7 Replies Latest reply: May 3, 2012 9:24 AM by s.mann
s.mann Level 1 Level 1 (0 points)

Hi Folks,

 

we got a Mac OSX Lion server running and we use it as our mailserver. We got also a Jira server running on another physical machine. Now we got the problem, when in our Jira many tickets are edited and the Jira try to send all the notifaction mails, we get exceptions in out Jira:

 

com.atlassian.mail.MailException: javax.mail.AuthenticationFailedException:

    at com.atlassian.mail.server.impl.SMTPMailServerImpl.send(SMTPMailServerImpl.java: 183)

    at com.atlassian.mail.queue.SingleMailQueueItem.send(SingleMailQueueItem.java:38)

    at com.atlassian.mail.queue.MailQueueImpl.sendBuffer(MailQueueImpl.java:66)

    at com.atlassian.jira.service.services.mail.MailQueueService.run(MailQueueService. java:23)

    at com.atlassian.jira.service.JiraServiceContainerImpl.run(JiraServiceContainerImp l.java:60)

    at com.atlassian.jira.service.ServiceRunner.execute(ServiceRunner.java:47)

    at org.quartz.core.JobRunShell.run(JobRunShell.java:195)

    at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run( MultiTenantThreadPool.java:72)

    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

Caused by: javax.mail.AuthenticationFailedException:

    at com.sun.mail.smtp.SMTPTransport$Authenticator.authenticate(SMTPTransport.java:8 09)

    at com.sun.mail.smtp.SMTPTransport.authenticate(SMTPTransport.java:752)

    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:669)

    at javax.mail.Service.connect(Service.java:317)

    at javax.mail.Service.connect(Service.java:176)

    at javax.mail.Service.connect(Service.java:125)

    at com.atlassian.mail.server.impl.SMTPMailServerImpl.send(SMTPMailServerImpl.java: 154)

    ... 8 more

 

and on the mac server i see this in the logfiles:

 

May  2 15:56:28 groupware postfix/smtpd[16551]: connect from jira.domain.com[xx.xx.xx.xx]

May  2 15:56:28 groupware postfix/pipe[16555]: A7BD2D8CAA2: to=<user@domain.com>, relay=dovecot, delay=0.03, delays=0.01/0/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)

May  2 15:56:28 groupware postfix/qmgr[15654]: A7BD2D8CAA2: removed

May  2 15:56:37 groupware postfix/anvil[15829]: statistics: max connection rate 10/60s for (smtpd:xx.xx.xx.xx) at May  2 15:56:28

May  2 15:56:37 groupware postfix/anvil[15829]: statistics: max connection count 1 for (submission:xx.xx.xx.xx) at May  2 15:47:00

May  2 15:56:37 groupware postfix/anvil[15829]: statistics: max cache size 4 at May  2 15:52:21

May  2 15:56:38 groupware postfix/smtpd[16551]: lost connection after AUTH from jira.domain.com[xx.xx.xx.xx]

May  2 15:56:38 groupware postfix/smtpd[16551]: disconnect from jira.domain.com[xx.xx.xx.xx]

May  2 15:56:38 groupware postfix/postscreen[16543]: CONNECT from [xx.xx.xx.xx]:54780

May  2 15:56:38 groupware postfix/postscreen[16543]: PASS OLD [xx.xx.xx.xx]:54780

May  2 15:56:38 groupware postfix/smtpd[16551]: connect from jira.domain.com[xx.xx.xx.xx]

May  2 15:56:48 groupware postfix/smtpd[16551]: lost connection after AUTH from jira.domain.com[xx.xx.xx.xx]

May  2 15:56:48 groupware postfix/smtpd[16551]: disconnect from jira.domain.com[xx.xx.xx.xx]

 

Is the mail server blocking the jira server because the jira server tries to send to many mails at once? Or what can be the problem? The mails arrive all, but later and sometimes it took 1.5 hours until the notification mails arrives. If in the Jira are only 3 or 4 tickets edited, all works well.

Please let me know if you need additional information about our setup or something like this 


Mac Pro, Mac OS X (10.7.3)
  • 1. Re: lost connection after AUTH from server.domain.com[xx.xx.xx.xx]
    Camelot Level 8 Level 8 (45,790 points)

    You're certainly getting rate-limited. You can see this from the logs:

     

    May  2 15:56:37 groupware postfix/anvil[15829]: statistics: max connection rate 10/60s for (smtpd:xx.xx.xx.xx) at May  2 15:56:28

     

    Anvil is postfix's connection/rate limiting process, and you can see it's set to limit any client to a maximum of 10 connections in any 60 second period.

     

    You have several potential solutions to this. Ultimately your best bet is to setup a specific port on your server (i.e. not port 25) that isn't subject to the rate limiting, then configure your Jira server to submit mail through that port rather than the standard 25/587.

     

    To do this requires getting under the hood of Postfix, though - it's not something that Server Admin/Server.app can do for you.

  • 2. Re: lost connection after AUTH from server.domain.com[xx.xx.xx.xx]
    s.mann Level 1 Level 1 (0 points)

    Camelot!! Thx.. this answer is exactly what i expected. The solutions sounds ok for me and we know how to look under the hood of the server stuff

    But if i can't figure it out i hope i can ping you again?

    We already tried to increase the 'smtpd_soft_error_limit' but it didn't solved the problem. Thx for your reply so far, i will try this..

  • 3. Re: lost connection after AUTH from server.domain.com[xx.xx.xx.xx]
    Camelot Level 8 Level 8 (45,790 points)

    smtpd_soft_error_limit has nothing to do with client rate liming - it's how many times postfix will re-try to send an email that has a transient error - such as the remote server not responding (as opposed to a 'hard error' such as a 'no such user' error - i.e. soft errors are ones that might not happen again next time, whereas a hard error is going to definite.

     

    The settings you're looking for are

     

       -o smtpd_client_connection_count_limit=0

       -o smtpd_client_connection_rate_limit=0

     

    since these directly relate to client connections. Naturally you don't want to do this on your public-facing ports since you open yourself up to attack.

  • 4. Re: lost connection after AUTH from server.domain.com[xx.xx.xx.xx]
    pyroworx Level 1 Level 1 (0 points)

    Camelot wrote:

    ...

    You have several potential solutions to this....

    is it possible to solve this problem with this setting?

     

         -o smtpd_client_event_limit_exceptions = $mynetworks, <jira-server-address>

  • 5. Re: lost connection after AUTH from server.domain.com[xx.xx.xx.xx]
    Camelot Level 8 Level 8 (45,790 points)

    Pyro,

     

    is it possible to solve this problem with this setting?

     

         -o smtpd_client_event_limit_exceptions = $mynetworks, <jira-server-address>

     

    Probaby - like I said, there are many potential solutions and that one should work just as well.

    Personally, though, I prefer not to futz with the standard port 25 configurations, but without knowing the network setup it's hard to know which is 'best'. This option might be better if the jira server is coming over the WAN since my earlier suggestion could expose the server to unwanted traffic. A lot depends on the network topology.

  • 6. Re: lost connection after AUTH from server.domain.com[xx.xx.xx.xx]
    pyroworx Level 1 Level 1 (0 points)

    Hello Camelot,

    thanks for your quick response. Not to 'futz' with the port 25 settings really make sense. 

  • 7. Re: lost connection after AUTH from server.domain.com[xx.xx.xx.xx]
    s.mann Level 1 Level 1 (0 points)

    Hi Camelot,

     

    the issue is solved now. It was a to low timeout in our Jira server. But thanks for your help, it pushed me in the right direction.

     

    Sirko