[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    RE: ldap lookups timing out?
From:       "Gomes, Rich" <Gomes-Rich () aramark ! com>
Date:       2019-08-23 16:22:32
Message-ID: SN6PR01MB4783A277F515B0F0EF4489F59CA40 () SN6PR01MB4783 ! prod ! exchangelabs ! com
[Download RAW message or body]

This is the line from main.cfg:

relay_recipient_maps = hash:/etc/postfix/wildcard_relay_recipients, \
proxy:ldap:/etc/postfix/ldap_relay_recipients.cf, \
proxy:ldap:/etc/postfix/ldap_groups_recipients.cf

 I am unclear on the transport maps section of your response. I am using transport \
maps but they look like this:

mydomain.com     smtp:[myexchangeserver.mydomain.com]:25252
myotherinternaldomain.com     smtp:[This goes to a \
differentexchangeserver.mydomain.com]:25252 myotherotherinternaldomain.com     \
smtp:[thisgoestoaninternalfaxserver.mydomain.com]:25252 etc....

-----Original Message-----
From: owner-postfix-users@postfix.org <owner-postfix-users@postfix.org> On Behalf Of \
                Viktor Dukhovni
Sent: Thursday, August 22, 2019 7:10 PM
To: postfix-users@postfix.org
Subject: Re: ldap lookups timing out?

CAUTION: This email was sent from an external sender. Do not click links or open \
attachments unless you recognize the sender and know the content is safe.

On Thu, Aug 22, 2019 at 05:19:37PM +0000, Gomes, Rich wrote:

> I am seeing a lot of Temporary lookup failure errors in the maillog. 
> At first I thought it was an issue related to reverse DNS lookups as 
> each of the sending servers had no reverse record in DNS (this is an 
> internal only relay).
> But when I added verbose logging, it appears to be related to LDAP lookups.
> 
> Most commonly, I get these errors:
> 
> warning: dict_ldap_connect: Unable to bind to server ldap:....
> 
> But also receive these:
> 
> maps_find: relay_recipient_maps: user@mydomain.com: search aborted

This is much too little information about your system:

        https://clicktime.symantec.com/36xM5GtzzWZLWjZscKcRTZH7Vc?u=http%3A%2F%2Fwww.postfix.org%2FDEBUG_README.html%23mail


Perhaps you're using "ldap:table", rather than "proxy:ldap:table".
You'll likely do much better with:

        ldap = proxy:ldap:${config_directory}/
        relay_recipient_maps = ${ldap}relay-rcpt
        ...

Make sure your LDAP tables are sensibly indexed, so that the queries you're making \
are efficieint and do not involve full table scans.

You don't need to avoid or cache LDAP, per other suggestions, but I do try to not use \
LDAP for "transport_maps" on high-volume relays. This is because the queue manager is \
single-threaded, and does transport resolution (via trivial-rewrite(8)) for every \
message recipient as messages enter the active queue.

Therefore, instead of:

    transport:
        user1@example.com       relay:mailstore1.example.com
        user2@example.com       relay:mailstore2.example.com
        ...

I use:

    virtual:
        user1@example.com       user1@mailstore1.example.com
        user2@example.com       user2@mailstore2.example.com
        ...

and configure the mailstore SMTP/LMTP servers to accept the rewritten address form.  \
If push comes to shove, you can also rewrite the address back to the input form \
during onward delivery:

    master.cf:
        relay unix ... smtp
          -o smtp_generic_maps=$relay_generic_maps

    main.cf:
        smtp_generic_maps = <table_type>:generic

    generic:
        user1@mailstore1.example.com    user1@example.com

--
        Viktor.


[prev in list] [next in list] [prev in thread] [next in thread]