smtpd_policy_service_timeout question

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

smtpd_policy_service_timeout question

Scott Kitterman-4
If Postfix smtpd is waiting for a response to an in progress request and the
smtpd_policy_service_timeout is reached, does Postfix keep the pipe open until
that request completes or does it close it right away?

Is it sufficient to set it to slightly higher than the maximum time the policy
service is supposed to run for a single request are should it be substantially
higher than that?

Scott K


Reply | Threaded
Open this post in threaded view
|

Re: smtpd_policy_service_timeout question

Wietse Venema
Scott Kitterman:
> If Postfix smtpd is waiting for a response to an in progress request

An SMTP client request or policy request?

> and the smtpd_policy_service_timeout is reached, does Postfix keep
> the pipe open until that request completes or does it close it
> right away?

smtpd_policy_service_timeout is the limit for connecting to, writing
to, or receiving from a policy server.

- If this expires while the Postfix SMTP server is waiting for an
SMTP client request, nothing happens.

- If this expires while writing to, or receiving from a policy
server, the Postfix SMTP server will disconnect from the policy
server, and new connection, and retry the policy request.

> Is it sufficient to set it to slightly higher than the maximum
> time the policy service is supposed to run for a single request
> are should it be substantially higher than that?

I would not recommend to set timeouts just a little higher than
needed. If, not when, some system becomes overloaded, having 'tight'
timeouts will just make things worse.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_policy_service_timeout question

Scott Kitterman-4
On Sunday, December 29, 2019 9:01:12 AM EST Wietse Venema wrote:
> Scott Kitterman:
> > If Postfix smtpd is waiting for a response to an in progress request
>
> An SMTP client request or policy request?

Policy request.

> > and the smtpd_policy_service_timeout is reached, does Postfix keep
> > the pipe open until that request completes or does it close it
> > right away?
>
> smtpd_policy_service_timeout is the limit for connecting to, writing
> to, or receiving from a policy server.
>
> - If this expires while the Postfix SMTP server is waiting for an
> SMTP client request, nothing happens.
>
> - If this expires while writing to, or receiving from a policy
> server, the Postfix SMTP server will disconnect from the policy
> server, and new connection, and retry the policy request.
>
> > Is it sufficient to set it to slightly higher than the maximum
> > time the policy service is supposed to run for a single request
> > are should it be substantially higher than that?
>
> I would not recommend to set timeouts just a little higher than
> needed. If, not when, some system becomes overloaded, having 'tight'
> timeouts will just make things worse.
>
> Wietse

For the policy server in question, the 100s default should be more than 2x the
maximum time the policy request can take, even if DNS is very slow, but there
are configuration options users might select that could make it a much closer
thing.  That clarifies it for me enough that I believe I can get my
documentation correct.

Thanks,

Scott K


Reply | Threaded
Open this post in threaded view
|

Re: smtpd_policy_service_timeout question

Bastian Blank-3
Hi Scott

On Sun, Dec 29, 2019 at 10:04:39AM -0500, Scott Kitterman wrote:
> For the policy server in question, the 100s default should be more than 2x the
> maximum time the policy request can take, even if DNS is very slow,

The policy service is supposed to do proper timeouts for everything it
requests.

The timeouts in Postfix should be considered as last-resort, for when the
policy service itself broke.

Bastian

--
Another dream that failed.  There's nothing sadder.
                -- Kirk, "This side of Paradise", stardate 3417.3