Re: Verzögerung bei Mailzustellung extern
Andreas Wass - Glas Gasperlmair
a.wass at glas-gasperlmair.at
Mo Dez 12 11:17:22 CET 2016
Für diese Verzögerungen es gibt auch keinerlei Warnungen im maillog,
dass irgend ein Limit überschritten würde.
Beim Server handelt es sich um einen Lenovo RD 650 mit 65GB RAM und
Raid6 mit SSD's
Es müssen auch nur ca. 150 Clients bedient werden
Posteingang ca. 2500 Mails pro Tag
Postausgang ca. 1700 Mails pro Tag
Problem tritt meist bei der Domain josko.at auf, wenn schon ca. 20 Mails
in der active queue sind, welche durch unser ERB-System eingeliefert
wurden und auch an diese Domain versendet werden sollte.
Vielleicht hat ja doch jemand Zeit für mein Problem.
vg, Andi
Am 12.12.2016 um 08:57 schrieb Andreas Wass - Glas Gasperlmair:
> Kann mir denn keiner helfen?
> Warum kontaktiert mein postfix den externen Server erst so spät?
> Intern wird sofort zugestellt und der Server der externen Empfänger
> wird erst *38 Minuten später* das erste Mal kontaktiert
>
> Dec 12 07:52:42 mail postfix/smtpd[25295]: A7D6E300A95AAC:
> client=unknown[192.168.105.82]
> Dec 12 07:52:42 mail postfix/cleanup[25472]: A7D6E300A95AAC:
> message-id=<584E493A.3010203 at glas-gasperlmair.at>
> Dec 12 07:52:44 mail amavis[25717]: (25717-04) Passed CLEAN
> {AcceptedInternal}, AM.PDP-SOCK/MYNETS LOCAL [192.168.105.82]
> <barbara.thurner at glas-gasperlmair.at> ->
> <verteiler-josko-lieferliste at glas-gasperlmair.at>, Queue-ID:
> A7D6E300A95AAC, Message-ID: <584E493A.3010203 at glas-gasperlmair.at>,
> mail_id: 23UJsobegQpY, Hits: -0.999, size: 861963, 711 ms
> Dec 12 07:52:44 mail postfix/qmgr[2548]: A7D6E300A95AAC:
> from=<barbara.thurner at glas-gasperlmair.at>, size=862116, nrcpt=10
> (queue active)
> Dec 12 07:52:44 mail postfix/lmtp[24346]: A7D6E300A95AAC:
> to=<archiv2016ausgang at glas-gasperlmair.at>,
> relay=127.0.0.1[127.0.0.1]:24, delay=1.6, delays=1.5/0.01/0/0.15,
> dsn=2.0.0, status=sent (250 2.0.0
> <archiv2016ausgang at glas-gasperlmair.at> wVxcCTxJTlgPaAAA9a9gbQ Saved)
> *Dec 12 07:52:45* mail postfix/lmtp[24346]: A7D6E300A95AAC:
> to=<archiv2016eingang at glas-gasperlmair.at>,
> relay=127.0.0.1[127.0.0.1]:24, delay=2.4, delays=1.5/0.01/0/0.97,
> dsn=2.0.0, status=sent (250 2.0.0
> <archiv2016eingang at glas-gasperlmair.at> wVxcCTxJTlgPaAAA9a9gbQ:2 Saved)
> *Dec 12 08:30:15* mail postfix/smtp[30053]: A7D6E300A95AAC:
> to=<alexander.himsl at josko.at>,
> orig_to=<verteiler-josko-lieferliste at glas-gasperlmair.at>,
> relay=cust3862-1.in.mailcontrol.com[85.115.60.190]:25, delay=2252,
> delays=1.5/2246/1.8/3, dsn=2.0.0, status=sent (250 2.0.0
> uBC7UAE2111090 Message accepted for delivery)
> Dec 12 08:30:15 mail postfix/smtp[30053]: A7D6E300A95AAC:
> to=<daniela.jagereder at josko.at>,
> orig_to=<verteiler-josko-lieferliste at glas-gasperlmair.at>,
> relay=cust3862-1.in.mailcontrol.com[85.115.60.190]:25, delay=2252,
> delays=1.5/2246/1.8/3, dsn=2.0.0, status=sent (250 2.0.0
> uBC7UAE2111090 Message accepted for delivery)
> Dec 12 08:30:15 mail postfix/qmgr[2548]: A7D6E300A95AAC: removed
>
> Anbei noch meine Konfiguration und master.cf
>
> *postconf -n*
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> amavisd_milter = inet:127.0.0.1:8899
> body_checks = pcre:/etc/postfix/body_checks_map
> bounce_queue_lifetime = 3d
> bounce_template_file = /etc/postfix/bounce.de-DE.cf
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin; export PATH;
> (echo cont; echo where) | gdb $daemon_directory/$process_name
> $process_id 2>&1 >$config_directory/$process_name.$process_id.log &
> sleep 5
> default_database_type = btree
> default_privs = nobody
> disable_vrfy_command = yes
> header_checks = pcre:/etc/postfix/header_checks_map
> html_directory = no
> lmtp_generic_maps = btree:/etc/postfix/lmtp_generic_maps
> lmtp_tls_protocols = $smtp_tls_protocols
> mail_owner = postfix
> mailbox_size_limit = 52428800
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> maximal_queue_lifetime = 3d
> message_size_limit = 52428800
> mydestination = $myhostname localhost.$mydomain localhost
> myhostname = mail1.glasgasperlmair.at
> mynetworks = 127.0.0.0/8 [::1]/128 192.168.104.0/23 192.168.103.0/24
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> postscreen_access_list = permit_mynetworks
> cidr:/etc/postfix/postscreen_whitelist
> postscreen_bare_newline_action = ignore
> postscreen_bare_newline_enable = no
> postscreen_blacklist_action = drop
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*1
> b.barracudacentral.org*1
> postscreen_dnsbl_threshold = 2
> postscreen_dnsbl_whitelist_threshold = 0
> postscreen_greet_action = enforce
> postscreen_non_smtp_command_enable = no
> postscreen_pipelining_enable = no
> postscreen_whitelist_interfaces = static:all
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.11.3/README_FILES
> recipient_bcc_maps = btree:/etc/postfix/recipient_bcc_maps
> recipient_canonical_classes = envelope_recipient
> recipient_canonical_maps = btree:/etc/postfix/recipient_canonical_maps
> recipient_delimiter = +
> relay_domains = btree:/etc/postfix/relay_domains
> relay_recipient_maps =
> relocated_maps = btree:/etc/postfix/relocated_maps
> sample_directory = /usr/share/doc/postfix-2.11.3/samples
> sender_bcc_maps = btree:/etc/postfix/sender_bcc_maps
> sender_canonical_classes = envelope_sender
> sender_canonical_maps = btree:/etc/postfix/sender_canonical_maps
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> show_user_unknown_table_name = no
> smtp_destination_rate_delay = 150s
> smtp_generic_maps = btree:/etc/postfix/smtp_generic_maps
> smtp_tls_cert_file = $smtpd_tls_cert_file
> smtp_tls_exclude_ciphers = aNULL eNULL EXPORT DES 3DES RC4 MD5 PSK
> aECDH EDH-DSS-DES-CBC3-SHA EDH-RSA-DES-CDC3-SHA KRB5-DE5 CBC3-SHA
> AES128-SHA DHE-RSA-AES128-SHA AES256-SHA DHE-RSA-AES256-SHA
> CAMELLIA128-SHA DHE-RSA-CAMELLIA128-SHA CAMELLIA256-SHA
> DHE-RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA
> smtp_tls_key_file = $smtpd_tls_key_file
> smtp_tls_loglevel = 0
> smtp_tls_protocols = !SSLv2 !SSLv3
> smtp_tls_security_level = may
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_connection_count_limit = 20
> smtpd_client_connection_rate_limit = 20
> smtpd_client_message_rate_limit = 50
> smtpd_client_recipient_rate_limit = 50
> smtpd_discard_ehlo_keyword_address_maps = cidr:/etc/postfix/esmtp_access
> smtpd_recipient_restrictions = check_recipient_access
> btree:/etc/postfix/access_recipient-rfc check_client_access
> cidr:/etc/postfix/access_client check_helo_access
> btree:/etc/postfix/access_helo check_recipient_access
> btree:/etc/postfix/access_recipient permit_sasl_authenticated
> permit_mynetworks check_sender_access btree:/etc/postfix/access_sender
> reject_rbl_client zen.spamhaus.org reject_rbl_client
> ix.dnsbl.manitu.net reject_rbl_client bl.spamcop.net
> reject_unverified_recipient reject_unauth_destination permit
> smtpd_relay_restrictions = permit_sasl_authenticated permit_mynetworks
> reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_tls_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_tls_ask_ccert = yes
> smtpd_tls_cert_file = /etc/pki/postfix/certs/mail1.glasgasperlmair.at.crt
> smtpd_tls_dh1024_param_file = /etc/pki/postfix/private/dh_2048.pem
> smtpd_tls_dh512_param_file = /etc/pki/postfix/private/dh_512.pem
> smtpd_tls_eecdh_grade = strong
> smtpd_tls_exclude_ciphers = aNULL eNULL EXPORT DES 3DES RC4 MD5 PSK
> aECDH EDH-DSS-DES-CBC3-SHA EDH-RSA-DES-CDC3-SHA KRB5-DE5 CBC3-SHA
> smtpd_tls_key_file = /etc/pki/postfix/private/mail1.glasgasperlmair.at.key
> smtpd_tls_loglevel = 0
> smtpd_tls_protocols = !SSLv2 !SSLv3
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may
> tls_preempt_cipherlist = yes
> transport_maps = btree:/etc/postfix/transport_maps, $relay_domains
> unverified_recipient_reject_reason = Recipient address lookup failed
> unverified_sender_reject_reason = Sender address lookup failed
> virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual-alias-maps.cf
> virtual_mailbox_maps =
> proxy:mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
> virtual_transport = lmtp:[127.0.0.1]:24
>
> *meine master.cf*
> #smtp inet n - n - - smtpd
> smtp inet n - n - 1 postscreen
> smtpd pass - - n - - smtpd
> # -o smtpd_sasl_auth_enable=yes
> -o smtpd_sasl_auth_enable=no
> -o smtpd_milters=${amavisd_milter}
> # -o receive_override_options=no_address_mappings
> dnsblog unix - - n - 0 dnsblog
> tlsproxy unix - - n - 0 tlsproxy
> submission inet n - n - - smtpd
> -o syslog_name=postfix/submission
> -o smtpd_tls_security_level=encrypt
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_reject_unlisted_recipient=no
> # -o smtpd_etrn_restrictions=reject
> # -o smtpd_client_restrictions=$mua_client_restrictions
> # -o smtpd_helo_restrictions=$mua_helo_restrictions
> # -o smtpd_sender_restrictions=$mua_sender_restrictions
> -o smtpd_recipient_restrictions=
> -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
> # -o milter_macro_daemon_name=ORIGINATING
> # -o milter_macro_daemon_name=MYSUBMITTERS
> # -o smtpd_milters=${amavisd_milter}
> # -o content_filter=smtp:[127.0.0.1]:10024
> # -o receive_override_options=no_address_mappings
> # -o smtpd_milters=${amavisd_milter}
> #smtps inet n - n - - smtpd
> # -o syslog_name=postfix/smtps
> # -o smtpd_tls_wrappermode=yes
> # -o smtpd_sasl_auth_enable=yes
> # -o smtpd_reject_unlisted_recipient=no
> # -o smtpd_client_restrictions=$mua_client_restrictions
> # -o smtpd_helo_restrictions=$mua_helo_restrictions
> # -o smtpd_sender_restrictions=$mua_sender_restrictions
> # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
> # -o milter_macro_daemon_name=ORIGINATING
> #628 inet n - n - - qmqpd
> pickup unix n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr unix n - n 300 1 qmgr
> #qmgr unix n - n 300 1 oqmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - n - - showq
> error unix - - n - - error
> retry unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> #
> # ====================================================================
> # Interfaces to non-Postfix software. Be sure to examine the manual
> # pages of the non-Postfix software to find out what options it wants.
> #
> # Many of the following services use the Postfix pipe(8) delivery
> # agent. See the pipe(8) man page for information about ${recipient}
> # and other message envelope options.
> # ====================================================================
> #
> # maildrop. See the Postfix MAILDROP_README file for details.
> # Also specify in main.cf: maildrop_destination_recipient_limit=1
> #
> #maildrop unix - n n - - pipe
> # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> #
> # ====================================================================
> #
> # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
> #
> # Specify in cyrus.conf:
> # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
> #
> # Specify in main.cf one or more of the following:
> # mailbox_transport = lmtp:inet:localhost
> # virtual_transport = lmtp:inet:localhost
> #
> # ====================================================================
> #
> # Cyrus 2.1.5 (Amos Gouaux)
> # Also specify in main.cf: cyrus_destination_recipient_limit=1
> #
> #cyrus unix - n n - - pipe
> # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
> ${extension} ${user}
> #
> # ====================================================================
> #
> # Old example of delivery via Cyrus.
> #
> #old-cyrus unix - n n - - pipe
> # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m
> ${extension} ${user}
> #
> # ====================================================================
> #
> # See the Postfix UUCP_README file for configuration details.
> #
> #uucp unix - n n - - pipe
> # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> #
> # ====================================================================
> #
> # Other external delivery methods.
> #
> #ifmail unix - n n - - pipe
> # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> #
> #bsmtp unix - n n - - pipe
> # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop
> $recipient
> #
> #scalemail-backend unix - n n - 2 pipe
> # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> # ${nexthop} ${user} ${extension}
> #
> #mailman unix - n n - - pipe
> # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
> # ${nexthop} ${user}
> #amavisd reinject
> #amavisd unix - n n - - pipe
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
> -o smtpd_delay_reject=no
> -o smtpd_client_restrictions=permit_mynetworks,reject
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_data_restrictions=reject_unauth_pipelining
> -o smtpd_end_of_data_restrictions=
> -o smtpd_restriction_classes=
> -o mynetworks=127.0.0.0/8
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o smtpd_client_connection_count_limit=0
> -o smtpd_client_connection_rate_limit=0
> -o
> receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
> -o local_header_rewrite_clients=
> # -o smtpd_milters=
> # -o local_recipient_maps=
> # -o relay_recipient_maps=
>
> Am 09.12.2016 um 11:59 schrieb Andreas Wass - Glas Gasperlmair:
>> Hallo!
>>
>> Im maillog sieht man sehr deutlich, dass die Zustellung an alle 3
>> lokalen Empfänger sehr schnell geht (max. delay=0.81,
>> delays=0.02/0/0/0.78)
>>
>> Warum wartet postfix danach 5 Minuten, bis überhaupt mal ein
>> Verbindungsversuch zum externen Mailserver aufgebaut wird?
>> Die temp. Abweisung danach ist vermutl. Greylisting (aber um diese
>> Verzögerung geht es nicht)
>> *
>> grep 1B19F341C1DE8F /var/log/maillog*
>> Dec 9 11:35:26 mail postfix/submission/smtpd[12702]: 1B19F341C1DE8F:
>> client=unknown[192.168.105.72], sasl_method=PLAIN,
>> sasl_username=reinhard.waschl at glas-gasperlmair.at
>> Dec 9 11:35:26 mail postfix/cleanup[11619]: 1B19F341C1DE8F:
>> message-id=<584A88ED.2010306 at glas-gasperlmair.at>
>> Dec 9 11:35:26 mail postfix/qmgr[7547]: 1B19F341C1DE8F:
>> from=<reinhard.waschl at glas-gasperlmair.at>, size=23375, nrcpt=4
>> (queue active)
>> Dec 9 11:35:26 mail postfix/lmtp[11798]: 1B19F341C1DE8F:
>> to=<archiv2016ausgang at glas-gasperlmair.at>,
>> relay=127.0.0.1[127.0.0.1]:24, delay=0.08, delays=0.02/0/0/0.06,
>> dsn=2.0.0, status=sent (250 2.0.0
>> <archiv2016ausgang at glas-gasperlmair.at> JaaYAO6ISliJMQAA9a9gbQ Saved)
>> Dec 9 11:35:26 mail postfix/lmtp[11798]: 1B19F341C1DE8F:
>> to=<archiv2016eingang at glas-gasperlmair.at>,
>> relay=127.0.0.1[127.0.0.1]:24, delay=0.81, delays=0.02/0/0/0.78,
>> dsn=2.0.0, status=sent (250 2.0.0
>> <archiv2016eingang at glas-gasperlmair.at> JaaYAO6ISliJMQAA9a9gbQ:2 Saved)
>> *Dec 9 11:35:2**6* mail postfix/lmtp[11798]: 1B19F341C1DE8F:
>> to=<claus.freudenthaler at glas-gasperlmair.at>,
>> relay=127.0.0.1[127.0.0.1]:24, delay=0.81, delays=0.02/0/0/0.78,
>> dsn=2.0.0, status=sent (250 2.0.0
>> <claus.freudenthaler at glas-gasperlmair.at> JaaYAO6ISliJMQAA9a9gbQ:3 Saved)
>> *Dec 9 11:40:30* mail postfix/smtp[12704]: 1B19F341C1DE8F: Cannot
>> start TLS: handshake failure
>> Dec 9 11:40:35 mail postfix/smtp[12704]: 1B19F341C1DE8F: host
>> ae30.at.pri-mx.eu0109.smtproutes.com[94.186.192.101] said: 451 4.3.0
>> Message temporarily deferred. Please try again later. (in reply to
>> RCPT TO command)
>> Dec 9 11:45:39 mail postfix/smtp[12704]: 1B19F341C1DE8F: Cannot
>> start TLS: handshake failure
>> Dec 9 11:45:45 mail postfix/smtp[12704]: 1B19F341C1DE8F:
>> to=<Gerhard.Kratochwil at ae30.at>,
>> relay=ae30.at.bak-mx.eu0109.smtpbak.com[208.70.88.50]:25, delay=619,
>> delays=0.02/0.02/617/2.5, dsn=4.3.0, status=deferred (host
>> ae30.at.bak-mx.eu0109.smtpbak.com[208.70.88.50] said: 451 4.3.0
>> Message temporarily deferred. Please try again later. (in reply to
>> RCPT TO command))
>>
>> Vielen Dank für eure Bemühungen
>> vg, Andi
>
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://de.postfix.org/pipermail/postfix-users/attachments/20161212/a13f3d6b/attachment-0001.html>
Mehr Informationen über die Mailingliste postfix-users