On 2016-08-17 17:34, Zhang Huangbin wrote:
I got a problem with my own Postfix policy server (written in Python).
Postfix usually works fine with it, but sometimes it raised error like
this:
Aug 17 08:32:52 mail1 postfix/smtpd[24298]: warning: problem talking
to server 127.0.0.1:1234: Connection reset by peer
Aug 17 08:34:05 mail1 postfix/smtpd[24771]: warning: problem talking
to server 127.0.0.1:1234: Connection timed out
Then time Postfix raised these errors, my policy server is still
working and properly processing requests (checked its log file).
Your policy daemon may not be able to handle the incoming request fast
enought.
If new connections are not processed the linux kernel will maintain a
backlog of
ESTABLISHED connections. The size of this queue is set with the listen()
call.
If your connections stay too long in this state the client (postfix)
will decide
to abort with an timeout.
If the backlog overflows it depend on the value of:
sysctl net.ipv4.tcp_abort_on_overflow
what happens.
Depending on your syncookie setting in the kernel it may also report a
possible
SYN flood condition in this case. (check dmesg)
The connection reset may also occur when you client activly closes the
connection.
eg. in case of failure and the process is closed by the kernel
Is suggest that you check what slows or blocks processing of the request
in your
policy daemon. Does it do lookups which also may timeout? Are there lock
conditions?
If everything is fine it may also be a scaling problem with the
architecture of
your policy daemon.
If your daemon just uses a single threaded accept loop a single request
could block/slow down
the whole daemon.
If you're using a async event loop you may do things which block for too
long.
If you're using a prefork model you may have not enought processes
running
or processing of a single request takes too long.
You should also check if postfix uses more keepalive connection then
your policyd
is able to process in parallel. In this case the keepalive connection
may block
all available slots. In this disable it with setting
smtpd_policy_service_request_limit=0.
Markus
--
https://markusbenning.de/
