On about two or three occasions in the last couple of weeks, I started getting lots of errors like the ones below. There are five relays and they have all had the same basic config for several years, but I've never seen this happen before. The only thing I had changed recently was updating the ssl cert. The first time it happened, all five relays were affected. I think the most recent event only affected one relay. These are VMs that relay mail into and out of our network, filtering it through Puremessage. A review of the VM resource usage during the last event didn't show abnormally high memory or cpu usage. I've searched through the logs just before it happens, but I don't see anything that triggers it. The OS is RHEL 7.9.
Aug 15 14:40:35 mx03 postfix/master[1553]: warning: service "smtpd" (private/smtpd) has reached its process limit "375": new clients may experience noticeable delays Aug 15 14:40:35 mx03 postfix/master[1553]: warning: to avoid this condition, increase the process count in master.cf or reduce the service time per client Aug 15 14:40:35 mx03 postfix/master[1553]: warning: see http://www.postfix.org/STRESS_README.html for examples of stress-adapting configuration settings Aug 15 14:42:30 mx03 postfix/postscreen[1723]: warning: timeout sending connection to service private/smtpd Aug 15 14:43:16 mx03 postfix/postscreen[1723]: warning: cannot connect to service private/smtpd: Resource temporarily unavailable #This one is repeated many times. Aug 15 18:51:24 mx03 postfix/smtpd[13552]: fatal: watchdog timeout Aug 15 18:51:25 mx03 postfix/master[1553]: warning: process /usr/libexec/postfix/smtpd pid 13552 exit status 1 Aug 15 23:51:26 mx03 postfix/master[1553]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix content_filter = pmx:[127.0.0.1]:10025 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 default_destination_concurrency_limit = 40 default_process_limit = 375 disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks html_directory = no inet_interfaces = all inet_protocols = all lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3 lmtp_tls_protocols = !SSLv2, !SSLv3 local_destination_concurrency_limit = 4 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 25000000 mydestination = $myhostname, localhost.$mydomain, localhost mynetworks = 10.0.0.0/8, 127.0.0.0/8, 192.42.4.0/24 mynetworks_style = host myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_blacklist_action = drop postscreen_cache_cleanup_interval = 0 postscreen_cache_map = memcache:/etc/postfix/postscreen_cache postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = b.barracudacentral.org*2 postscreen_dnsbl_threshold = 2 postscreen_greet_action = enforce postscreen_helo_required = yes queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES recipient_bcc_maps = hash:/etc/postfix/recipient_bcc recipient_delimiter = + relay_domains = /etc/postfix/relaydomains sample_directory = /usr/share/doc/postfix-2.10.1/samples sender_bcc_maps = hash:/etc/postfix/sender_bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_fallback_relay = mx05 smtp_tls_CAfile = $smtpd_tls_CAfile smtp_tls_cert_file = $smtpd_tls_cert_file smtp_tls_ciphers = medium smtp_tls_exclude_ciphers = EXPORT, LOW, MD5, aDSS, kECDHe, kECDHr, kDHd, kDHr, SEED, IDEA, RC2 smtp_tls_key_file = $smtpd_tls_key_file smtp_tls_policy_maps = hash:/etc/postfix/tls_policy smtp_tls_protocols = !SSLv2, !SSLv3 smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP smtpd_client_restrictions = check_policy_service inet:localhost:4466 smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_checks smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/valid_users, check_recipient_access hash:/etc/postfix/recipient_access, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unauth_destination smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, check_client_access cidr:/etc/postfix/enforced_inbound_tls.cidr smtpd_tls_CAfile = /etc/pki/tls/certs/fullchain.pem smtpd_tls_cert_file = /opt/ssl/relay.crt smtpd_tls_ciphers = medium smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem smtpd_tls_eecdh_grade = strong smtpd_tls_exclude_ciphers = EXPORT, LOW, MD5, SEED, IDEA, RC2 smtpd_tls_key_file = /opt/ssl/relay.key smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2, !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols tlsproxy_tls_protocols = $smtpd_tls_protocols unknown_local_recipient_reject_code = 550virtual_alias_maps = hash:/etc/postfix/virtual
