Re: Postfix 2.8 stable release soon

Mon, 17 Jan 2011 08:49:38 -0800 

Zitat von Wietse Venema <wie...@porcupine.org>:


lst_ho...@kwsoft.de:
[ Charset ISO-8859-1 unsupported, converting... ]

Zitat von Wietse Venema <wie...@porcupine.org>:

> lst_ho...@kwsoft.de:
>> With both changes it looks ok now (first blacklisted, second whitelisted): 
>>
>>
>> Jan 17 16:28:23 hpux2 postfix/master[28899]: daemon started -- version
>> 2.8.0-RC1, configuration /etc/postfix
>> Jan 17 16:28:33 hpux2 postfix/postscreen[28903]: CONNECT from
>> [10.1.70.1]:48111
>> Jan 17 16:28:33 hpux2 postfix/postscreen[28903]: entering STRESS mode
>> with 1 connections
>> Jan 17 16:28:33 hpux2 postfix/postscreen[28903]: BLACKLISTED
>> [10.1.70.1]:48111
>> Jan 17 16:28:33 hpux2 postfix/postscreen[28903]: PASS OLD [10.1.70.1]:48111 
>> Jan 17 16:28:33 hpux2 postfix/postscreen[28903]: leaving STRESS mode
>> with 0 connections
>
> Do you have a low postscreen_pre_queue_limit limit? It should
> normally enter stress mode with more than 1 connection.
>
>    Wietse

Not that i'm aware of. This is a test-only install, so the values are
at default beside the parameters needed to get postscreen working, so
it should be at $default_process_limit which is reported by postconf
with "100".


In that case, would you briefly run it as "postscreen -v" and report
the postscreen_command_time_limit logging as it starts up. ]

This is what I expect to see (default_process_limit = 100):
Jan 17 11:32:56 tail postfix/postscreen[17566]: postscreen_command_time_limit: stress=10 normal=300 lowat=70 hiwat=90 

hiwat=90 means enter stress mode with 90 or more connections
lowat=70 means leave stress mode with 70 or fewer connections.

You don't want to leave verbose mode on because it slows down
postscreen which handles by all SMTP connections.


Here we go:
Jan 17 17:43:11 hpux2 postfix/master[29308]: daemon started -- version 2.8.0-RC1, configuration /etc/postfix 
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: name_mask: ipv4
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: inet_addr_local: configured 2 IPv4 addresses 
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: process generation: 3 (3)
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: match_string: mynetworks ~? debug_peer_list Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: match_string: mynetworks ~? fast_flush_domains Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: match_string: mynetworks ~? mynetworks Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: dict_cidr_open: add 10.1.70.1/32 permit Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: dict_open: cidr:/etc/postfix/postscreen_access Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: set_eugid: euid 1004 egid 1002 Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: Compiled against Berkeley DB: 4.7.25? Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: Run-time linked against Berkeley DB: 4.7.25? Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: dict_open: btree:/var/lib/postfix/postscreen_cache 
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: set_eugid: euid 0 egid 3
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: psc_smtpd_format_ehlo_reply: discard_mask Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: psc_smtpd_format_ehlo_reply: discard_mask STARTTLS Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: postscreen_command_time_limit: stress=10 normal=300 lowat=0 hiwat=0 
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: connection established fd 13
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: master_notify: status 0
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: CONNECT from [10.1.70.1]:36318 Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: entering STRESS mode with 1 connections Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: source=postscreen_access_list address=10.1.70.1 acl=permit_mynetworks Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: match_hostaddr: 10.1.70.1 ~? 10.1.53.102/32 Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: match_hostaddr: 10.1.70.1 ~? 127.0.0.0/8 Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: match_list_match: 10.1.70.1: no match Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: source=postscreen_access_list address=10.1.70.1 acl=cidr:/etc/postfix/postscreen_access Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: dict_cidr_lookup: /etc/postfix/postscreen_access: 10.1.70.1 Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: source=cidr:/etc/postfix/postscreen_access address=10.1.70.1 acl=permit 
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: WHITELISTED [10.1.70.1]:36318
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: flags for psc_conclude:
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: master_notify: status 1
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: connection closed fd 13
Jan 17 17:43:47 hpux2 postfix/postscreen[29314]: leaving STRESS mode with 0 connections Jan 17 17:43:47 hpux2 postfix/smtpd[29315]: connect from fslnx.hq.kwsoft.de[10.1.70.1] Jan 17 17:43:50 hpux2 postfix/smtpd[29315]: disconnect from fslnx.hq.kwsoft.de[10.1.70.1] 

"hiwat" and "lowat" are a littel bit off...
Should i try with explicit setting of default_process_limit?

Regards

Andreas

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to