Faster Postfix problems

Discussion in 'Installation/Configuration' started by pedrovalmor, Jun 10, 2010.

  1. pedrovalmor

    pedrovalmor New Member

    Hello all,

    I did the "Perfect Server Ubuntu 9.10 Server ISPConfig 3" and I need a faster postfix to send and receive emails in max 10 minutes of delay.
    The main.cf its like the tutorial...
    This is the master.cf

    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -        50      smtpd
    #submission inet n       -       -       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #smtps     inet  n       -       -       -       -       smtpd
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628      inet  n       -       -       -       -       qmqpd
    pickup    fifo  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       60      1       qmgr
    #qmgr     fifo  n       -       -       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1?      0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       50      smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       -       -       -       smtp
            -o smtp_fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix  -       n       n       -       2       pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
    
    127.0.0.1:10025 inet n - - - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtpd_bind_address=127.0.0.1
    
    I change this and sometimes I have 200 requests in queue :(

    see:

    flush to 1 s
    smtp to 100
    smtpd to 50
    qmgr to 60 s

    This is the better what I can do to solve my problem?

    thanks!
     
  2. till

    till Super Moderator

    The default setup is already relatively fast, it handles several thound emails per hour on normal hardware.

    1) How many emails do you get per hour?
    2) Please run the command "top" on the shell and post a screenshot of it.
     
  3. pedrovalmor

    pedrovalmor New Member

    Thanks for answer Till :)

    1) 600 per hour more or less, or 10 per minute
    I have 50 workstations with send and receive too much emails becouse its a import/export business.

    2) This is the "top"
    Code:
    top - 16:17:49 up 9 days, 16:10,  1 user,  load average: 0.05, 0.16, 0.14
    Tasks: 172 total,   1 running, 162 sleeping,   9 stopped,   0 zombie
    Cpu(s):  5.7%us,  0.8%sy,  0.0%ni, 88.7%id,  4.6%wa,  0.0%hi,  0.2%si,  0.0%st
    Mem:   4048772k total,  3974364k used,    74408k free,   227992k buffers
    Swap: 11857912k total,    29492k used, 11828420k free,  2495812k cached
    
      PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                         
    18552 amavis    20   0  206m  83m 4176 S    9  2.1   0:07.73 amavisd-new                                                                                     
     2008 proxy     20   0  172m 150m 1732 S    1  3.8  40:50.06 squid                                                                                           
    18445 amavis    20   0  207m  83m 3808 S    1  2.1   0:08.67 amavisd-new                                                                                     
     1965 root      20   0 81992  25m 1164 S    0  0.6   0:04.03 saslauthd                                                                                       
     7265 clamav    20   0  245m 138m 1272 S    0  3.5   7:45.11 clamd                                                                                           
    19099 root      20   0 19136 1388  992 R    0  0.0   0:00.05 top                                                                                             
    19113 postfix   20   0 56512 2972 2296 S    0  0.1   0:00.01 smtp                                                                                            
    22014 postfix   20   0  103m 4696 3460 S    0  0.1   0:01.12 smtpd                                                                                           
        1 root      20   0 19320 1484 1092 S    0  0.0   0:01.27 init                                                                                            
        2 root      15  -5     0    0    0 S    0  0.0   0:00.00 kthreadd                                                                                        
        3 root      RT  -5     0    0    0 S    0  0.0   0:02.30 migration/0                                                                                     
        4 root      15  -5     0    0    0 S    0  0.0   0:04.31 ksoftirqd/0                                                                                     
        5 root      RT  -5     0    0    0 S    0  0.0   0:00.00 watchdog/0                                                                                      
        6 root      RT  -5     0    0    0 S    0  0.0   0:02.14 migration/1                                                                                     
        7 root      15  -5     0    0    0 S    0  0.0   0:09.35 ksoftirqd/1                                                                                     
        8 root      RT  -5     0    0    0 S    0  0.0   0:00.00 watchdog/1                                                                                      
        9 root      15  -5     0    0    0 S    0  0.0   0:00.15 events/0                                                                                        
       10 root      15  -5     0    0    0 S    0  0.0   0:00.18 events/1                                                                                        
       11 root      15  -5     0    0    0 S    0  0.0   0:00.00 cpuset                                                                                          
       12 root      15  -5     0    0    0 S    0  0.0   0:00.00 khelper                                                                                         
       13 root      15  -5     0    0    0 S    0  0.0   0:00.00 netns                                                                                           
       14 root      15  -5     0    0    0 S    0  0.0   0:00.00 async/mgr                                                                                       
       15 root      15  -5     0    0    0 S    0  0.0   0:00.00 kintegrityd/0                                                                                   
       16 root      15  -5     0    0    0 S    0  0.0   0:00.00 kintegrityd/1                                                                                   
       17 root      15  -5     0    0    0 S    0  0.0   0:00.53 kblockd/0                                                                                       
       18 root      15  -5     0    0    0 S    0  0.0   0:00.68 kblockd/1                                                                                       
       19 root      15  -5     0    0    0 S    0  0.0   0:00.00 kacpid                                                                                          
       20 root      15  -5     0    0    0 S    0  0.0   0:00.00 kacpi_notify                                                                                    
       21 root      15  -5     0    0    0 S    0  0.0   0:00.00 kacpi_hotplug                                                                                   
       22 root      15  -5     0    0    0 S    0  0.0   0:00.00 ata/0                                                                                           
       23 root      15  -5     0    0    0 S    0  0.0   0:00.00 ata/1                                                                                           
       24 root      15  -5     0    0    0 S    0  0.0   0:00.00 ata_aux                                                                                         
       25 root      15  -5     0    0    0 S    0  0.0   0:00.00 ksuspend_usbd                                                                                   
       26 root      15  -5     0    0    0 S    0  0.0   0:00.01 khubd                                                                                           
       27 root      15  -5     0    0    0 S    0  0.0   0:00.00 kseriod                                                                                         
       28 root      15  -5     0    0    0 S    0  0.0   0:00.00 kmmcd                                                                                           
       29 root      15  -5     0    0    0 S    0  0.0   0:00.00 bluetooth                                                                                       
       30 root      20   0     0    0    0 S    0  0.0   0:00.00 khungtaskd                                                                                      
       31 root      20   0     0    0    0 S    0  0.0   0:00.00 pdflush                                                                                         
       32 root      20   0     0    0    0 S    0  0.0   0:27.05 pdflush                                                                                         
       33 root      15  -5     0    0    0 S    0  0.0   0:05.34 kswapd
    
    Thanks ;)
     
  4. till

    till Super Moderator

    10 per minute are very few for this setup, it should not take longer then 10 - 15 seconds for a email to get deliveredand your system is not under high load.

    The most likely reason for the delays are dns problems. Eg. if your server is not able to respolve domain names or some kind of firewall in your network blocks outgoing connections from the server to the internet. The spamfilter queries several external services and if you block these queries with a firewall, the system will wait until the connections time out which slows down the delivery process a lot.

    1) Install all available ubuntu updates.
    2) Run the command "sa-update" to update the spamassassin and restart amavisd afterwards.
    3) Make sure that you have more then one external DNS Server in /etc/resolv.conf and that all of these servers are reachable and working.
    4) Make sure that you have not blocked outgoing connections from the server to the internet.
     
  5. pedrovalmor

    pedrovalmor New Member

    1) updated
    2) done :)
    3) I change the DNS of my provider to OpenDNS, it's good right? Done!
    4) What's outgoing connection you mean?

    well, this is my rc.local with all firewall entrances:
    Code:
    #!/bin/sh -e
    #
    # rc.local
    #
    # This script is executed at the end of each multiuser runlevel.
    # Make sure that the script will "exit 0" on success or any other
    # value on error.
    #
    # In order to enable or disable this script just change the execution
    # bits.
    #
    # By default this script does nothing.
    
    # share the internet
    modprobe iptable_nat
    iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    iptables -A INPUT -i eth0 -p tcp --dport 3128 -j ACCEPT
    echo 1 > /proc/sys/net/ipv4/ip_forward
    
    # ACCEPT TCP
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -i eth0 -j ACCEPT
    iptables -A INPUT -p tcp --dport 20 -j ACCEPT
    iptables -A INPUT -p tcp --dport 21 -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --dport 25 -j ACCEPT
    iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp --dport 110 -j ACCEPT
    iptables -A INPUT -p tcp --dport 143 -j ACCEPT
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    iptables -A INPUT -p tcp --dport 1521 -j ACCEPT
    iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
    iptables -A INPUT -p tcp --dport 3389 -j ACCEPT
    iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
    iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
    iptables -A INPUT -p tcp -d 200.255.125.214 -j ACCEPT
    
    # ACCEPT UDP
    iptables -A INPUT -p udp --dport 21 -j ACCEPT
    iptables -A INPUT -p udp --dport 53 -j ACCEPT
    iptables -A INPUT -p udp --dport 1521 -j ACCEPT
    iptables -A INPUT -p udp --dport 3306 -j ACCEPT
    iptables -A INPUT -p udp --dport 3389 -j ACCEPT
    
    # REDIRECT
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 172.19.57.1:3128
    
    # PROTECTIONS
    echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
    iptables -A INPUT -m state --state INVALID -j DROP
    
    # DROP
    iptables -A INPUT -p tcp --syn -j DROP
    
    Just to know, I have squid in this server too, and listen in eth0 (local network)

    Thanks Till :)
     
  6. till

    till Super Moderator

    The spamfilter uses several internet services like dns blacklists to check if a email is spam. So make sure that no outgoing connections from the server to the internet are blocked. If they are blocked you will see a massive slowdown in mail delivery, as every mail ge stuck in the queue untill all connection attempts are timed out.
     
  7. pedrovalmor

    pedrovalmor New Member

    Works great now!!

    this was the problem, I forget to put this:
    Code:
    
    # OUTPUT
    iptables -A INPUT -i lo -j ACCEPT
    
    
    and now I can receive and send faster than ever!!!

    thanks Till :)
     
    Last edited: Jun 11, 2010

Share This Page