Hi, > Am 31.03.2017 um 10:48 schrieb Christian Rößner > <c...@roessner-network-solutions.com>: > > Hi, > >> Am 30.03.2017 um 17:25 schrieb Viktor Dukhovni <postfix-us...@dukhovni.org>: >> >> >>> On Mar 30, 2017, at 11:15 AM, Christian Rößner >>> <c...@roessner-network-solutions.com> wrote: >>> >>> It is a VM, but the host uses ECC-RAM. No errors were reported to the >>> kernel message buffer. >> >> Is it possible that some log messages were lost when the log >> socket got re-created as part of log-rotation? > > Unfortunately not. There was no load on the system. It is standard rsyslog. > >> Do your milters always add headers? Or only for spammy messages? > > Yes and they also always log to syslog on connect/discconect and processing > mails. > >> Also, you have default_action=accept, perhaps your milters were too >> busy at the time. When did milter logging cease? When did it resume? >> What was the message delivery rate during the "gap"... > > There have been very few mails at that time. That is what makes me wonder. No > load could have caused this issue. > > I personally wonder how many people make use of that new feature > smtpd_milters_maps and maybe nobody else discovered this issue though. > > Maybe I need to figure out how to do a test on sending mail from my relay > server, while simultaneously sending mail from remote and watching. I think > that should trigger the problem again, if I am right. Let's see what I can do > here.
I have done tests and I can reproduce this issue _always_. I did...: for ((i=0; i<100; i++)); do ./foo.sh ; done ... on my mail server that runs the relay.roessner-net.de and the mx.roessner-net.de instances. foo.sh looks like this: ----------------------------------------------------------------------- #!/bin/bash swaks \ -4 \ --ehlo "mx.roessner-net.de" \ -li 134.255.226.249 \ --server "relay.roessner-net.de" \ --from "c...@roessner.co" \ --to "t...@example.com" \ --h-Date "$(date -R)" \ --tls exit 0 ----------------------------------------------------------------------- After I ran this (in fact I was too slow ;-) ), I sent a mail from external MTA mail.sys4.de and this mail did not run through any of the milters. It is much more worse than I thought, because each mail after that "mail loop" above was not scanned by any milters anymore! I also stopped postfix and started it again and still no milters got connected when sending test mails from external MTA. After that I sent a mail from my local Mac to my mail server, which also has a submission instance. That instance activated all milters it needed. And only after I did sent over the submission instance, the mx.roessner-net.de instance started using milters again. That is a serious problem. Something seems to cache the "disabled" state somewhere. I have three instances: postmulti -l ----------------------------------------------------------------------- - - y /etc/postfix postfix-relay - y /etc/postfix-relay postfix-submission - y /etc/postfix-submission ----------------------------------------------------------------------- The first instance receives mail from the internet and relays it to Dovecot. It also accepts mail from the submission instance and relays these mails to the internet. The relay instance relays mails directly to the internet. It is a hub for all virtual servers and my web server. If mails are to myself, it also connects to mx.roessner-net.de but with milters disabled as shown in my first mail. The submission instance is for authenticated users only and forwards all mail to the first instance. So this is my setup that works for years now, until I requested the new smtpd_milters_maps feature. The issue started with Postfix 3.2 Hopefully I gave enough information to find the source of this issue. Christian -- Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345
smime.p7s
Description: S/MIME cryptographic signature
