Re: qmgr_queue_throttle not fired up in 2.12.20140209

Wed, 19 Feb 2014 05:44:26 -0800 

On 19/02/2014 15:19, Wietse Venema wrote:

Wietse Venema:

Birta Levente:

I have a problem with Postfix 2.12 Snapshot 20140209.

The qmgr_queue_throttle never fired up for destinations which go through
slow transport and obviously the delivery never suspended to these few
destinations.
Mails which go out "normally", i.e. not through slow transport, seems to
throttle:

Feb 19 03:48:55 srv2 postfix/qmgr[23307]: qmgr_queue_throttle: feedback 1
Feb 19 03:48:55 srv2 postfix/qmgr[23307]: qmgr_queue_throttle: queue
notslowtransportdomain.com: limit 20 window 3 success 0 failure 1
fail_cohorts 0.2

Now, if I downgrade to 2.12.20140109 without any change in configs, it's
working ok.

What are you comparing against?  MY queue manager source code
has NOT CHANGED since April 2013.

Specifically, you may want to check what OpenSSL versions your
Postfix installations are linked with. Newer OpenSSL libraries
expose a bug in some Microsoft mail servers. The symptom is that
TLS sessions break after a successful TLS handshake. Viktor knows
the details.
Both, 20140109 and 20140209 compiled with the same centos 6.5 "stock" openssl. 

# rpm -qa | grep openssl
openssl-devel-1.0.1e-16.el6_5.4.x86_64
openssl-1.0.1e-16.el6_5.4.x86_64


The difference in mail delivery between 2.12-20140109 and 20140209
is in how the Postfix SMTP client works around the above bug.

Before 20140209 Postfix would try to deliver to an alternate MX
host, which would usually run the same buggy software, with the
result that mail would never go through. This would cause the queue
manager to throttle down deliveries to the affected domains.
Yes, I saw these undeliveries ... and resolved manually with tls_policy map to send plaintext 


As of 20140209 Postfix will immediately re-connect to the same host
and deliver as plaintext, so that mail will go through. This may
explain why some destinations no longer "throttle down" because
mail now goes through where previously it did not.

We are currently revising this workaround so that the Postfix SMTP
client will not immediately fall back to plaintext email delivery
when email is still new, so that it makes an effort to try opportunistic
TLS with all available MX hosts.


Thanks, I'll waiting


        Wietse

Reply via email to