Nataraj, thanks for the reply, below is the postconf -n output. As far as your explanation as to why the other services are slow, pop/imap, it may be that the TCP stack is under heavy load and might slow down these connections but the server CPU/MEM are fine and the connections are in est. state not time_wait.
Off the top of you head do you have any idea what else I can use to eliviate the issue, sorry for not posting the config. [r...@pop ~]# postconf -n alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases bounce_queue_lifetime = 0 bounce_template_file = /etc/postfix/bounce.cf command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 1 default_destination_concurrency_limit = 15 default_process_limit = 200 fast_flush_domains = $relay_domains home_mailbox = Maildir/ html_directory = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man maximal_queue_lifetime = 1 message_size_limit = 26000000 mydestination = $myhostname, localhost, hash:/etc/postfix/domain-accept myhostname = pop.cape.com mynetworks = hash:/etc/postfix/ip-relay newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no relay_domains = hash:/etc/postfix/domain-relay sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_helo_timeout = 100 smtp_rset_timeout = 22s smtp_sasl_security_options = noanonymous, nodictionary, noactive smtpd_banner = $myhostname ESMTP $mail_name **** Networks that SPAM will be BLOCKED **** smtpd_client_connection_count_limit = 100 smtpd_error_sleep_time = 0 smtpd_hard_error_limit = 8 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname smtpd_recipient_restrictions = regexp:/etc/postfix/recipient_regexp, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sender_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, permit smtpd_soft_error_limit = 5 smtpd_timeout = 160 strict_rfc821_envelopes = yes transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtdoms virtual_alias_maps = hash:/etc/postfix/virtmaps -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Nataraj Sent: Tuesday, May 04, 2010 12:40 PM To: P.A; postfix-users@postfix.org Subject: Re: server stops responding / smtpd client count P.A wrote: > > Hi > > during times of high mail load, spam attacks usually, I sometimes run > into an issue where postfix will stop responding or becomes extremely > slow on the stmp port. In turn this causes my pop/imap server > (dovecot) to stop responding or to become extremely slow as well. > > When I stop postfix, the pop/imap server go back to normal. > > I have 3 email filter servers that scan the email before delivering it > to the postfix server. When the problem occurred I did notice with > netstat that there was a huge number of established connections on > port 25 with the mail filter servers on the postfix server. > > The thing that I don't understand is that before the problem occurred > I had "smtpd_client_connection_count_limit = 30" which was working > with no issues . When the problem started to occur I saw exceed errors > on the mail log, basically connection numbers over that limit of 30. I > was seeing upwards of 70 connections per email filter host. > > When this started happening ports 25/110/143 became extremely slow. My > question is if I have a smtp client limit why do still see so many > established connections with netstat. Shouldn't postfix stop the extra > connections? (the email filter servers are not part of $mynetworks) > > Why is postfix slowing down my pop/imap server when this occurs? > > This is extremely busy server with plenty of CPU and memory, what is a > reasonable smtpd count limit that will not overwhelm the server? > > FYi, when I changed that smtpd client connection to 100, the problem > went away and all was good again. > > mail_version = 2.6.5 > > 250-PIPELINING > > 250-SIZE 26000000 > > 250-VRFY > > 250-ETRN > > 250-AUTH LOGIN CRAM-MD5 PLAIN DIGEST-MD5 > > 250-ENHANCEDSTATUSCODES > > 250-8BITMIME > > 250 DSN > > Thanks Paul > You might start here: http://www.postfix.org/STRESS_README.html There are other parameters affecting this as well. I don't remember what they all are, but simply not allowing so many smtpd's when there are spam attacks with many attempted incoming connections, will not be enough to alleviate the load of the attack and may worsen the situtation unless used in conjunction with other measures. Your other services are slow because your server is obviously under heavy load, including the TCP stack. You see all of the connections because they are coming in at a high rate and even though postfix may have closed them, they are still waiting for the final tcp handshake which closes the connection and for the kernel tcp stack to clear them out. Nataraj
