Hello, I am experiencing an issue where hosts that do not have reverse DNS see an extended delay (45-60 seconds for ssl or non-ssl connections) before they get the initial 220 greeting. Hosts that do have properly registered entries get in immediately. I have downloaded the source, and the programs that perform the lookups gethostbyaddr, etc... all seem to return quickly enough. DNS on the machine is also snappy and returns the lack of RDNS quickly. Setting smtpd_peername_lookup to no solves the issue, but has other ramifications. The server in question is running postfix 2.9.6-1 on ubuntu 12.04. A different server with the same configuration does not seem to have the issue. Setting the debug_peer for the hosts show the same thing for the hosts that experience a delay versus those that do not, basically a bunch of match_hostaddr and match_hostname calls. Once the initial delay is out of the way, everything proceeds as normal.
Here is the postconf -n output, any suggestions?
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 52428800
milter_default_action = accept
milter_protocol = 2
mydestination = /etc/postfix/local-host-names duke.cs.duke.edu cs.duke.edu
myhostname = duke.cs.duke.edu
mynetworks = /etc/postfix/local-host-names 152.3.140.177 152.3.140.0/23
152.3.144.0/23 152.3.136.0/23 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = cs.duke.edu
non_smtpd_milters = inet:localhost:8891
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (feed me)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_rbl_client r.mail-abuse.com, warn_if_reject reject_unauth_pipelining,
permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname,
reject_invalid_helo_hostname, permit
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/expired, permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination,
reject_unknown_recipient_domain, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_recipient_access hash:/etc/postfix/access, reject_unknown_sender_domain,
permit
smtpd_tls_CAfile = /etc/ssl/cacert.pem
smtpd_tls_cert_file = /etc/ssl/server.crt
smtpd_tls_key_file = /etc/ssl/server.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_random_source = dev:/dev/urandom
Thanks,
Joe
--
Joe Shamblin [email protected]
Senior IT Analyst Department of Computer Science
(919) 660-6582 Duke University
smime.p7s
Description: S/MIME cryptographic signature
