Pre-queue content-filter connection overload

Ever since updating my gateway to Fedora 7, I’ve been getting messages like this in my daily Logwatch:

84   *Warning: Pre-queue content-filter connection overload

Worrying that I might be losing mail, I looked at the logwatch script for postfix in /usr/share/logwatch/scripts/services/postfix, and discovered that this message refers to lost connections from clients whose IP addresses are unknown – in other words, entries in the postfix log that look like this:

Aug 24 19:44:17 gateway postfix/smtpd[29089]: lost connection after CONNECT from unknown[unknown]

This happens when postfix doesn’t know the IP address of the client, probably because the client is “disconnecting” before the connection to postfix is properly established.

Advertisements
This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

7 Responses to Pre-queue content-filter connection overload

  1. Chris says:

    In main.cf you have a section called smtpd_client_restrictions the setting in there called reject_unknown_client causes clients without reverse DNS to be rejected. This is likely to be the cause of what your seeing. If so, I’d call it a bug in logwatch 😉

    Hope that helps!

  2. richardfearn says:

    Chris – postconf smtpd_client_restrictions shows that setting is empty, i.e. there aren’t any restrictions.

    It’s nothing to do with reverse DNS – there isn’t any IP address to do a RDNS lookup!

  3. Chris says:

    Good point 😉

    In that case the kernal has done away with the connection from the queue before smtpd handled the connection. (i.e. It lost the connection before handing the connection from the queue to smtpd for the welcome banner Etc).
    in master.cf if you have some spare memory turn up the number of smtpd processes allowed and also think about changing smtpd_timeout to something lower than the 5m default. Many suggest 45s, I run mine at 10s without issue on a fat pipe.

  4. MrC says:

    I’ve since changed the diagnostic in postfix-logwatch. See:

    http://www.mikecappella.com/logwatch/faq.html#connectionoverload

    MrC

  5. Steve Rowe says:

    the previous link is now dead – anyone get the jist of what the changes to logwatch config where??

  6. developiu says:

    I just found your post: it avoided me a long debug to my server. thanks

  7. Terre says:

    For anyone else who ended up here, I found postfix-logwatch and amavis-logwatch on SourceForge:
    http://logreporters.sourceforge.net/
    https://sourceforge.net/projects/logreporters/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s