On Thu, Sep 12, 2013 at 10:03:58AM -0400, Roman Gelfand wrote:
> Based on comments made by Wietse, it looks like my server is in good
> shape as the connections are not even taking a second and the whole
> process is taking roughly a second.
Whether that is slow or not depends on what throughput (messages
sent per second) you're trying to achieve and what concurrency
(number of parallel submission processes or threads) you're using
to submit mail. Mail delivery is "congested" when the output rate
is below the input rate, otherwise mail is inevitably delayed in
transit by a short time, but that is rarely a concern.
> Based on what Viktor is saying, this line could be a problem
>
> Sep 12 09:39:56 pmx1 postfix/smtpd[30058]: connect from unknown[192.168.0.86]
>
> as it could to take some to time to attempt resolve this dns. Is this
> correct?
A single log message with a single timestamp in isolation is NOT
evidence of delay. All we see is that reverse resolution of
[192.168.0.86] failed, whether this took any appreciable time is
not evident from this log entry alone. There are often prior log
entries warning about the resolution failure of DNS lookups timed
out, ...
To determine whether there is a delay, use "telnet" to connect from
192.168.0.86 to port 25 on the MTA, and see how long you have to wait
until the MTA responds with a "220 ..." banner.
You can also capture with "tcpdump" and see timestamps to the
microsecond showing how long it takes from TCP SYN to "220 ..."
(and what DNS lookups are taking time in between).
--
Viktor.
