Bug #3411

SMTP mail reception delayed in receive only systems

Added by Filippo Carletti over 3 years ago. Updated over 3 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-mail-common
Target version:v6.8
Security class: Resolution:
Affected version: NEEDINFO:No

Description

I've discovered a very rare problem on a mail server where the system is used only to receive emails: amavisd stops to respond and emails are received only when it begins to respond again.
I'm unable to reproduce the problem, but I can find a clear pattern into maillog:

Jun 20 17:42:32 mail transfer/smtpd[23714]: warning: timeout talking to proxy 127.0.0.1:10024
Jun 20 17:42:32 mail transfer/smtpd[23714]: proxy-reject: END-OF-MESSAGE: 451 4.3.0 Error: queue file write error;
...
Jun 21 09:28:46 mail amavis[9033]: (09033-37) ESMTP:[127.0.0.1]:10587 

Once I was able to analyze the system while amavisd was not responding: I connected to port 10587 and it immediately began to respond.

Associated revisions

Revision 2e3a65aa
Added by Davide Principi over 3 years ago

Bypass amavisd. Refs #3411

Bypass if no disclaimer is defined, to avoid amavisd multiport issues.

Revision 87a572a2
Added by Davide Principi over 3 years ago

Full daemon restart on domain events. Refs #3411

Expand additional postfix templates to configure internal email paths if
mail disclaimers change.

Revision 6ca47f4f
Added by Davide Principi over 3 years ago

Bypass amavisd. Refs #3411

If no disclaimer is defined amavisd is completely bypassed on
submission.

Revision 3198b556
Added by Giacomo Sanchietti over 3 years ago

Merge pull request #2 from DavidePrincipi/b3411

Bypass amavisd. Refs #3411

Revision 9e118a27
Added by Giacomo Sanchietti over 3 years ago

Merge pull request #8 from DavidePrincipi/b3411

Bypass amavisd. Refs #3411

History

#1 Updated by Davide Principi over 3 years ago

Filippo Carletti wrote:

the system is used only to receive emails

Are you sure it is only receiving? The log trace you attached shows a local connection on port 587!

#2 Updated by Filippo Carletti over 3 years ago

Are you sure it is only receiving?

Ok, mostly receiving. :-)

#3 Updated by Davide Principi over 3 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

It seems the Net::Server Perl module, which amavisd relies on, suffers of blocking issues when listening on multiple ports.

The only workaround is changing our configuration to listen on multiple ports only if needed.

By now a message sent on submission ports uses amavisd for

1. disclaimer
2. virus scan

I think virus scan can be safely ignored, assuming authentication is enabled on 587. The disclaimer feature is rarely used, and we could bypass amavisd entirely on most cases.

#4 Updated by Davide Principi over 3 years ago

  • Tracker changed from Enhancement to Bug
  • Status changed from TRIAGED to MODIFIED
  • % Done changed from 20 to 60

MODIFIED

Pull Requests:

If no mail disclaimer is defined, amavisd listen on a single port (10024) reducing the impact of multi port configurations that seems to originate the blocks.

The proposed fix should mitigate the bug impact.

#5 Updated by Giacomo Sanchietti over 3 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:

  • nethserver-mail-common-1.5.5-1.3.g9e118a2.ns6.noarch.rpm
  • nethserver-mail-filter-1.3.7-1.2.g3198b55.ns6.noarch.rpm
Test case
  • Check the bug is not reproducible

#6 Updated by Giacomo Sanchietti over 3 years ago

  • Assignee set to Giacomo Sanchietti

#7 Updated by Giacomo Sanchietti over 3 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

This has been tested on multiple machines: when Amavis listens only on one interface, the daemon never blocks.

#8 Updated by Giacomo Sanchietti over 3 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-mail-common-1.5.6-1.ns6.noarch.rpm
  • nethserver-mail-filter-1.3.8-1.ns6.noarch.rpm

Also available in: Atom PDF