mail sent via sendmail is queued and delayed for approx. 300 seconds

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

mail sent via sendmail is queued and delayed for approx. 300 seconds

level420
Hi all,

I'm running centos 7.2 with postfix 2.10.1, installed from the standard
centos 7 repo which corresponds to rhel 7.

I'm using php mail to send mails which uses  /usr/sbin/sendmail -t -i to
send the mail.

On my previous server centos 6 using postfix 2.6.6 the mail was
delivered nearly instant to the recipient, whereas on centos 7 with
postfix 2.10.1 the mail gets enqueued for ca. 5 minutes and is then
successfully delivered to the recipient.

I could not find any switch or configuration option within main.cf or
master.cf which made an difference regarding the mail sending delay.

It would be great if someone has a hint or a solution which re-enables
the instant delivery again.
Thank you for your help.

Regards
Dietrich

Reply | Threaded
Open this post in threaded view
|

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

Mauricio Tavares
On Wed, Mar 2, 2016 at 12:09 PM, Dietrich Streifert
<[hidden email]> wrote:

> Hi all,
>
> I'm running centos 7.2 with postfix 2.10.1, installed from the standard
> centos 7 repo which corresponds to rhel 7.
>
> I'm using php mail to send mails which uses  /usr/sbin/sendmail -t -i to
> send the mail.
>
> On my previous server centos 6 using postfix 2.6.6 the mail was delivered
> nearly instant to the recipient, whereas on centos 7 with postfix 2.10.1 the
> mail gets enqueued for ca. 5 minutes and is then successfully delivered to
> the recipient.
>
> I could not find any switch or configuration option within main.cf or
> master.cf which made an difference regarding the mail sending delay.
>
> It would be great if someone has a hint or a solution which re-enables the
> instant delivery again.
> Thank you for your help.
>
      Did the log file give you any clue of which step is taking too
long to complete?

> Regards
> Dietrich
>
Reply | Threaded
Open this post in threaded view
|

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

level420
Hi Mauricio,

no, there is nothing in the log file. Here is the output for one sending
attempt:

mail() on [/data/development/phpmail/mail.php:9]: To:
[hidden email] -- Headers: From: [hidden email]  
Reply-To: [hidden email]  X-Mailer: PHP/5.4.16
Mar  2 18:27:55 node1 postfix/pickup[8696]: 5B0A235E18A: uid=0 from=<root>
Mar  2 18:27:55 node1 postsrsd[9043]: srs_forward: <[hidden email]>
rewritten as <SRS0=HRq4=O6=xxxx.yyyy.de=[hidden email]>
Mar  2 18:27:55 node1 postfix/cleanup[9039]: 5B0A235E18A:
message-id=<[hidden email]>
Mar  2 18:27:55 node1 opendkim[11665]: 5B0A235E18A: DKIM-Signature field
added (s=default, d=zzzz.de)
Mar  2 18:27:55 node1 postfix/qmgr[8697]: 5B0A235E18A:
from=<srs0=hrq4=o6=xxxx.yyyy.de=[hidden email]>, size=449, nrcpt=1 (queue
active)
Mar  2 18:27:55 node1 postfix/smtpd[9049]: connect from unknown[127.0.0.1]
Mar  2 18:27:55 node1 dovecot: auth: Debug: auth client connected (pid=0)

and mailq says:

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
5B0A235E18A*     449 Wed Mar  2 18:27:55
srs0=hrq4=o6=xxxx.yyyy.de=[hidden email]
[hidden email]



Am 02.03.2016 um 18:23 schrieb Mauricio Tavares:
>        Did the log file give you any clue of which step is taking too
> long to complete?
>
>> Regards
>> Dietrich
>>

Reply | Threaded
Open this post in threaded view
|

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

Mauricio Tavares
On Wed, Mar 2, 2016 at 12:37 PM, Dietrich Streifert
<[hidden email]> wrote:

> Hi Mauricio,
>
> no, there is nothing in the log file. Here is the output for one sending
> attempt:
>
> mail() on [/data/development/phpmail/mail.php:9]: To:
> [hidden email] -- Headers: From: [hidden email]
> Reply-To: [hidden email]  X-Mailer: PHP/5.4.16
> Mar  2 18:27:55 node1 postfix/pickup[8696]: 5B0A235E18A: uid=0 from=<root>
> Mar  2 18:27:55 node1 postsrsd[9043]: srs_forward: <[hidden email]>
> rewritten as <SRS0=HRq4=O6=xxxx.yyyy.de=[hidden email]>
> Mar  2 18:27:55 node1 postfix/cleanup[9039]: 5B0A235E18A:
> message-id=<[hidden email]>
> Mar  2 18:27:55 node1 opendkim[11665]: 5B0A235E18A: DKIM-Signature field
> added (s=default, d=zzzz.de)
> Mar  2 18:27:55 node1 postfix/qmgr[8697]: 5B0A235E18A:
> from=<srs0=hrq4=o6=xxxx.yyyy.de=[hidden email]>, size=449, nrcpt=1 (queue
> active)
> Mar  2 18:27:55 node1 postfix/smtpd[9049]: connect from unknown[127.0.0.1]
> Mar  2 18:27:55 node1 dovecot: auth: Debug: auth client connected (pid=0)
>
      If I am reading the log correctly, right now the log only said
the email went to the queue but has yet to contact googlemail.com to
send the message.

> and mailq says:
>
> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
> 5B0A235E18A*     449 Wed Mar  2 18:27:55
> srs0=hrq4=o6=xxxx.yyyy.de=[hidden email]
> [hidden email]
>
>
>
>
> Am 02.03.2016 um 18:23 schrieb Mauricio Tavares:
>>
>>        Did the log file give you any clue of which step is taking too
>> long to complete?
>>
>>> Regards
>>> Dietrich
>>>
>
Reply | Threaded
Open this post in threaded view
|

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

John Stoffel-2
In reply to this post by level420
>>>>> "Dietrich" == Dietrich Streifert <[hidden email]> writes:

Dietrich> I'm running centos 7.2 with postfix 2.10.1, installed from the standard
Dietrich> centos 7 repo which corresponds to rhel 7.

Dietrich> I'm using php mail to send mails which uses  /usr/sbin/sendmail -t -i to
Dietrich> send the mail.

Dietrich> On my previous server centos 6 using postfix 2.6.6 the mail was
Dietrich> delivered nearly instant to the recipient, whereas on centos 7 with
Dietrich> postfix 2.10.1 the mail gets enqueued for ca. 5 minutes and is then
Dietrich> successfully delivered to the recipient.

Dietrich> I could not find any switch or configuration option within main.cf or
Dietrich> master.cf which made an difference regarding the mail sending delay.

I wonder if sendmail is only delivering the outgoing queue once every
five minutes by default?  Looking in the log file to see when the mail
gets submitted and delivered might give a hint.

John
Reply | Threaded
Open this post in threaded view
|

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

Viktor Dukhovni
In reply to this post by level420
On Wed, Mar 02, 2016 at 06:09:54PM +0100, Dietrich Streifert wrote:

> I'm using php mail to send mails which uses  /usr/sbin/sendmail -t -i to
> send the mail.
>
> On my previous server centos 6 using postfix 2.6.6 the mail was delivered
> nearly instant to the recipient, whereas on centos 7 with postfix 2.10.1 the
> mail gets enqueued for ca. 5 minutes and is then successfully delivered to
> the recipient.

At what stage is the delay?  Post at least one log entry that shows
delivery completion with the "delay=nnn, delays=a/b/c/d" information.

Also post the output of:

   $ ls -ld /var/spool/postfix/public
   $ ls -ld /var/spool/postfix/public/pickup
   $ ls -lL $(postconf -h command_directory)/postdrop

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

level420
Ah OK! This log entries may be helpfull:

135125:Mar  2 18:32:55 node1 postfix/smtp[9047]: 5B0A235E18A: Cannot
start TLS: handshake failure
135131:Mar  2 18:32:55 node1 postfix/cleanup[22956]: 7D9B335E185:
message-id=<[hidden email]>
135133:Mar  2 18:32:55 node1 postfix/smtp[9047]: 5B0A235E18A:
to=<[hidden email]>,
relay=localhost[127.0.0.1]:10024, delay=300, delays=0.06/0.01/300/0.08,
dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7D9B335E185)
135135:Mar  2 18:32:55 node1 postfix/qmgr[8697]: 5B0A235E18A: removed

Is this all due to some stage trying to talk to smtp via TLS but fails?


Am 02.03.2016 um 20:14 schrieb Viktor Dukhovni:

> On Wed, Mar 02, 2016 at 06:09:54PM +0100, Dietrich Streifert wrote:
>
>> I'm using php mail to send mails which uses  /usr/sbin/sendmail -t -i to
>> send the mail.
>>
>> On my previous server centos 6 using postfix 2.6.6 the mail was delivered
>> nearly instant to the recipient, whereas on centos 7 with postfix 2.10.1 the
>> mail gets enqueued for ca. 5 minutes and is then successfully delivered to
>> the recipient.
> At what stage is the delay?  Post at least one log entry that shows
> delivery completion with the "delay=nnn, delays=a/b/c/d" information.
>
> Also post the output of:
>
>     $ ls -ld /var/spool/postfix/public
>     $ ls -ld /var/spool/postfix/public/pickup
>     $ ls -lL $(postconf -h command_directory)/postdrop
>

Reply | Threaded
Open this post in threaded view
|

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

Viktor Dukhovni
On Wed, Mar 02, 2016 at 10:01:35PM +0100, Dietrich Streifert wrote:

> Ah OK! This log entries may be helpfull:
>
> 135125:Mar  2 18:32:55 node1 postfix/smtp[9047]: 5B0A235E18A: Cannot start
> TLS: handshake failure
> 135131:Mar  2 18:32:55 node1 postfix/cleanup[22956]: 7D9B335E185:
> message-id=<[hidden email]>
> 135133:Mar  2 18:32:55 node1 postfix/smtp[9047]: 5B0A235E18A:
> to=<[hidden email]>, relay=localhost[127.0.0.1]:10024,
> delay=300, delays=0.06/0.01/300/0.08, dsn=2.0.0, status=sent (250 2.0.0 Ok:
> queued as 7D9B335E185)
> 135135:Mar  2 18:32:55 node1 postfix/qmgr[8697]: 5B0A235E18A: removed
>
> Is this all due to some stage trying to talk to smtp via TLS but fails?
Yes, the message is deferred when the TLS handshake fails.  Later
it is retried and either TLS succeeds, or fallback to cleartext
happens.  THere are probably more messages in the log about the
TLS failures.  Perhaps your firewall is blocking TLS, but there no
information to work with in what you've posted so far.

Try ("collate" script attached):

    # logfile=/var/log/mail.log # or whatever
    # perl collate "${logfile}" |
        perl -ne 'BEGIN {$/="\n\n"} print if m{5B0A235E18A}'

--
        Viktor.

collate (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

level420
Hi Viktor,

thank you for the script I will run it asap on the server.

Meanwhile I think the problem is the following:

I'm running a smtp_proxy_filter on localhost:10024 as described in
http://postfix.cs.utah.edu/SMTPD_PROXY_README.html

smtp      inet  n       -       n       -       -       smtpd
         -o smtpd_proxy_filter=localhost:10024
         -o smtpd_proxy_options=speed_adjust
         -o smtp_send_xforward_command=yes

and it seems that smtp is trying to initiate a tls handshake with this
proxy which does not support tls, leading to the timeout of 300s. Is
there an option to prevent the attempt to initiate a tls

I've set in main.cf:

smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_security_level = may
smtp_tls_loglevel = 3
smtpd_tls_loglevel = 3

and here is the log:

mail() on [/data/development/phpmail/mail.php:9]: To:
[hidden email] -- Headers: From: [hidden email]  
Reply-To: [hidden email]  X-Mailer: PHP/5.4.16
Mar  3 09:26:47 node1 postfix/pickup[20765]: 5392C35E3D9: uid=0 from=<root>
Mar  3 09:26:47 node1 postsrsd[29345]: srs_forward: <[hidden email]>
rewritten as <SRS0=ePVJ=O7=xxxx.yyyy.de=[hidden email]>
Mar  3 09:26:47 node1 postfix/cleanup[29344]: 5392C35E3D9:
message-id=<[hidden email]>
Mar  3 09:26:47 node1 opendkim[11665]: 5392C35E3D9: DKIM-Signature field
added (s=default, d=zzzz.de)
Mar  3 09:26:47 node1 postfix/qmgr[20766]: 5392C35E3D9:
from=<srs0=epvj=o7=xxxx.yyyy.de=[hidden email]>, size=449, nrcpt=1 (queue
active)
Mar  3 09:26:47 node1 postfix/smtp[29350]: initializing the client-side
TLS engine
Mar  3 09:26:47 node1 postfix/smtpd[29351]: initializing the server-side
TLS engine
Mar  3 09:26:47 node1 postfix/smtpd[29351]: connect from unknown[127.0.0.1]
Mar  3 09:26:47 node1 dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Mar  3 09:26:47 node1 dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_mysql.so
Mar  3 09:26:47 node1 dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Mar  3 09:26:47 node1 dovecot: auth: Debug: Read auth token secret from
/var/run/dovecot/auth-token-secret.dat
Mar  3 09:26:47 node1 dovecot: auth: Debug: passwd-file
/etc/dovecot/master-users: Read 1 users in 0 secs
Mar  3 09:26:47 node1 dovecot: auth: Debug: auth client connected (pid=0)
Mar  3 09:26:47 node1 postfix/smtpd[29351]: setting up TLS connection
from unknown[127.0.0.1]
Mar  3 09:26:47 node1 postfix/smtp[29350]: setting up TLS connection to
localhost[127.0.0.1]:10024
Mar  3 09:26:47 node1 postfix/smtpd[29351]: unknown[127.0.0.1]: TLS
cipher list
"aNULL:-aNULL:ALL:+RC4:@STRENGTH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CDC3-SHA:!KRB5-DE5:!CBC3-SHA"
Mar  3 09:26:47 node1 postfix/smtp[29350]: localhost[127.0.0.1]:10024:
TLS cipher list "aNULL:-aNULL:ALL:+RC4:@STRENGTH"
Mar  3 09:26:47 node1 postfix/smtp[29350]: looking for session
smtp-proxy:127.0.0.1:10024:xxxx.yyyy.de&p=1&c=aNULL:-aNULL:ALL:+RC4:@STRENGTH&l=268439647
in smtp cache
Mar  3 09:26:47 node1 postfix/tlsmgr[21697]: lookup smtp session
id=smtp-proxy:127.0.0.1:10024:xxxx.yyyy.de&p=1&c=aNULL:-aNULL:ALL:+RC4:@STRENGTH&l=268439647
Mar  3 09:26:47 node1 postfix/smtpd[29351]: SSL_accept:before/accept
initialization
Mar  3 09:26:47 node1 postfix/smtpd[29351]: read from 7F9653755DD0
[7F965375B3B0] (11 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Mar  3 09:26:47 node1 postfix/smtp[29350]: SSL_connect:before/connect
initialization
Mar  3 09:26:47 node1 postfix/smtp[29350]: write to 7FAD076983A0
[7FAD07699B70] (299 bytes => 299 (0x12B))
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0000 16 03 01 01 26 01 00
01|22 03 03 56 d7 f5 47 a8  ....&... "..V..G.
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0010 db 3c f0 af 6b f0 4c
3d|07 58 36 71 f7 52 fb a5  .<..k.L= .X6q.R..
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0020 71 ba 43 a9 81 85 87
62|cf b0 e1 00 00 b8 c0 19  q.C....b ........
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0030 00 a7 00 6d 00 3a 00
89|c0 30 c0 2c c0 28 c0 24  ...m.:.. .0.,.(.$
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0040 c0 14 c0 0a 00 a3 00
9f|00 6b 00 6a 00 39 00 38  ........ .k.j.9.8
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0050 00 88 00 87 c0 32 c0
2e|c0 2a c0 26 c0 0f c0 05  .....2.. .*.&....
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0060 00 9d 00 3d 00 35 00
84|c0 18 00 a6 00 6c 00 34  ...=.5.. .....l.4
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0070 c0 17 00 9b 00 46 00
1b|c0 2f c0 2b c0 27 c0 23  .....F.. ./.+.'.#
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0080 c0 13 c0 09 00 a2 00
9e|00 67 00 40 00 33 00 32  ........ .g.@.3.2
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0090 c0 12 c0 08 00 9a 00
99|00 45 00 44 00 16 00 13  ........ .E.D....
Mar  3 09:26:47 node1 postfix/smtp[29350]: 00a0 c0 31 c0 2d c0 29 c0
25|c0 0e c0 04 c0 0d c0 03  .1.-.).% ........
Mar  3 09:26:47 node1 postfix/smtp[29350]: 00b0 00 9c 00 3c 00 2f 00
96|00 41 00 0a 00 07 c0 16  ...<./.. .A......
Mar  3 09:26:47 node1 postfix/smtp[29350]: 00c0 00 18 c0 11 c0 07 c0
0c|c0 02 00 05 00 04 00 1a  ........ ........
Mar  3 09:26:47 node1 postfix/smtp[29350]: 00d0 00 15 00 12 00 09 00
19|00 14 00 11 00 08 00 06  ........ ........
Mar  3 09:26:47 node1 postfix/smtp[29350]: 00e0 00 17 00 03 00 ff 01
00|00 41 00 0b 00 04 03 00  ........ .A......
Mar  3 09:26:47 node1 postfix/smtp[29350]: 00f0 01 02 00 0a 00 08 00
06|00 19 00 18 00 17 00 23  ........ .......#
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0100 00 00 00 0d 00 20 00
1e|06 01 06 02 06 03 05 01  ..... .. ........
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0110 05 02 05 03 04 01 04
02|04 03 03 01 03 02 03 03  ........ ........
Mar  3 09:26:47 node1 postfix/smtp[29350]: 0120 02 01 02 02 02 03 00
0f|00 01 01                 ........ ...
Mar  3 09:26:47 node1 postfix/smtp[29350]: SSL_connect:SSLv2/v3 write
client hello A
Mar  3 09:26:47 node1 postfix/smtp[29350]: read from 7FAD076983A0
[7FAD0769F0D0] (7 bytes => -1 (0xFFFFFFFFFFFFFFFF))



Am 02.03.2016 um 22:10 schrieb Viktor Dukhovni:

> Yes, the message is deferred when the TLS handshake fails.  Later
> it is retried and either TLS succeeds, or fallback to cleartext
> happens.  THere are probably more messages in the log about the
> TLS failures.  Perhaps your firewall is blocking TLS, but there no
> information to work with in what you've posted so far.
>
> Try ("collate" script attached):
>
>      # logfile=/var/log/mail.log # or whatever
>      # perl collate "${logfile}" |
> perl -ne 'BEGIN {$/="\n\n"} print if m{5B0A235E18A}'
>

Reply | Threaded
Open this post in threaded view
|

SOLVED: Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

level420
And here is the solution:

I had to explicitely tell the smtp proxy to NOT use tls by specifying

         -o smtpd_use_tls=no
         -o smtp_use_tls=no
         -o smtpd_tls_security_level=none
         -o smtp_tls_security_level=none

where it seems that simply setting smtpd_use_tls and smtp_use_tls to no
was not enough! The additional smtp_tls_security_level set to "none" was
also necessary

Thank you for your patience and help!

Regards
Dietrich

Reply | Threaded
Open this post in threaded view
|

Re: SOLVED: Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

Christian Kivalo
On 2016-03-03 11:31, Dietrich Streifert wrote:

> And here is the solution:
>
> I had to explicitely tell the smtp proxy to NOT use tls by specifying
>
>         -o smtpd_use_tls=no
>         -o smtp_use_tls=no
>         -o smtpd_tls_security_level=none
>         -o smtp_tls_security_level=none
>
> where it seems that simply setting smtpd_use_tls and smtp_use_tls to
> no was not enough! The additional smtp_tls_security_level set to
> "none" was also necessary

The options smtpd/smtp_use_tls are obsolete and
smtpd/smtp_tls_security_level should be used instead. You can remove the
smtpd/smtp_use_tls option from both main.cf and master.cf and it should
be good

Take a look at the documentation
 From http://www.postfix.org/postconf.5.html#smtp_tls_security_level
- smtp_tls_security_level
The default SMTP TLS security level for the Postfix SMTP client; when a
non-empty value is specified, this overrides the obsolete parameters
smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
-

 From http://www.postfix.org/postconf.5.html#smtpd_tls_security_level
- smtpd_tls_security_level
The SMTP TLS security level for the Postfix SMTP server; when a
non-empty value is specified, this overrides the obsolete parameters
smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with
"smtpd_tls_wrappermode = yes".
-

> Thank you for your patience and help!
>
> Regards
> Dietrich

--
  Christian Kivalo
Reply | Threaded
Open this post in threaded view
|

Re: SOLVED: Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

level420
Thank you Christian for clarifying this.

It seems that the obsoleted parameters survived somehow several
migrations since ancient times

Regards
Dietrich

Am 03.03.2016 um 12:01 schrieb Christian Kivalo:

> On 2016-03-03 11:31, Dietrich Streifert wrote:
>> And here is the solution:
>>
>> I had to explicitely tell the smtp proxy to NOT use tls by specifying
>>
>>         -o smtpd_use_tls=no
>>         -o smtp_use_tls=no
>>         -o smtpd_tls_security_level=none
>>         -o smtp_tls_security_level=none
>>
>> where it seems that simply setting smtpd_use_tls and smtp_use_tls to
>> no was not enough! The additional smtp_tls_security_level set to
>> "none" was also necessary
>
> The options smtpd/smtp_use_tls are obsolete and
> smtpd/smtp_tls_security_level should be used instead. You can remove
> the smtpd/smtp_use_tls option from both main.cf and master.cf and it
> should be good
>
> Take a look at the documentation
> From http://www.postfix.org/postconf.5.html#smtp_tls_security_level
> - smtp_tls_security_level
> The default SMTP TLS security level for the Postfix SMTP client; when
> a non-empty value is specified, this overrides the obsolete parameters
> smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
> -
>
> From http://www.postfix.org/postconf.5.html#smtpd_tls_security_level
> - smtpd_tls_security_level
> The SMTP TLS security level for the Postfix SMTP server; when a
> non-empty value is specified, this overrides the obsolete parameters
> smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with
> "smtpd_tls_wrappermode = yes".
> -
>
>> Thank you for your patience and help!
>>
>> Regards
>> Dietrich
>

Reply | Threaded
Open this post in threaded view
|

Re: SOLVED: Re: mail sent via sendmail is queued and delayed for approx. 300 seconds

Viktor Dukhovni
In reply to this post by level420
On Thu, Mar 03, 2016 at 11:31:50AM +0100, Dietrich Streifert wrote:

> And here is the solution:
>
> I had to explicitely tell the smtp proxy to NOT use tls by specifying
>
>         -o smtpd_use_tls=no
>         -o smtp_use_tls=no
>         -o smtpd_tls_security_level=none
>         -o smtp_tls_security_level=none

You're much confused about this being a "proxy" issue.  There is
no TLS-client code in the Postfix SMTP server, therefore with
smtpd_proxy_filter TLS is never used.  TLS is used with content_filters,
you must have a content_filter transport that send email through
a transparent proxy.  The place to disable TLS is in the pre-filter
smtp transport and/or the re-inject SMTP server.  You did the
latter, but the reason this solves the problem is unrelated to
smtpd_proxy_filter.

On Thu, Mar 03, 2016 at 09:41:07AM +0100, Dietrich Streifert wrote:

> I'm running a smtp_proxy_filter on localhost:10024 as described in
> http://postfix.cs.utah.edu/SMTPD_PROXY_README.html
>
> smtp      inet  n       -       n       -       -       smtpd
>         -o smtpd_proxy_filter=localhost:10024
>         -o smtpd_proxy_options=speed_adjust
>         -o smtp_send_xforward_command=yes

This will never use TLS.  You must have a content_filter in place.

> smtp_tls_loglevel = 3
> smtpd_tls_loglevel = 3

This level of logging just obscures what's important with low-level
noise, revert back to "1".

> rewritten as <SRS0=ePVJ=O7=xxxx.yyyy.de=[hidden email]>
> Mar  3 09:26:47 node1 postfix/cleanup[29344]: 5392C35E3D9:
> message-id=<[hidden email]>
> Mar  3 09:26:47 node1 opendkim[11665]: 5392C35E3D9: DKIM-Signature field
> added (s=default, d=zzzz.de)
> Mar  3 09:26:47 node1 postfix/qmgr[20766]: 5392C35E3D9:
> from=<srs0=epvj=o7=xxxx.yyyy.de=[hidden email]>, size=449, nrcpt=1 (queue
> active)

Messages enter the queue *after* processing via smtpd_proxy_filter,
not before.

> Mar  3 09:26:47 node1 postfix/smtp[29350]: initializing the client-side TLS
> Mar  3 09:26:47 node1 postfix/smtp[29350]: setting up TLS connection to
> localhost[127.0.0.1]:10024

This is an TLS client connection from the smtp(8) SMTP client, not
the smtpd(8) SMTP server, you must have a content_filter defined or
a "FILTER" direction in some access(5) file.

--
        Viktor.