restarting amavis as Postfix SMTP proxy

Mark Martinec Mark.Martinec+amavis at ijs.si
Wed Apr 25 11:37:47 CEST 2012


Florian,

> > I run amavisd-new as Postfix SMTP proxy. When I update my SpamAssassin
> > setup with sa-update, I have to restart amavisd in order to have the
> > new rules in effect. This only seems to be possible by using the
> > restart or force-reload command. However, during a timeframe of about
> > 10 seconds or so, any incoming SMTP connection will trigger a Queue
> > file write error, since the proxy is not reachable.
> > 
> > Is there any smarter way to have the new rules loaded, or is it best
> > to first stop Postfix, restart amavis and then start Postfix again? Or
> > does it make sense to play with the timeout values instead?

Patrick Ben Koetter wrote:
> which version of amavis are you using? Current versions of amavis know a
> real "reload" command, that will keep up service without any
> interruptions.

Indeed, the:

  # amavisd reload

is available since version 2.7.0.
It is extensively documented in release notes,
search for a 'reload' (several of them).

In summary:
- a re-purposed command line option 'reload' now does a warm restart,
  keeping sockets available to an MTA client at all times, thus reducing
  a chance that an MTA would even notice a content filter's warm restart.

[...]
- a command line option 'reload' has been re-purposed to function as a
  warm restart: it now sends a HUP signal to a running daemon, then exits.
  A running daemon upon receiving a HUP signal will clone its sockets,
  clear their 'close-on-exec' flag, then restart itself through exec().
  A reborn daemon inherits open sockets, does a normal startup (loading
  perl modules and config files), then reassociates inherited sockets
  with configured inet and Unix socket names, which is why these must
  not be changed in a configuration file between reloads.

  Sockets remain open and available to clients during the whole warm-restart
  period, requests are queued by kernel (queue size is configurable through
  $listen_queue_size, defaulting to SOMAXCONN, or there may not be any
  queues at all when an IP stack is using SYN cookies), so apart from a
  delay in connection establishment, an MTA client will not notice a restart
  as long as the IP stack is willing to accept new sessions (as controlled
  by listen queue size or SYN cookies). This makes the reloading method
  particularly suitable for pre-queue filter setups.
[...]


Mark


More information about the amavis-users mailing list