1 (edited by RajeshM 2021-05-18 23:08:08)

Topic: urgent help required smtp concurrency limit

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release)
==> 1.3.2
- Deployed with iRedMail Easy or the downloadable installer?
==>  downloadable installer
- Linux/BSD distribution name and version
==>  Debian Linux 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL)
==>  MySQL
- Web server (Apache or Nginx)
==> Nginx
- Manage mail accounts with iRedAdmin-Pro?
==> yes

we  are use a sophos antispam firewall (using over 3 years now) to route emails to our mail server which is a dell 48 core, 256 gb ram with iredmail installed in it. Emails are routed from the sophos server to 25 port of the iredmail server. IP tables on the iredmail server is set so that incoming connections are accepted only on port 25 of from the sophos server only.

this setup was working without any issues for the past over a year

however for the last 2 days during peak hours we noted the incoming emails on port 25 of the iredamin server freeze off and stops accepting connections.
However smtp authenticated  service on port 587, dovecot, etc are working like normal.

we took shell access to the sophos server and then
telnet to the iredmail server which connected and gave us a response as such
###################
root@ns1:/etc/postfix# telnet aaa.bbb.yyy.xxx 25
Trying  aaa.bbb.yyy.xxx...
Connected to  aaa.bbb.yyy.xxx.
Escape character is '^]'.
##################

but there is no response 220 helo from the iredmail server.

smtp logs in the sophos server gives a connection timeout error or access is denied

this gets resolved only when we restart the postfix

our postfix server settings is as follows

# ===============================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ===============================================================
smtp      inet  n       -       y       -       1       postscreen
smtpd     pass  -       -       y       -       -       smtpd
dnsblog   unix  -       -       y       -       0       dnsblog
tlsproxy  unix  -       -       y       -       0       tlsproxy

googling advises us to increase the maxproc for smtp but it does not work.

questions
1) are smtp connections on port 25 being controlled by postscreen ?
if max process is increased above do we need to make any config changes to postscreen also ?

2) What should we do to increase the number of smtp connections on port 25 only ?

Urgent help required please.

thanks
rajesh

2

Re: urgent help required smtp concurrency limit

If only sophos connects to iRedMail server on port 25, you can disable postscreen service on iRedMail, then it's easy to increase maxproc for the smtp service.

Steps:

1: Comment out these 2 lines:

RajeshM wrote:

smtp      inet  n       -       y       -       1       postscreen
smtpd     pass  -       -       y       -       -       smtpd

2: Add one line above them:

smtp      inet  n       -       n       -       -       smtpd

You're free to tune the maxproc field in the newly added line.

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

3

Re: urgent help required smtp concurrency limit

thank you for your reply.

a few questions

1) if we use postscreen should the number of Max proc is set to 1 ? Can we increase this ?

# ===============================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ===============================================================
smtp      inet  n       -       y       -       1       postscreen


2) We wish to continue to track the number of emails sent and received by our customers ie use policy rules. Does iredapd control this ?

3) if we make the change as advised and add this line below will we lose the ability to control the number of emails per user and other policy rules available ?
smtp      inet  n       -       n       -       -       smtpd

thanks
rajesh

4

Re: urgent help required smtp concurrency limit

RajeshM wrote:

1) if we use postscreen should the number of Max proc is set to 1 ? Can we increase this ?

For postscreen, the maxproc is 1 and should not be changed.
For normal smtpd (running on port 25), it's 100 by default and you're free to increase it.

RajeshM wrote:

2) We wish to continue to track the number of emails sent and received by our customers ie use policy rules. Does iredapd control this ?

amavisd.

RajeshM wrote:

3) if we make the change as advised and add this line below will we lose the ability to control the number of emails per user and other policy rules available ?

Not lose.

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee