
May 23 11:32:46 mail01 postfix/t121/smtp[12559]: 9433130F50E9: host
hotmail-com.olc.protection.outlook.com[52.101.11.16] said: 451 4.7.652
The mail server [209.73.152.121] has exceeded the maximum number of
connections. (S3115) [SA2PEPF00003AE8.namprd02.prod.outlook.com
2024-05-23T18:32:46.013Z 08DC7A74637C5905] (in reply to MAIL FROM
command)
May 23 11:32:46 mail01 postfix/t121/smtp[12559]: 9433130F50E9: lost
connection with hotmail-com.olc.protection.outlook.com[52.101.11.16]
while sending RCPT TO
May 23 11:32:47 mail01 postfix/t121/smtp[12559]: Untrusted TLS
connection established to
hotmail-com.olc.protection.outlook.com[52.101.137.3]:25: TLSv1.3 with
cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE
(P-384) server-signature RSA-PSS (2048 bits) server-digest SHA256
May 23 11:32:47 mail01 postfix/t121/smtp[12559]: 9433130F50E9:
to=<<delete>@hotmail.com>,
relay=hotmail-com.olc.protection.outlook.com[52.101.137.3]:25,
delay=2, delays=0.01/0/1.8/0.18, dsn=4.7.652, status=deferred (host
hotmail-com.olc.protection.outlook.com[52.101.137.3] said: 451 4.7.652
The mail server [209.73.152.121] has exceeded the maximum number of
connections. (S3115) [SG1PEPF000082E4.apcprd02.prod.outlook.com
2024-05-23T18:32:47.530Z 08DC7711EB473E01] (in reply to MAIL FROM
command))
May 23 11:37:28 mail01 postfix/qmgr[11016]: 9433130F50E9:
from=<zh-devo-bounce+<delete>=hotmail....@devotion.raystedman.org>,
size=50833, nrcpt=1 (queue active)
May 23 11:37:39 mail01 postfix/t121/smtp[12701]: Untrusted TLS
connection established to
hotmail-com.olc.protection.outlook.com[52.101.194.18]:25: TLSv1.3 with
cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE
(P-384) server-signature RSA-PSS (2048 bits) server-digest SHA256
May 23 11:37:40 mail01 postfix/t121/smtp[12701]: 9433130F50E9:
to=<<delete>@hotmail.com>,
relay=hotmail-com.olc.protection.outlook.com[52.101.194.18]:25,
delay=295, delays=283/0.02/11/0.99, dsn=2.6.0, status=sent (250 2.6.0
<6ace7587b9302b23a29b052a5503afb9@swift.generated>
[InternalId=23871428259919,
Hostname=PH8PR12MB7253.namprd12.prod.outlook.com] 60387 bytes in
0.204, 288.390 KB/sec Queued mail for delivery -> 250 2.1.5)
May 23 11:37:40 mail01 postfix/qmgr[11016]: 9433130F50E9: removed
We see conn_use about 24% of the time:
[root@mail01 0523zh]# cat 0523zh.log.collate.no_priv | grep status=sent | wc
2082 40840 569970
[root@mail01 0523zh]# cat 0523zh.log.collate.no_priv | grep
status=sent | grep conn_use | wc
493 9667 132401
I hope this data is useful.
Best, Greg
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
