[pfx] pipelining issue
Hello All, I have been getting a ton of pipelining errors over the past few weeks and I can't figure out why. It keeps saying queue write error, but disk & cpu performance is good, disk space is good. I also have noticed at times it's when there are multiple recipients on the message. Running: mail_version = 3.7.6 I have a couple of samples below. Any ideas/suggestions appreciated! _ Out: 220 mgw.server.net mgw.server.net In: EHLO sender.com Out: 250-mgw.server.net Out: 250-PIPELINING Out: 250-SIZE 7680 Out: 250-ETRN Out: 250-STARTTLS Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250-SMTPUTF8 Out: 250 CHUNKING In: STARTTLS Out: 220 2.0.0 Ready to start TLS In: EHLO sender.com Out: 250-mgw.server.net Out: 250-PIPELINING Out: 250-SIZE 7680 Out: 250-ETRN Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250-SMTPUTF8 Out: 250 CHUNKING In: MAIL FROM: SIZE=36318 Out: 250 2.1.0 Ok In: RCPT TO: Out: 250 2.1.5 Ok In: DATA Out: 354 End data with . Out: 451 4.3.0 Error: queue file write error In: QUIT Out: 221 2.0.0 Bye _ Out: 220 mgw.server.net mgw.server.net In: EHLO mail-oi1-f198.google.com Out: 250-mgw.server.net Out: 250-PIPELINING Out: 250-SIZE 7680 Out: 250-ETRN Out: 250-STARTTLS Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250-SMTPUTF8 Out: 250 CHUNKING In: STARTTLS Out: 220 2.0.0 Ready to start TLS In: EHLO mail-oi1-f198.google.com Out: 250-mgw.server.net Out: 250-PIPELINING Out: 250-SIZE 7680 Out: 250-ETRN Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250-SMTPUTF8 Out: 250 CHUNKING In: MAIL FROM:< 3yzajzrukbnydggc6j-klm5ag-fgj6hdq8gg8d6.4ge2d6p2f5j6mk@data-studio.bounces.google.com > SIZE=8188944 Out: 250 2.1.0 Ok In: RCPT TO: Out: 250 2.1.5 Ok In: BDAT 65536 Out: 250 2.0.0 Ok: 65536 bytes In: BDAT 8123408 LAST Out: 451 4.3.0 Error: queue file write error In: QUIT Out: 221 2.0.0 Bye _ Out: 220 mgw.server.net mgw.server.net In: EHLO JPN01-OS0-obe.outbound.protection.outlook.com Out: 250-mgw.server.net Out: 250-PIPELINING Out: 250-SIZE 7680 Out: 250-ETRN Out: 250-STARTTLS Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250-SMTPUTF8 Out: 250 CHUNKING In: STARTTLS Out: 220 2.0.0 Ready to start TLS In: EHLO JPN01-OS0-obe.outbound.protection.outlook.com Out: 250-mgw.server.net Out: 250-PIPELINING Out: 250-SIZE 7680 Out: 250-ETRN Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250-SMTPUTF8 Out: 250 CHUNKING In: MAIL FROM: SIZE=9132359 Out: 250 2.1.0 Ok In: RCPT TO: Out: 250 2.1.5 Ok In: RCPT TO: Out: 250 2.1.5 Ok In: BDAT 9104042 LAST Out: 451 4.3.0 Error: queue file write error In: QUIT Out: 221 2.0.0 Bye -- Thanks! Joey ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: [ext] pipelining issue
* Joey J via Postfix-users : > I have been getting a ton of pipelining errors over the past few weeks and > I can't figure out why. I'm not seeing any here, so let's focus on what you're posting here. > It keeps saying queue write error, but disk & cpu performance is good, disk > space is good. What does your log day for those events? > In: MAIL FROM: SIZE=36318 > In: RCPT TO: Most likely it's a filter of some sort, probably a milter or a pre-queue filter. Show "postconf -n" output. > In: MAIL > FROM:<3yzajzrukbnydggc6j-klm5ag-fgj6hdq8gg8d6.4ge2d6p2f5j6mk@data-studio.bounces.google.com> Given thar address, this event should be easy to find in the logs -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | https://www.charite.de ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: pipelining issue
On 2023-09-20 at 11:07:07 UTC-0400 (Wed, 20 Sep 2023 11:07:07 -0400) Joey J via Postfix-users is rumored to have said: > Hello All, > > I have been getting a ton of pipelining errors over the past few weeks and > I can't figure out why. > It keeps saying queue write error, but disk & cpu performance is good, disk > space is good. > > I also have noticed at times it's when there are multiple recipients on the > message. > Running: mail_version = 3.7.6 > > I have a couple of samples below. Which, as Ralf said, indicate nothing about any pipelining issue. SMTP chat transcripts are not terribly useful for diagnosing problems with Postfix because the error messages sent by Postfix are intentionally not useful for discerning confidential and potentially sensitive details like configuration. http://www.postfix.org/DEBUG_README.html#mail explains what information is needed to effectively get assistance here. > Any ideas/suggestions appreciated! > > _ > Out: 220 mgw.server.net mgw.server.net > In: EHLO sender.com > Out: 250-mgw.server.net > Out: 250-PIPELINING > Out: 250-SIZE 7680 > Out: 250-ETRN > Out: 250-STARTTLS > Out: 250-ENHANCEDSTATUSCODES > Out: 250-8BITMIME > Out: 250-SMTPUTF8 > Out: 250 CHUNKING > In: STARTTLS > Out: 220 2.0.0 Ready to start TLS > In: EHLO sender.com > Out: 250-mgw.server.net > Out: 250-PIPELINING > Out: 250-SIZE 7680 > Out: 250-ETRN > Out: 250-ENHANCEDSTATUSCODES > Out: 250-8BITMIME > Out: 250-SMTPUTF8 > Out: 250 CHUNKING > In: MAIL FROM: SIZE=36318 > Out: 250 2.1.0 Ok > In: RCPT TO: > Out: 250 2.1.5 Ok > In: DATA > Out: 354 End data with . > Out: 451 4.3.0 Error: queue file write error > In: QUIT > Out: 221 2.0.0 Bye > > _ > > Out: 220 mgw.server.net mgw.server.net > In: EHLO mail-oi1-f198.google.com > Out: 250-mgw.server.net > Out: 250-PIPELINING > Out: 250-SIZE 7680 > Out: 250-ETRN > Out: 250-STARTTLS > Out: 250-ENHANCEDSTATUSCODES > Out: 250-8BITMIME > Out: 250-SMTPUTF8 > Out: 250 CHUNKING > In: STARTTLS > Out: 220 2.0.0 Ready to start TLS > In: EHLO mail-oi1-f198.google.com > Out: 250-mgw.server.net > Out: 250-PIPELINING > Out: 250-SIZE 7680 > Out: 250-ETRN > Out: 250-ENHANCEDSTATUSCODES > Out: 250-8BITMIME > Out: 250-SMTPUTF8 > Out: 250 CHUNKING > In: MAIL > FROM:< > 3yzajzrukbnydggc6j-klm5ag-fgj6hdq8gg8d6.4ge2d6p2f5j6mk@data-studio.bounces.google.com >> > SIZE=8188944 > Out: 250 2.1.0 Ok > In: RCPT TO: > Out: 250 2.1.5 Ok > In: BDAT 65536 > Out: 250 2.0.0 Ok: 65536 bytes > In: BDAT 8123408 LAST > Out: 451 4.3.0 Error: queue file write error > In: QUIT > Out: 221 2.0.0 Bye > _ > > Out: 220 mgw.server.net mgw.server.net > In: EHLO JPN01-OS0-obe.outbound.protection.outlook.com > Out: 250-mgw.server.net > Out: 250-PIPELINING > Out: 250-SIZE 7680 > Out: 250-ETRN > Out: 250-STARTTLS > Out: 250-ENHANCEDSTATUSCODES > Out: 250-8BITMIME > Out: 250-SMTPUTF8 > Out: 250 CHUNKING > In: STARTTLS > Out: 220 2.0.0 Ready to start TLS > In: EHLO JPN01-OS0-obe.outbound.protection.outlook.com > Out: 250-mgw.server.net > Out: 250-PIPELINING > Out: 250-SIZE 7680 > Out: 250-ETRN > Out: 250-ENHANCEDSTATUSCODES > Out: 250-8BITMIME > Out: 250-SMTPUTF8 > Out: 250 CHUNKING > In: MAIL FROM: SIZE=9132359 > Out: 250 2.1.0 Ok > In: RCPT TO: > Out: 250 2.1.5 Ok > In: RCPT TO: > Out: 250 2.1.5 Ok > In: BDAT 9104042 LAST > Out: 451 4.3.0 Error: queue file write error > In: QUIT > Out: 221 2.0.0 Bye > > > -- > Thanks! > Joey > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: pipelining issue
Joey J via Postfix-users: > In: DATA > Out: 354 End data with . > Out: 451 4.3.0 Error: queue file write error Look in Postfix logs. https://www.postfix.org/DEBUG_README.html#logging Look for obvious signs of trouble Postfix logs all failed and successful deliveries to a logfile. When Postfix uses syslog logging (the default), the file is usually called /var/log/maillog, /var/log/mail, or something similar; the exact pathname is configured in a file called /etc/syslog.conf, /etc/rsyslog.conf, or something similar. When Postfix uses its own logging system (see MAILLOG_README), the location of the logfile is configured with the Postfix maillog_file parameter. When Postfix does not receive or deliver mail, the first order of business is to look for errors that prevent Postfix from working properly: % grep -E '(warning|error|fatal|panic):' /some/log/file | more Note: the most important message is near the BEGINNING of the output. Error messages that come later are less useful. The nature of each problem is indicated as follows: * "panic" indicates a problem in the software itself that only a programmer can fix. Postfix cannot proceed until this is fixed. * "fatal" is the result of missing files, incorrect permissions, incorrect configuration file settings that you can fix. Postfix cannot proceed until this is fixed. * "error" reports an error condition. For safety reasons, a Postfix process will terminate when more than 13 of these happen. * "warning" indicates a non-fatal error. These are problems that you may not be able to fix (such as a broken DNS server elsewhere on the network) but may also indicate local configuration errors that could become a problem later. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Problems with check_sender_access and bypassing Amavis
We have a Postfix server that works with Amavisd-new to do spam and virus scanning. In my main.cf, I have the following: content_filter = amavisfeed:[127.0.0.1]:10024 Then, I have master.cf configured as such: # AMAVISD-NEW amavisfeed unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inetn - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= This works for amavis scanning. However, there is one outgoing mail domain (we will call it example.com) that we want to exempt from Amavis scanning. To do that, I've added to our smtpd_sender_restrictions in main.cf: check_sender_access hash:/etc/postfix/specific_sender_rules The /etc/postfix/specific_sender_rules file contains: example.com FILTER smtp:[127.0.0.1]:10025 I've found that this doesn't work. Mail that hits the server from this sending domain still gets handed off to Amavis on port 10024. Am I doing this incorrectly? It was my understanding that the check_sender_access hash should cause mail from that domain to get immediately handed off to postfix on port 10025 for next hop delivery. Thanks, Bryan ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Problems with check_sender_access and bypassing Amavis
On 9/20/2023 2:51 PM, Bryan K. Walton via Postfix-users wrote: We have a Postfix server that works with Amavisd-new to do spam and virus scanning. In my main.cf, I have the following: content_filter = amavisfeed:[127.0.0.1]:10024 Then, I have master.cf configured as such: # AMAVISD-NEW amavisfeed unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inetn - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= This works for amavis scanning. However, there is one outgoing mail domain (we will call it example.com) that we want to exempt from Amavis scanning. To do that, I've added to our smtpd_sender_restrictions in main.cf: check_sender_access hash:/etc/postfix/specific_sender_rules The /etc/postfix/specific_sender_rules file contains: example.com FILTER smtp:[127.0.0.1]:10025 I've found that this doesn't work. Mail that hits the server from this sending domain still gets handed off to Amavis on port 10024. Am I doing this incorrectly? It was my understanding that the check_sender_access hash should cause mail from that domain to get immediately handed off to postfix on port 10025 for next hop delivery. The general idea is correct. If the mail is submitted via the local sendmail command, smtpd access settings are not applied. The check_sender_access must be BEFORE any permit_mynetworks or permit_sasl_authenticated. If the mail is submitted via submission port, it usually has settings overrides in master.cf and must have the check_sender_access somewhere in that path. -- Noel Jones ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Problems with check_sender_access and bypassing Amavis
On Wed, Sep 20, 2023 at 03:01:21PM -0500, Noel Jones via Postfix-users wrote: > The check_sender_access must be BEFORE any permit_mynetworks or > permit_sasl_authenticated. Thanks Noel! That was the issue. I had check_sender_access AFTER permit_mynetworks and permit_sasl_authenticated. Much obliged! Bryan ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: Problems with check_sender_access and bypassing Amavis
Bryan K. Walton via Postfix-users skrev den 2023-09-20 22:22: On Wed, Sep 20, 2023 at 03:01:21PM -0500, Noel Jones via Postfix-users wrote: The check_sender_access must be BEFORE any permit_mynetworks or permit_sasl_authenticated. Thanks Noel! That was the issue. I had check_sender_access AFTER permit_mynetworks and permit_sasl_authenticated. its just a fail to accept local sender enveloppes on port 25, did you ensure this is not possible ? logs is equal sender and recipient spams if its only on non port 25 its ok ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
