Speed? or DNS?

Question

Speed? or DNS?

I am able to send to my mail server from an outside source, but it takes forever for me to get my message, usually a little longer than one minute.

I also can not send to a few different domains. I am getting bouncebacks. My bounce back message is this :

550 5.7.1 Message content rejected, UBE, id=06757-10 (in reply to end of DATA command))

So when I go to dnsstuff.com and run a domain report, my mail server fails everytime. This just started happening this morning. It says that it timesout waiting for the mail server to respond and it's last command sent was RCPT TO:

How do I trouble shoot this?

Thanks.

2 x 2 GHz Dual-Core Intel Xeon Xserve, Mac OS X (10.4.8), 4 GB 667 MHz DDR2 FB-DIMM

Posted on Jan 12, 2007 9:58 AM

Reply

Answer 1

pterobyte

Level 6

11,104 points

Jan 12, 2007 10:29 AM in response to Simeon Miller1

Can you please post the unmodified output of postconf -n

Reply

Answer 2

Jan 12, 2007 10:36 AM in response to pterobyte

always_bcc = postmastermail@domain.com
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
disable vrfycommand = yes
enable serveroptions = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps rbldomains =
message sizelimit = 104857600
mydestination = $myhostname,localhost.$mydomain,localhost,qsigroup.com
mydomain = mail.domain.com
mydomain_fallback = localhost
myhostname = mail.domain.com
mynetworks = ****************************** (I BLANKED THIS OUT FOR SECURITY REASONS)
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd clientrestrictions = permit saslauthenticated permit_mynetworks reject rblclient relays.ordb.org reject rblclient list.dsbl.org reject rblclient dnsbl.njabl.org reject rblclient cbl.abuseat.org reject rblclient opm.blitzed.org permit
smtpd datarestrictions = permit_mynetworks, reject unauthpipelining, permit
smtpd helorequired = yes
smtpd helorestrictions = permit saslauthenticated, permit_mynetworks, check heloaccess hash:/etc/postfix/helo_access, reject non_fqdnhostname, reject invalidhostname, permit
smtpd pw_server_securityoptions = login,plain,cram-md5
smtpd recipientrestrictions = reject invalidhostname, reject non_fqdnsender, reject non_fqdn_recipient,permit_sasl_authenticated,permit_mynetworks,reject_unauth_des tination,reject_rblclient zen.spamhaus.org, reject rblclient relays.ordb.org,permit
smtpd sasl_authenable = yes
smtpd senderrestrictions = permit saslauthenticated, permit_mynetworks, reject non_fqdnsender, permit
smtpd tls_keyfile =
smtpd use_pwserver = yes
soft_bounce = yes
unknown local_recipient_rejectcode = 550
virtual mailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp

Reply

Answer 3

Jan 12, 2007 10:37 AM in response to Simeon Miller1

I've also got this from mxtoolbox.com

Transaction Time: 17.078 seconds - Not good!

HELO mxtoolbox.com - DIAGNOSTIC TEST - See http://www.mxtoolbox.com/Policy.aspx
250 mail.domain.com [31 ms]
HELO mxtoolbox.com
250 mail.domain.com [31 ms]
MAIL FROM: <test@mxtoolbox.com>
250 Ok [16 ms]
TIMEOUT after RCPT TO: <test@mxtoolbox.com> -- 10.531 seconds

Reply

Answer 4

pterobyte

Level 6

11,104 points

Jan 12, 2007 10:42 AM in response to Simeon Miller1

Simeon,

you may not realise it, but hiding your IPs and domain name makes this information useless. It doesn't allow me to do any kind of checks for you. You only left qsigroup.com in there, which resolves to an MX host that doesn't respond at all (and I am not going to try to find out if this your main domain or just a local host alias).

You are obviously free to hide them, but you should also understand that:
1. Information is hardly a secret. If it were, you wouldn't be able to receive mail in the first place.
2. Nobody will be able to properly help you.

Reply

Answer 5

Jan 12, 2007 10:46 AM in response to pterobyte

Here you go then...

always_bcc = postmastermail@qsigroup.com
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug peerlevel = 2
disable vrfycommand = yes
enable serveroptions = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox sizelimit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps rbldomains =
message sizelimit = 104857600
mydestination = $myhostname,localhost.$mydomain,localhost,qsigroup.com
mydomain = mail.qsigroup.com
mydomain_fallback = localhost
myhostname = mail.qsigroup.com
mynetworks = 127.0.0.1/32,204.0.28.0/24,209.39.67.0/24,67.162.226.0/24,216.85.195.0/24,64.15 7.108.0/24,65.44.84.0/24
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd clientrestrictions = permit saslauthenticated permit_mynetworks reject rblclient relays.ordb.org reject rblclient list.dsbl.org reject rblclient dnsbl.njabl.org reject rblclient cbl.abuseat.org reject rblclient opm.blitzed.org permit
smtpd datarestrictions = permit_mynetworks, reject unauthpipelining, permit
smtpd helorequired = yes
smtpd helorestrictions = permit saslauthenticated, permit_mynetworks, check heloaccess hash:/etc/postfix/helo_access, reject non_fqdnhostname, reject invalidhostname, permit
smtpd pw_server_securityoptions = login,plain,cram-md5
smtpd recipientrestrictions = reject invalidhostname, reject non_fqdnsender, reject non_fqdn_recipient,permit_sasl_authenticated,permit_mynetworks,reject_unauth_des tination,reject_rblclient zen.spamhaus.org, reject rblclient relays.ordb.org,permit
smtpd sasl_authenable = yes
smtpd senderrestrictions = permit saslauthenticated, permit_mynetworks, reject non_fqdnsender, permit
smtpd tls_keyfile =
smtpd use_pwserver = yes
soft_bounce = yes
unknown local_recipient_rejectcode = 550
virtual mailboxdomains = hash:/etc/postfix/virtual_domains
virtual_transport = lmtp:unix:/var/imap/socket/lmtp

Reply

Answer 6

pterobyte

Level 6

11,104 points

Jan 12, 2007 11:01 AM in response to Simeon Miller1

Thought so. Didn't want to say so before, but since you posted one domain name you pretty much gave it away anyway 😉

I just ran a few tests. Connection to your server is very fast so it's not a DNS or Router issue.

My gut feeling is that your server is running slowly because it's either under heavy load or not properly configured.

Let's start with the configuration.

mydomain = mail.qsigroup.com

This should be:
mydomain = qsigroup.com
(don't worry in case you need it, mail for mail.qsigroup.com will still be accepted)

mynetworks =
127.0.0.1/32,204.0.28.0/24,209.39.67.0/24,67.162.226.0
/24,216.85.195.0/24,64.157.108.0/24,65.44.84.0/24

Although not related to your issue, do you really need all these IP ranges?

smtpd clientrestrictions = permit saslauthenticated
permit_mynetworks reject rblclient relays.ordb.org
reject rblclient list.dsbl.org reject rblclient
dnsbl.njabl.org reject rblclient cbl.abuseat.org
reject rblclient opm.blitzed.org permit

Now here we have huge potential for slowdowns. I strongly recommend you stop using so many RBLs. Although you may catch a few extra mails the load on the server is higher than its benefits. I would change this to:

smtpd clientrestrictions = permit saslauthenticated, permit_mynetworks, reject rblclient zen.spamhaus.org, permit

If you insist on using more than 1 RBL, make sure you eliminate relays.ordb.org as it doesn't exist anymore.

smtpd recipientrestrictions =
reject invalidhostname, reject non_fqdnsender,
reject non_fqdn_recipient,permit_saslauthenticated,pe
rmit mynetworks,reject_unauth_destination,reject_rblc
lient zen.spamhaus.org, reject rblclient
relays.ordb.org,permit

Change to:
smtpd recipientrestrictions = reject invalidhostname, reject non_fqdnsender, reject non_fqdnrecipient, permit saslauthenticated, permit_mynetworks, reject unauthdestination, reject unlistedrecipient, reject rblclient zen.spamhaus.org, permit

(Same reason as above. ordb.org is history)

Save and issue "sudo postfix reload". Let me know when done and we'll take it from there.

Alex

Reply

Answer 7

Jan 12, 2007 12:05 PM in response to pterobyte

I am done with that. Thank you. Anything else?

Reply

Answer 8

pterobyte

Level 6

11,104 points

Jan 12, 2007 12:06 PM in response to Simeon Miller1

Seems to me that your server now responds quite quickly.

I sent you a testmail to postmaster. Can you check and reply please.

Alex

Reply

Answer 9

pterobyte

Level 6

11,104 points

Jan 12, 2007 12:39 PM in response to pterobyte

Looks good.

Keep your server under observation for a few days. It's probably okay and was just wasting resources on the lookups, but one can never be sure 😉
Telnetting to it, it reacts promptly now.

Alex

Reply