Where is the bottleneck?
credits go to Victor Duchovni et al.
- Make sure your syslogd is logging asynchronously. In syslog.conf, change:
- If you don't have enough smtpd throughput you will find
all the smtpd processes in use.
- If you are using high or variable latency IPC maps such as LDAP,
you may find that Postfix cannot achieve the maximum configured
smtpd or cleanup concurrency due to high map service
connection latency. With LDAP try ldapsource_bind = no.
- If you are able to accept incoming mail quickly, but the queue manager
is not able to keep up with the growth rate of the incoming queue, you
will find a lot of mail in incoming/.
Consider using Postfix-1.1.X with an in_flow_delay larger
than zero increased until the queue manager is able to keep up. The
queue manager latency can go up either due to competition for scarce
I/O cycles (in_flow_delay will help in this
case), or because of slow maps (in_flow_delay may not help in this
case: dump the slow maps).
- If the queue manager is keeping up, but the output rate is below the
input rate you will see a growing active/ queue.
Figure out which transport or destination is dominating the active
queue. Arrange for a higher concurrency or lower latency in
deliveries to the destination in question. Look at the number of
processes for each delivery agent, are any maxed out?
Tuning for higher throughput
Which sub-queue maildrop, incoming, active or deferred is affected?
If your machine relays a high volume of inbound mail arrange to have a
separate transport (say "relay") for the domains that are forwarded
inbound . Set a high relay_destination_concurrency_limit (say 50).
The master.cf entry for "relay" should have -o smtp_connect_timeout=$relay_connect_timeout (no
spaces around the = sign!) Then set relay_connect_timeout in main.cf
to "5s" or "1s".
- If it's "maildrop" make sure the pickup service is running. Better get that
high-volume mail injector to use "SMTP" rather than command-line
- If "incoming", make your version of Postfix is 1.1.11 and
in_flow_delay is not zero. Also make sure that your queue manager is not being
restarted to often through overly frequent changes to virtual_maps or
- If "active" is full, make sure you have enough "smtp" processes
allocated in master.cf. Either raise the limit there from the default "50" to
100 or 200 or 500, or set default_process_limit to also enable more "smtpd"
processes. Also set smtp_connect_timeout = 30s without it mail destined
to unreachable sites can clog up output processing.
- If the saturation is in the "deferred" queue, stop all those invalid
domains from coming into your system, enable some RBL lists, use
reject_unknown_sender_domain, look at the log and block the hosts
submitting the highest volume of SPAM.
If you are doing content filtering for viruses via an SMTP based
content filter (the second alternative in FILTER_README) make sure the
sending transport (again clone "smtp" in master.cf and call it "filter",
"scan" or "vscan") is configured with -o disable_dns_lookups=yes, this
is described in FILTER_README.
disable_dns_lookups=yes also helps, when you're sending all
mail to a fixed destination anyway, regardless of MX Records (e.g.
when using relayhost=...
© by Ralf Hildebrandt
This document contains links to external information sources that I do
neither monitor nor control. I explicitly disclaim any liabilities in
respect to external references.
You are getting this document without any guarantees. Any methods
shown above are meant as demonstration and may be wrong in some place.
You may damage your system if you try to follow my hints and
instructions. You do this at your own risk!
This file was last modified 24. Apr 2008 by root