Hi, I was able to run a packet capture with tcpdump on the 3 load balanced
servers that handle massmail.uconn.edu during the users mail merge today.
It was looking like one email every 12 seconds from me doing [tail -f
/var/log/maillog |grep 137.99.31.52] on each server, during the capture as well.
I am using this link to get up to speed on wireshark
https://blogs.technet.microsoft.com/eopfieldnotes/2015/08/27/useful-wireshark-filters-for-mail-flow-troubleshooting/
I will try to merge the captures of the 3 servers so I can see the real picture
as the LB does round robin.
Hopefully I will have news to report this issue is not related to Postfix.
1. They use sasl on port 587
2. this time they used different IP that had a DNS entry.
Aug 31 13:32:38 mail4 postfix/smtpd[24239]: 99867627:
client=d31h52.public.uconn.edu[137.99.31.52], sasl_method=LOGIN,
sasl_username=wellness
3. This is instantaneous every time I test
[root@mail4 ~]# telnet massmail.uconn.edu 587
Trying 137.99.26.55...
Connected to massmail.uconn.edu.
Escape character is '^]'.
220 mail4.uits.uconn.edu ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail4 ~]# telnet massmail.uconn.edu 587
Trying 137.99.26.55...
Connected to massmail.uconn.edu.
Escape character is '^]'.
220 mail5.uits.uconn.edu ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail4 ~]# telnet massmail.uconn.edu 587
Trying 137.99.26.55...
Connected to massmail.uconn.edu.
Escape character is '^]'.
220 mail6.uits.uconn.edu ESMTP Postfix
quit
221 2.0.0 Bye
Connection closed by foreign host.
4. Servers are never that busy IMHO but I have 7 days of graphs that would
show that here [mail4,mail5,mail6] are the servers.
http://ssgunix.uits.uconn.edu/ssgunix.php
thanks again.
P.S. header_checks file has one line to dump email subjects in my logs.
P.P.S. I take it this is not the place to ask someone to look at my capture
file, to help speed up forensics ?
-ANGELO FAZZINA
ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail
ang...@uconn.edu
University of Connecticut, ITS, SSG, Server Systems
860-486-9075
-----Original Message-----
From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> On
Behalf Of Viktor Dukhovni
Sent: Wednesday, August 29, 2018 2:09 PM
To: Postfix users <postfix-users@postfix.org>
Subject: Re: Want to be sure i am not throttling user.
> On Aug 29, 2018, at 1:53 PM, Fazzina, Angelo <angelo.fazz...@uconn.edu> wrote:
>
> [root@mail4 log]# cat maillog-20180829 |grep 137.99.149.148 |grep -v
> disconnect |grep -v submission|grep connect
You forgot to aggregate:
$ ... | awk '{print $3}' | sed -e 's/.:..$/0/' | uniq -c
15 09:20
28 09:30
30 09:40
20 09:50
28 10:00
33 10:10
10 10:20
So that's a peak rate of of 33 messages per 10 minutes, or 3
messages a minute! With mail transactions lasting just a couple
of seconds, and average connection spacing at ~20 seconds,
the client is spending most of its time disconnected or waiting
for the SMTP banner.
One possibility is that you don't have enough smtpd(8) process
concurrency. If your server is busy handling lots of concurrent
traffic, perhaps it reaches the $default_process_limit often, and
the client's connection are stuck waiting for a free process to
accept a new connection.
You should try connecting to the relevant port on your server
a few times (spaced minutes apart) and see how long you typically
need to wait before you see a 220 banner? (The same port the
user is using to submit mail, not clear whether it is 25 or 587).
The default process limits in Postfix date back to Y2K hardware,
and servers have a lot more RAM, CPU and network bandwidth these
days.
--
Viktor.
