firewall timeout of LDAP connections causes amavis to error instead of falling back
Quanah Gibson-Mount
quanah at zimbra.com
Wed May 9 17:27:59 CEST 2012
--On Tuesday, May 08, 2012 4:28 PM -0700 Quanah Gibson-Mount
<quanah at zimbra.com> wrote:
> We have a firewall between our MTA and LDAP servers. The firewall is
> currently (incorrectly) set to timeout all connections that are idle for
> > 30 minutes. Since I'm using this MTA for testing only atm, this
> regularly occurs.
>
> Even though amavis is configured to rely on multiple LDAP servers, it
> does not correctly failover to one of the other LDAP servers when its
> connection is timed out by the firewall:
>
> May 8 16:26:49 edge01-zcs postfix/smtp[544]: 8B820255:
> to=<quanah at xxxxxxxxxx>, relay=127.0.0.1[127.0.0.1]:10026, delay=300,
> delays=0.14/0.01/0.01/300, dsn=4.4.2, status=deferred (conversation with
> 127.0.0.1[127.0.0.1] timed out while sending RCPT TO)
> May 8 16:27:25 edge01-zcs amavis[29194]: (29194-02) (!)lookup_ldap:
> timed out at (eval 101) line 185, <GEN15> line 101.
> May 8 16:27:25 edge01-zcs amavis[29194]: (29194-02) (!)Requesting
> process rundown, task exceeded allowed time
>
> It seems amavis should check if its connection is still active, and if
> not, fallover to one of the other LDAP servers in this scenario.
I guess this is really an issue to bring up with the Net::LDAP folks... It
requires setting TCP keepalives at the network layer to keep the connection
open.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the amavis-users
mailing list