How to investigate timeouts? (Try #2)

Stijn Jonker SJCJonker at SJC.NL
Mon Jul 18 21:59:06 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello Jody (And now with the list included),

On 18-Jul-2005 22:38, Jody Cleveland wrote:
>>If it's SpamAssassin timeout, may be looking at whether there 
>>is bayes expiry issue.
> 
> 
> I did a search in maillog for 'timeout' and came up with quite a few
> like this:

Looking at the DNS and your story, aren't you talking about MX preferences?

[sjonker at hn00srv01:~]$ dig mx winnefox.org

; <<>> DiG 9.2.4 <<>> mx winnefox.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15896
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 5

;; QUESTION SECTION:
;winnefox.org.                  IN      MX

;; ANSWER SECTION:
winnefox.org.           14400   IN      MX      10 mail.winnefox.org.
winnefox.org.           14400   IN      MX      15 mailman.winnefox.org.
winnefox.org.           14400   IN      MX      20 mystique.winnefox.org.

It also looks to me you are running a pix firewall, with iirc
application "fixup"

[maint at hn00sia01:~]$ telnet mailman.winnefox.org. 25
Trying 199.242.176.200...
Connected to mailman.winnefox.org..
Escape character is '^]'.
220 **********************************
helo sjc.nl
250 destiny.winnefox.org
^]
telnet> quit
Connection closed.
[maint at hn00sia01:~]$ telnet mystique.winnefox.org. 25
Trying 199.242.176.168...
Connected to mystique.winnefox.org..
Escape character is '^]'.
220 ***********************************
helo sjc.nl
250 mystique.winnefox.org
^]
telnet> quit
Connection closed.

For me mail.winnefix.org doesn't connect at all, this could be something
in the firewall (pix?).

It doesn't look like you are hunting for a mailscanner issue, but a
mailer and/or generic configuration issue.

Also a lot of spammers have a prefference for the Mailserver with the
highest MX value.

WARNING: The below solution might not work in your situation, examine
and understand in detail before puting below solution in action! (On
your own risk off course.. ;-))

To accomplish a beter solution, and from the looks (and your logs) it is
looking like a postfix mailer, what about the following setup:

winnefox.org in mx 10 destiny.winnefox.org
winnefox.org in mx 10 mystique.winnefox.org

So both share the load. Then with the transport map, add something in
the lines of the below statements to main.cf:
transport_maps = hash:/etc/postfix/automaps/transport

And in the transport file:
winnefox.org		:[199.242.176.171]
.winnefox.org		:[199.242.176.171]

Then run:
postmap /etc/postfix/transport
postfix reload

This way destiny & mystique share the load, mail.winnefox.org can be
removed from the mx list and if you run internal and external dns, not
being advertised in the external DNS at all.

*BUT* the above recommendation is based on some assumptions and should
be verified in DETAIL before being put in production. A hint, setting:
soft_bounce = yes during testing in postfix's main.cf might save some
bounces, but don't forget to put it back to no.

In short: Try at your own risk!

-- 
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker at sjc.nl>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list