On Thu, Aug 22, 2019 at 05:19:37PM +0000, Gomes, Rich wrote:
> I am seeing a lot of Temporary lookup failure errors in the maillog. At
> first I thought it was an issue related to reverse DNS lookups as each of
> the sending servers had no reverse record in DNS (this is an internal only
> relay).
> But when I added verbose logging, it appears to be related to LDAP lookups.
>
> Most commonly, I get these errors:
>
> warning: dict_ldap_connect: Unable to bind to server ldap:....
>
> But also receive these:
>
> maps_find: relay_recipient_maps: u...@mydomain.com: search aborted
This is much too little information about your system:
http://www.postfix.org/DEBUG_README.html#mail
Perhaps you're using "ldap:table", rather than "proxy:ldap:table".
You'll likely do much better with:
ldap = proxy:ldap:${config_directory}/
relay_recipient_maps = ${ldap}relay-rcpt
...
Make sure your LDAP tables are sensibly indexed, so that the queries
you're making are efficieint and do not involve full table scans.
You don't need to avoid or cache LDAP, per other suggestions, but
I do try to not use LDAP for "transport_maps" on high-volume relays.
This is because the queue manager is single-threaded, and does
transport resolution (via trivial-rewrite(8)) for every message
recipient as messages enter the active queue.
Therefore, instead of:
transport:
us...@example.com relay:mailstore1.example.com
us...@example.com relay:mailstore2.example.com
...
I use:
virtual:
us...@example.com us...@mailstore1.example.com
us...@example.com us...@mailstore2.example.com
...
and configure the mailstore SMTP/LMTP servers to accept the
rewritten address form. If push comes to shove, you can
also rewrite the address back to the input form during
onward delivery:
master.cf:
relay unix ... smtp
-o smtp_generic_maps=$relay_generic_maps
main.cf:
smtp_generic_maps = <table_type>:generic
generic:
us...@mailstore1.example.com us...@example.com
--
Viktor.
