Ever since updating my gateway to Fedora 7, I’ve been getting messages like this in my daily Logwatch:
84 *Warning: Pre-queue content-filter connection overload
Worrying that I might be losing mail, I looked at the logwatch script for postfix in /usr/share/logwatch/scripts/services/postfix
, and discovered that this message refers to lost connections from clients whose IP addresses are unknown – in other words, entries in the postfix log that look like this:
Aug 24 19:44:17 gateway postfix/smtpd[29089]: lost connection after CONNECT from unknown[unknown]
This happens when postfix doesn’t know the IP address of the client, probably because the client is “disconnecting” before the connection to postfix is properly established.
In main.cf you have a section called smtpd_client_restrictions the setting in there called reject_unknown_client causes clients without reverse DNS to be rejected. This is likely to be the cause of what your seeing. If so, I’d call it a bug in logwatch đŸ˜‰
Hope that helps!
Chris –
postconf smtpd_client_restrictions
shows that setting is empty, i.e. there aren’t any restrictions.It’s nothing to do with reverse DNS – there isn’t any IP address to do a RDNS lookup!
Good point đŸ˜‰
In that case the kernal has done away with the connection from the queue before smtpd handled the connection. (i.e. It lost the connection before handing the connection from the queue to smtpd for the welcome banner Etc).
in master.cf if you have some spare memory turn up the number of smtpd processes allowed and also think about changing smtpd_timeout to something lower than the 5m default. Many suggest 45s, I run mine at 10s without issue on a fat pipe.
I’ve since changed the diagnostic in postfix-logwatch. See:
http://www.mikecappella.com/logwatch/faq.html#connectionoverload
MrC
the previous link is now dead – anyone get the jist of what the changes to logwatch config where??
I just found your post: it avoided me a long debug to my server. thanks
For anyone else who ended up here, I found postfix-logwatch and amavis-logwatch on SourceForge:
http://logreporters.sourceforge.net/
https://sourceforge.net/projects/logreporters/