[prev in list] [next in list] [prev in thread] [next in thread]
List: postfix-users
Subject: RE: ldap lookups timing out?
From: "Gomes, Rich" <Gomes-Rich () aramark ! com>
Date: 2019-08-23 16:22:32
Message-ID: SN6PR01MB4783A277F515B0F0EF4489F59CA40 () SN6PR01MB4783 ! prod ! exchangelabs ! com
[Download RAW message or body]
This is the line from main.cfg:
relay_recipient_maps = hash:/etc/postfix/wildcard_relay_recipients, \
proxy:ldap:/etc/postfix/ldap_relay_recipients.cf, \
proxy:ldap:/etc/postfix/ldap_groups_recipients.cf
I am unclear on the transport maps section of your response. I am using transport \
maps but they look like this:
mydomain.com smtp:[myexchangeserver.mydomain.com]:25252
myotherinternaldomain.com smtp:[This goes to a \
differentexchangeserver.mydomain.com]:25252 myotherotherinternaldomain.com \
smtp:[thisgoestoaninternalfaxserver.mydomain.com]:25252 etc....
-----Original Message-----
From: owner-postfix-users@postfix.org <owner-postfix-users@postfix.org> On Behalf Of \
Viktor Dukhovni
Sent: Thursday, August 22, 2019 7:10 PM
To: postfix-users@postfix.org
Subject: Re: ldap lookups timing out?
CAUTION: This email was sent from an external sender. Do not click links or open \
attachments unless you recognize the sender and know the content is safe.
On Thu, Aug 22, 2019 at 05:19:37PM +0000, Gomes, Rich wrote:
> I am seeing a lot of Temporary lookup failure errors in the maillog.
> At first I thought it was an issue related to reverse DNS lookups as
> each of the sending servers had no reverse record in DNS (this is an
> internal only relay).
> But when I added verbose logging, it appears to be related to LDAP lookups.
>
> Most commonly, I get these errors:
>
> warning: dict_ldap_connect: Unable to bind to server ldap:....
>
> But also receive these:
>
> maps_find: relay_recipient_maps: user@mydomain.com: search aborted
This is much too little information about your system:
https://clicktime.symantec.com/36xM5GtzzWZLWjZscKcRTZH7Vc?u=http%3A%2F%2Fwww.postfix.org%2FDEBUG_README.html%23mail
Perhaps you're using "ldap:table", rather than "proxy:ldap:table".
You'll likely do much better with:
ldap = proxy:ldap:${config_directory}/
relay_recipient_maps = ${ldap}relay-rcpt
...
Make sure your LDAP tables are sensibly indexed, so that the queries you're making \
are efficieint and do not involve full table scans.
You don't need to avoid or cache LDAP, per other suggestions, but I do try to not use \
LDAP for "transport_maps" on high-volume relays. This is because the queue manager is \
single-threaded, and does transport resolution (via trivial-rewrite(8)) for every \
message recipient as messages enter the active queue.
Therefore, instead of:
transport:
user1@example.com relay:mailstore1.example.com
user2@example.com relay:mailstore2.example.com
...
I use:
virtual:
user1@example.com user1@mailstore1.example.com
user2@example.com user2@mailstore2.example.com
...
and configure the mailstore SMTP/LMTP servers to accept the rewritten address form. \
If push comes to shove, you can also rewrite the address back to the input form \
during onward delivery:
master.cf:
relay unix ... smtp
-o smtp_generic_maps=$relay_generic_maps
main.cf:
smtp_generic_maps = <table_type>:generic
generic:
user1@mailstore1.example.com user1@example.com
--
Viktor.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic