I'm running a busy server that is periodically experiencing problems
with tlsmgr, at various times (typically once a day at minimum), the
following appears in the logs:
Jun 16 07:34:40 willet postfix/smtp[24449]: warning: connect to private/tlsmgr:
Resource temporarily unavailable
Jun 16 07:34:40 willet postfix/smtp[24449]: warning: problem talking to server
private/tlsmgr: Resource temporarily unavailable
(repeated)
this sometimes results in mailer-daemon bounces to postmaster with the
SMTP protocol messages including "TLS unavailable due to local
problem". Typically mail is working fine, and TLS connections work
normally, with this happening every once and a while.
This is using postfix version: 2.7.1-1+squeeze1, what follows is the
postconf -n output, as well as the master.cf:
# postconf -n
alias_database = hash:$maps_dir/aliases
alias_maps =
hash:$maps_dir/aliases,mysql:$maps_dir/mysql_aliases.cf,pcre:$maps_dir/bounce.pcre
allow_percent_hack = no
biff = no
body_checks = pcre:$checks_dir/body_checks
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
default_privs = mail
default_process_limit = 200
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps = $alias_maps, proxy:unix:passwd.byname
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_backoff_time = 4h
maximal_queue_lifetime = 5d
message_size_limit = 5120000
milter_default_action = accept
mime_header_checks = pcre:$checks_dir/mime_header_checks
mydestination = $myhostname, $myorigin, localhost.$mydomain, localhost,
lists.riseup.net
mydomain = xxx.net
myhostname = willet.xxx.net
mynetworks = x.x.x.0/24, x.x.x.x.0/24, 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
rbl_reply_maps = hash:$maps_dir/dnsbl-reply-map
readme_directory = no
recipient_delimiter = +
relayhost = outmx.xxxx.net
sample_directory = /etc/postfix/samples
sender_dependent_relayhost_maps = pcre:$maps_dir/sender_relayhost.pcre
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_connect_timeout = 10s
smtp_destination_concurrency_limit = 140
smtp_destination_recipient_limit = 200
smtp_helo_timeout = 100s
smtp_tls_CAfile = /etc/certs/roots/wildcard.pem
smtp_tls_CApath = /etc/ssl/certs/
smtp_tls_cert_file = /etc/certs/wildcard/cert.pem
smtp_tls_exclude_ciphers = aNULL, MD5, DES
smtp_tls_fingerprint_digest = sha1
smtp_tls_key_file = /etc/certs/wildcard/key.pem
smtp_tls_loglevel = 1
smtp_tls_mandatory_exclude_ciphers = aNULL, MD5, DES
smtp_tls_policy_maps = hash:$maps_dir/tls_policy
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtpd_banner = $myhostname ESMTP (spam is not appreciated)
smtpd_client_connection_count_limit = 20
smtpd_client_restrictions = permit_mynetworks, check_client_access
cidr:$checks_dir/client_whitelist.cidr, reject_rbl_client zen.dnsbl,
permit
smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining,
permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 0
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, check_helo_access hash:$checks_dir/helo_checks,
permit
smtpd_milters =
unix:/var/run/clamav/milter.ctl,unix:/var/spool/postfix/spamass/spamass.sock
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
permit_mynetworks, reject_unauth_destination, permit
smtpd_sender_restrictions = check_sender_access hash:$checks_dir/sender_access,
permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit
smtpd_tls_CAfile = /etc/certs/roots/wildcard.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/certs/wildcard/cert.pem
smtpd_tls_dh1024_param_file = /etc/certs/dh_1024.pem
smtpd_tls_dh512_param_file = /etc/certs/dh_512.pem
smtpd_tls_exclude_ciphers = aNULL, MD5, DES
smtpd_tls_fingerprint_digest = sha1
smtpd_tls_key_file = /etc/certs/wildcard/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 28800
swap_bangpath = no
tls_random_exchange_name = /var/lib/postfix/prng_exch
1 willet:/home/micah# cat /etc/postfix/master.cf |egrep -v ^#
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd -o
smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
pickup fifo n - - 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1500? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
relay unix - - - - - smtp
-o smtp_fallback_relay=
-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - n - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
thanks for any suggestions for things to try!
micah
--
