Matus: On 16.11.2021 12:09, Matus UHLAR - fantomas wrote: >>> On 16.11.21 10:06, natan wrote: >>>> I need some help about uderstand log: >>>> >>>> I have >>>> FILTER smtp-amavis:[127.0.0.1]:10628 > >> On 16.11.2021 10:22, Matus UHLAR - fantomas wrote: >>> you have this where? > > On 16.11.21 10:41, natan wrote: >> in master.cf: >> >> smtp-amavis unix - - - - 140 smtp >> -o smtp_data_done_timeout=6000s >> -o smtp_send_xforward_command=yes >> -o disable_dns_lookups=yes > in main.cf I have
smtpd_client_restrictions = #map with and without check_client_access cidr:/etc/postfix/amavis_bypass, ... 86.xxx.xxx.xxx/24 FILTER smtp:10.0.100.5:10025 85.xxx.xxx.xxx/23 FILTER smtp:10.0.100.5:10025 10.0.100.26/32 FILTER smtp:10.0.100.5:10025 0.0.0.0/0 FILTER smtp-amavis:[127.0.0.1]:10628 .... 10.0.100.5:10025 this is local transport porty without amavis > I don't see any FILTER there. > I can only guess you have amavis defined as content_filter or > smtpd_proxy_filter. the "FILTER ..." should be somewhere in access > rules and makes postfix use > amavis as content_filter (thus smtpd_proxy_timeout is useless later). > > >> (in amavis I have 145) > > this may also be a problem. 140 concurrent amavis filters can eat too > much > of RAM and CPU. This is no problem > >>>> this is local haproxy where connect postfix to port 10628 like: >>>> >>>> ... >>>> bind 127.0.0.1:10628 >>>> >>>> server amavis1 86.xxx.xxx.125:10628 check maxconn >>>> server amavis2 86.xxx.xxx.155:10628 check maxconn >>>> server amavis3 86.xxx.xxx.234:10628 check maxconn >>>> >>>> and come back from amavis to postfix is like >>>> >>>> 86.xxx.xxx.199:10027 inet n - n - 140 smtpd >>>> -o smtpd_proxy_timeout=900s >>>> -o content_filter= >>>> -o mynetworks_style=host >>>> -o >>>> mynetworks=10.0.100.0/24,86.xxx.xxx.199/32,46.xxx.xxx.98/32,86.xxx.xxx.159/32,86.xxx.xxx.125/32,86.xxx.xxx.155/32,86.xxx.xxx.234/32 >>>> >>>> >>> >>> I recommend adding something like >>> -o syslog_name=postfix/filtered >> >> I added but nothing > > I think that "postfix reload" is needed in this case. yes i get it (stop and start to) > > >> But in amavis I found: >> >> Nov 16 10:32:17 amavis1 amavis[1501]: (01501-06) smtp resp to MAIL >> (pip): 421 4.4.2 thebe4.domain.pl Error: timeout exceeded > > this is what your postfix replied to amavis when it tried to deliver the > message. > > but the postfix should also mention this in postfix logs which you did > not provide. > > >> Is problem postfix to amavis - but I dont known where >>> to see clearly when the mail comes from your content filter. > >>> looks like your incoming smtpd on port 10027 said this to >>> content_filter >>> which further said this to your postfix. >>> >>> however, I don't see where your postfix [86.xxx.xxx.199]:10027 >>> rejected the >>> mail. You should have that in logs, and if you do what I recommended >>> above, >>> you'll see those errors in log under name "postfix/filtered/smtpd" > probably this is problem: 1)to amavis I have 140 connect max (I have 3 amavis and max is 3 x 140) 2)my local delivery - from amavis xxx.xxx.xxx.xxx:10027 have default (100) maybe when I have "spam attack" amavis was to many e-mail in (back) delivery to xxx.xxx.xxx.xxx:10027 and xxx.xxx.xxx.xxx:10027 send to amavis 4xx master.cf smtp-amavis unix - - - - 140 smtp -o smtp_data_done_timeout=6000s -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes # -o max_use=40 10.0.100.5:10025 inet n - n - - smtpd -o content_filter= -o recipient_delimiter=+ -o mynetworks_style=host -o mynetworks=10.0.100.0/24 -o local_recipient_maps= -o relay_recipient_maps= -o strict_rfc821_envelopes=yes -o smtp_tls_security_level=none -o smtpd_tls_security_level=none -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks 86.111.240.199:10027 inet n - n - - smtpd -o smtpd_proxy_timeout=1200s -o content_filter= -o mynetworks_style=host -o mynetworks=10.0.100.0/24,86.xxx.xxx.199/32,46.xxx.xxx.98/32,86.xxx.xxx.159/32,86.xxx.xxx.125/32,86.xxx.xxx.155/32,86.xxx.xxx.234/32 #amavis -o local_recipient_maps= -o relay_recipient_maps= -o strict_rfc821_envelopes=yes -o smtp_tls_security_level=none -o smtpd_tls_security_level=none -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks -o syslog_name=postfix/filtered --
