On Tue, Mar 12, 2013 at 11:25:29AM -0700, Patrick wrote:
> I have one customer who since upgrading her DSL connection is now
> experiencing a 30 second delay each time she sends a message through
> our server:
>
> Mar 12 10:52:08 strongmad postfix/smtpd[25399]: connect from
> unknown[69.157.xx.xxx]
> Mar 12 10:52:38 strongmad postfix/smtpd[25399]: setting up TLS connection
> from unknown[69.157.xx.xxx]
> Mar 12 10:52:38 strongmad postfix/smtpd[25399]: TLS connection established
> from unknown[69.157.xx.xxx]: TLSv1 with cipher AES128-SHA (128/128 bits)
>
> My first thought was that it was a DNS issue, but I've
> set smtpd_peername_lookup=no, which I believe should rule that out. Plus
> other hosts connecting that come through as unknown don't experience the
> same delay.
>
> The system is running Postfix 2.4 on a FreeBSD server. Can anyone think of
> anything that could cause this?
TLS is almost certainly a red-herring. The sender's system takes
30s to complete the EHLO handshake (just before the STARTTLS phase).
The same symptoms may show up even with TLS disabled.
The "setting up TLS connection" message is logged after Postfix
receives "STARTTLS" and replies with "250". At this point no TLS
protocol messages have been exchanged, so it is hard to see how
TLS would be relevant.
S: 220
C: EHLO
S: 250-...\r\n250-STARTLS\r\n...
C: STARTTLS
S: 220 2.0.0 Ready to start TLS
<logs message>
C: SSL HELO ...
So the client took 30s to receive and parse the 220 banner, send EHLO,
receive and parse the reply and send the "STARTTLS" command. The answer
will be more clear in the tcpdump capture.
http://www.postfix.org/DEBUG_README.html#sniffer
--
Viktor.
