träger E-Mail-Versand

threadi

New Member
Hi,


habe hier einen Server über den zu unterschiedlichen Tageszeiten durchaus mal bis zu 5000 Mails rausgehen sollen (natürlich nicht alle sofort, aber doch in angemessener Zeit). Das Phänomen für mich ist nun, dass der Versand stärker verzögert passiert als er sollte. Die betreffende Anwendung nutzte vorher ein Debian 7 mit postfix 2 auf dem die gleiche Konfiguration hinterlegt war und der Versand erheblich schneller ging. Auf dem neuen Debian 9 Server mit postfix 3 ist es deutlich langsamer (vorher: rund 400 Mails in 5 Minuten, jetzt rund 120 Mails in 5 Minuten).

Hier die Konfigurationsdaten:

main.cf

Code:
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file = vorhanden
smtpd_tls_key_file = vorhanden
smtpd_tls_CAfile = vorhanden
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = example.com
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = example.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, check_client_access hash:/etc/postfix/rbl_override, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, reject_rbl_client b.barracudacentral.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client dnsbl.inps.de, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dialup.blacklist.jippg.org, reject_rbl_client cbl.abuseat.org
smtpd_tls_security_level = may
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, reject_invalid_helo_hostname, reject_unknown_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 1000
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0

allow_min_user = yes
default_process_limit = 1000
maximal_queue_lifetime = 2d
default_destination_concurrency_limit = 50
bounce_queue_lifetime = 2d
master.cf
Code:
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       1000       smtpd
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       1000       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
                -o smtp_bind_address=


127.0.0.1:10025 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
#        -o disable_dns_lookups=yes


127.0.0.1:10027 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
            -o milter_default_action=accept
        -o milter_macro_daemon_name=ORIGINATING
#        -o disable_dns_lookups=yes
Hat jemand dazu eine Idee?
 

threadi

New Member
Hier mal ein (anonymisierter) Ausschnitt von heute Morgen:



Dec 9 09:10:09 servername postfix/smtpd[10986]: connect from localhost[127.0.0.1]
Dec 9 09:10:09 servername postfix/smtpd[10986]: BF5862C1DA5: client=localhost[127.0.0.1]
Dec 9 09:10:09 servername postfix/cleanup[10976]: BF5862C1DA5: message-id=<d62efb6d167e20db3f41be3bf5c13702@example.com>
Dec 9 09:10:09 servername postfix/qmgr[3606]: BF5862C1DA5: from=<no-reply@example-project.com>, size=2241, nrcpt=1 (queue active)
Dec 9 09:10:09 servername amavis[911]: (00911-17) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [192.168.2.5]:46770 <no-reply@example-project.com> -> <empfaenger2@web.de>, Queue-ID: 763242C0131, Message-ID: <d62efb6d167e20db3f41be3bf5c13702@example.com>, mail_id: yfGZ9Dey-0AC, Hits: -1, size: 1776, queued_as: BF5862C1DA5, 4245 ms
Dec 9 09:10:09 servername postfix/smtpd[10986]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec 9 09:10:09 servername postfix/smtp[10977]: 763242C0131: to=<empfaenger2@web.de>, relay=127.0.0.1[127.0.0.1]:10026, delay=4.3, delays=0.08/0.01/0/4.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as BF5862C1DA5)
Dec 9 09:10:09 servername postfix/qmgr[3606]: 763242C0131: removed
Dec 9 09:10:09 servername postfix/smtpd[10986]: connect from localhost[127.0.0.1]
Dec 9 09:10:09 servername postfix/smtpd[10986]: CA1D62C0131: client=localhost[127.0.0.1]
Dec 9 09:10:09 servername postfix/cleanup[10976]: CA1D62C0131: message-id=<9b57e755ffe77be2c2f21f15e2f1ce83@example.com>
Dec 9 09:10:09 servername postfix/smtpd[10986]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec 9 09:10:09 servername postfix/qmgr[3606]: CA1D62C0131: from=<no-reply@example-project.com>, size=2231, nrcpt=1 (queue active)
Dec 9 09:10:09 servername amavis[3547]: (03547-16) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [192.168.2.5]:46770 <no-reply@example-project.com> -> <empfaenger1@web.de>, Queue-ID: 881402C0183, Message-ID: <9b57e755ffe77be2c2f21f15e2f1ce83@example.com>, mail_id: 8QzkiqwUDEex, Hits: -1, size: 1772, queued_as: CA1D62C0131, 4227 ms
Dec 9 09:10:09 servername postfix/smtp[10978]: 881402C0183: to=<empfaenger1@web.de>, relay=127.0.0.1[127.0.0.1]:10026, delay=4.3, delays=0.05/0.01/0/4.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as CA1D62C0131)
Dec 9 09:10:09 servername postfix/qmgr[3606]: 881402C0183: removed
Dec 9 09:10:10 servername postfix/smtp[10987]: BF5862C1DA5: to=<empfaenger2@web.de>, relay=emig.freenet.de[195.4.92.215]:25, delay=0.42, delays=0.01/0.02/0.21/0.18, dsn=2.0.0, status=sent (250 OK id=1gVuAE-0007sR-1d)
Dec 9 09:10:10 servername postfix/qmgr[3606]: BF5862C1DA5: removed
Dec 9 09:10:10 servername postfix/smtp[10989]: CA1D62C0131: to=<empfaenger1@web.de>, relay=mx-ha02.web.de[212.227.17.8]:25, delay=0.54, delays=0.01/0.01/0.29/0.23, dsn=2.0.0, status=sent (250 Requested mail action okay, completed: id=1M7tUG-1gasFM0wk6-004xa7)
Dec 9 09:10:10 servername postfix/qmgr[3606]: CA1D62C0131: removed
Dec 9 09:10:14 servername postfix/smtpd[10986]: connect from localhost[127.0.0.1]
Dec 9 09:10:14 servername postfix/smtpd[10986]: 0A46C2C0131: client=localhost[127.0.0.1]
Dec 9 09:10:14 servername postfix/cleanup[10976]: 0A46C2C0131: message-id=<0430a15592dc08a83ff50c50c16f4ffd@example.com>
Dec 9 09:10:14 servername postfix/qmgr[3606]: 0A46C2C0131: from=<no-reply@example-project.com>, size=2216, nrcpt=1 (queue active)
Dec 9 09:10:14 servername amavis[911]: (00911-18) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [192.168.2.5]:46770 <no-reply@example-project.com> -> <empfaenger4@web.de>, Queue-ID: 97FC72C1BB3, Message-ID: <0430a15592dc08a83ff50c50c16f4ffd@example.com>, mail_id: Qb_o1fmtVf0t, Hits: -1, size: 1765, queued_as: 0A46C2C0131, 4217 ms
Dec 9 09:10:14 servername postfix/smtp[10977]: 97FC72C1BB3: to=<empfaenger4@web.de>, relay=127.0.0.1[127.0.0.1]:10026, delay=8.4, delays=0.05/4.1/0.04/4.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as 0A46C2C0131)
Dec 9 09:10:14 servername postfix/qmgr[3606]: 97FC72C1BB3: removed
Dec 9 09:10:14 servername postfix/smtpd[10994]: connect from localhost[127.0.0.1]
Dec 9 09:10:14 servername postfix/smtpd[10994]: D7A4A2C0183: client=localhost[127.0.0.1]
Dec 9 09:10:14 servername postfix/cleanup[10976]: D7A4A2C0183: message-id=<821b46400bddda4f76f21f64b3b09c81@example.com>
Dec 9 09:10:14 servername postfix/qmgr[3606]: D7A4A2C0183: from=<no-reply@example-project.com>, size=2267, nrcpt=1 (queue active)
Dec 9 09:10:14 servername amavis[3547]: (03547-17) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [192.168.2.5]:46770 <no-reply@example-project.com> -> <empfaenger3@web.de>, Queue-ID: A882E2C1C51, Message-ID: <821b46400bddda4f76f21f64b3b09c81@example.com>, mail_id: dG3j0rOx6dod, Hits: -1, size: 1790, queued_as: D7A4A2C0183, 5043 ms
Dec 9 09:10:14 servername postfix/smtp[10978]: A882E2C1C51: to=<empfaenger3@web.de>, relay=127.0.0.1[127.0.0.1]:10026, delay=9.2, delays=0.05/4.1/0.01/5, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10027): 250 2.0.0 Ok: queued as D7A4A2C0183)
Dec 9 09:10:14 servername postfix/qmgr[3606]: A882E2C1C51: removed
 

mr_brain

Registered User
Dein Amavis scheint irgend etwas mit den ausgehenden Emails zu machen. Entsprechende Logs bitte posten.
 

threadi

New Member
Hi,


die einzigen Einträge die amavis in syslog und mail.log hinterlässt sind pro Versand z.B. solche:


Code:
Dec 18 15:10:16 servername  postfix/smtpd[13109]: NOQUEUE: filter: RCPT from example.com[192.168.2.5]: <no-reply@example.com>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<no-reply@example.com> to=<empfaenger1@web.de> proto=ESMTP helo=<example.com>
Dec 18 15:11:45 servername  amavis[14606]: (14606-07-25) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [192.168.2.5]:52150 <no-reply@example.com> -> <empfaenger1@web.de>, Queue-ID: 9B13A2C2D62, Message-ID: <b37fc7ad183e0df0afa4f2d60287d7d4@example.com>, mail_id: zBlQawDeTMKc, Hits: -1, size: 1271, queued_as: 9439D2C2B45, 5639 ms
 

threadi

New Member
Nein, und sollte es eigentlich auch nicht. Wie man oben sieht habe ich

Code:
-o content_filter=
auf nichts gesetzt. Reicht das evtl. nicht?
 

danton

Debian User
Das reicht im Prinzip schon, aber du hast den Content-Filter nur für den Dienst submission deaktiviert und in deinem Log sehe ich keine einzige Zeile, die daraufhin deutet, dass die Mail auch über den Submission-Port eingegangen ist. Sieht für mich danach aus, als wenn die Mails über den SMTP-Port verschickt werden und da sollte der Amavis ja aktiv sein und eingehende Mails scannen.
 

threadi

New Member
Der Hinweis auf den submission-Port war gut, ich habe einfach den Versand komplett auf diesen umgestellt. Geändert hat sich insgesamt dadurch jedoch gar nichts. Die Mails werden zwar über Port 587 verschickt, amavis funkt aber weiterhin dazwischen.


Hat noch jemand eine Idee :confused:
 

threadi

New Member
postconf -nf


Code:
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
allow_min_user = yes
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
bounce_queue_lifetime = 2d
broken_sasl_auth_clients = yes
compatibility_level = 2
content_filter = amavis:[127.0.0.1]:10024
default_destination_concurrency_limit = 50
default_process_limit = 1000
dovecot_destination_recipient_limit = 1
greylisting = check_policy_service inet:127.0.0.1:10023
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
maximal_queue_lifetime = 2d
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = example.com, localhost, localhost.localdomain
myhostname = example.com
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
owner_request_special = no
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
    $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps
    $virtual_mailbox_domains $relay_recipient_maps $relay_domains
    $canonical_maps $sender_canonical_maps $recipient_canonical_maps
    $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_message_rate_limit = 1000
smtpd_client_restrictions = check_client_access
    mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks,
    check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname,
    reject_non_fqdn_hostname, reject_invalid_helo_hostname,
    reject_unknown_helo_hostname, check_helo_access
    regexp:/etc/postfix/blacklist_helo
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
    reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender,
    reject_non_fqdn_recipient, reject_unknown_sender_domain,
    reject_unknown_recipient_domain, reject_unauth_pipelining,
    reject_unauth_destination, check_client_access
    hash:/etc/postfix/rbl_override, check_recipient_access
    mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination,
    check_policy_service inet:127.0.0.1:10023, reject_rbl_client
    b.barracudacentral.org, reject_rbl_client ix.dnsbl.manitu.net,
    reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net,
    reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client dnsbl.inps.de,
    reject_rbl_client blackholes.easynet.nl, reject_rbl_client
    dialup.blacklist.jippg.org, reject_rbl_client cbl.abuseat.org
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
    defer_unauth_destination
smtpd_restriction_classes = greylisting
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps =
    proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
smtpd_sender_restrictions = check_sender_access
    regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks,
    permit_sasl_authenticated, check_sender_access
    mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access
    regexp:/etc/postfix/tag_as_foreign.re
smtpd_tls_CAfile = /etc/ssl/private/AlphaSSL_Intermediate_CA.crt
smtpd_tls_cert_file = /etc/ssl/private/sender.tld.crt
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/ssl/private/sender.tld.key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/var/lib/mailman/data/transport-mailman,
    proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman,
    proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
    proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
postconf -Mf
Code:
smtp       inet  n       -       y       -       1000    smtpd
submission inet  n       -       y       -       -       smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o content_filter=
smtps      inet  n       -       y       -       1000    smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup     unix  n       -       y       60      1       pickup
cleanup    unix  n       -       y       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       y       1000?   1       tlsmgr
rewrite    unix  -       -       y       -       -       trivial-rewrite
bounce     unix  -       -       y       -       0       bounce
defer      unix  -       -       y       -       0       bounce
trace      unix  -       -       y       -       0       bounce
verify     unix  -       -       y       -       1       verify
flush      unix  n       -       y       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       y       -       -       smtp
relay      unix  -       -       y       -       -       smtp
showq      unix  n       -       y       -       -       showq
error      unix  -       -       y       -       -       error
retry      unix  -       -       y       -       -       error
discard    unix  -       -       y       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       y       -       -       lmtp
anvil      unix  -       -       y       -       1       anvil
scache     unix  -       -       y       -       1       scache
maildrop   unix  -       n       n       -       -       pipe flags=DRhu
    user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient}
    ${user} ${nexthop} ${sender}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu
    user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn
    argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq.
    user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R
    user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
    ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FR
    user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop}
    ${user}
dovecot    unix  -       n       n       -       -       pipe flags=DRhu
    user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d
    ${user}@${nexthop}
amavis     unix  -       -       -       -       2       smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o smtp_bind_address=
127.0.0.1:10025 inet n   -       n       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtp_send_xforward_command=yes
127.0.0.1:10027 inet n   -       n       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtp_send_xforward_command=yes
    -o milter_default_action=accept
    -o milter_macro_daemon_name=ORIGINATING
 
Last edited:

threadi

New Member
Nachdem im Mai 2019 ein postfix-Update von Debian 9 eingespielt wurde, war der Versand, den ich oben beschrieben habe, gar nicht mehr träge. Seit dieser Woche nun ist er wieder träge. Es gab seit Juni 2019 kein postfix-Update. Was ist dann der Grund?
 

danton

Debian User
Nutzt du vielleicht mal den Submission-Port 587 und Mal SMTPS über 465? Bei letzterem ist der content-filter nämlich nicht deaktiviert und somit können Amavis da wieder zuschlagen und das ganze verzögern.
 

threadi

New Member
Zum Senden wird einzig der Port 587angesprochen (ist z.B. in einem phpmailer-Script konkret so hinterlegt). Amavis steht dennoch im Logfile:

Code:
Dec  2 13:30:08 servername amavis[32595]: (32595-01-47) Passed CLEAN {RelayedOutbound}, ORIGINATING LOCAL [192.168.2.5]:36462 <no-reply@sender.tld> -> <info@example.com>, Queue-ID: C446E2C4D11, Message-ID: <ibSolnQRXntmvweN24oMQB4X7iO5STUL1y4iJ2hqn11@sender.tld>, mail_id: ysGdO0DDGP11, Hits: -1, size: 1447, queued_as: C57CF2C370B, 4258 ms
 

danton

Debian User
Aus dem Zusammenhang gerissene Logzeilen bedeuten ziemlich wenig.
Die smtpd_recipient_restrictions musst du für submission und smtps außerdem auch anpassen (auf ein Minimum reduzieren) - da braucht es die ganzen Blacklist-Checks nicht (die auch viel Zeit kosten können).
 
Top