El 08/02/13 15:29, Viktor Dukhovni escribió:
On Fri, Feb 08, 2013 at 09:29:22AM +0100, Angel L. Mateo wrote:
We are having problems with dns lookups to one domain. I know is
not a postfix problem, but a dns configuration error in that domain.
But it is affecting our servers.
The easiest work-around is to stop sending mail to the unreachable
domain.
Yes, I did it yet, but it could happen with other domains. I would like
a solution, not a workround.
The problem is that whenever the relay server receives a mail
directed to that domain, I get the error "conversation with <mail
server> timed out while sending MAIL FROM". And as list server group
messages, all recipients in that group as rejected.
Your DNS timeouts are too long (perhaps tunable via /etc/resolv.conf
on the relay), or SMTP timeouts too short (tunable via main.cf on
the list server). You posted no log entries, or "postconf -n" so
further help is not possible.
I'm sorry, I have attached it now, My timeouts are both defaults.
--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 868888337
address_verify_map = btree:${data_directory}/verify
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_at_myorigin = yes
append_dot_mydomain = yes
body_checks = pcre:/etc/postfix/body_checks.pcre
bounce_size_limit = 10240
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
default_privs = nobody
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks.pcre
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
lmtp_data_done_timeout = 1200s
lmtp_destination_recipient_limit = 10
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 25600000
mime_header_checks = pcre:/etc/postfix/mime_header_checks.pcre
mydestination = $myhostname, localhost.\$mydomain, localhost
mydomain = um.es
myhostname = xenon11.um.es
mynetworks = 127.0.0.0/8, 155.54.0.0/16, 10.54.0.0/16, 10.56.0.0/16,
10.64.0.0/28, 172.19.0.0/16, 10.57.0.0/16, 155.54.212.160/28
myorigin = um.es
nested_header_checks = pcre:/etc/postfix/nested_header_checks.pcre
newaliases_path = /usr/bin/newaliases
notify_classes = resource, software
parent_domain_matches_subdomains = smtpd_access_maps
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$smtpd_sender_login_maps
queue_directory = /var/spool/postfix
queue_minfree = 38400000
rbl_reply_maps = hash:/etc/postfix/rbl_reply_maps
readme_directory = /usr/share/doc/postfix
recipient_canonical_maps = hash:/etc/postfix/listas_con_um_es
relay_domains = um.es, alu.um.es, cii-murcia.es, cyum.es, lcu.es, dif.um.es,
ditec.um.es, fuem.um.es, infomun.um.es, listas.um.es, listas.cii-murcia.es,
campusmarenostrum.com, listas.campusmarenostrum.es, ticarum.es,
aulavirtual.um.es
relay_recipient_maps = hash:/etc/postfix/relaydomains,
hash:/etc/postfix/alu-aliases, hash:/etc/postfix/dif-aliases,
proxy:ldap:/etc/postfix/ldap-vmail.cf,
proxy:ldap:/etc/postfix/ldap-sysaliases.cf
relocated_maps = proxy:ldap:/etc/postfix/ldap-relocated.cf
sample_directory = no
sendmail_path = /usr/lib/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname NO UCE ESMTP
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 100
smtpd_client_event_limit_exceptions = 127.0.0.1, 172.19.0.0/16,
155.54.208.0/24, 155.54.212.0/24, 155.54.213.0/24, 155.54.216.0/24,
155.54.67.15, 155.54.135.194, 10.54.1.8, 155.54.204.60, 155.54.204.49,
155.54.210.253, 155.54.169.2, 155.54.204.69, 155.54.204.128, 155.54.206.3,
155.54.118.3, 155.54.204.146, 155.54.67.13, 155.54.170.10, 155.54.21.123,
155.54.204.57, 155.54.204.9, 155.54.204.231, 155.54.211.0/24, 155.54.117.10,
130.206.18.0/27, 155.54.119.83
smtpd_client_message_rate_limit = 500
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/client_checks.cidr, permit_sasl_authenticated,
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
hash:/etc/postfix/helo_checks
smtpd_recipient_limit = 150
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain, check_recipient_access
pcre:/etc/postfix/recipient_checks.pcre, check_recipient_access
hash:/etc/postfix/verified_recipient_checks, check_policy_service
inet:127.0.0.1:10031, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_recipient_maps, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain, check_sender_access
pcre:/etc/postfix/sender_checks.pcre
smtpd_tls_CAfile = /etc/ssl/certs/terenassl_path.pem
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/smtp.um.es.pem
smtpd_tls_key_file = /etc/ssl/private/privada_smtp.um.es.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_exchange_name = /var/spool/postfix/prng_exch
tls_random_source = dev:/dev/urandom
transport_maps = pcre:/etc/postfix/transport.pcre
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/alu-aliases,
hash:/etc/postfix/dif-aliases, proxy:ldap:/etc/postfix/ldap-sysaliases.cf
