firewall timeout of LDAP connections causes amavis to error instead of falling back

Quanah Gibson-Mount quanah at
Wed May 9 17:27:59 CEST 2012

--On Tuesday, May 08, 2012 4:28 PM -0700 Quanah Gibson-Mount 
<quanah at> wrote:

> We have a firewall between our MTA and LDAP servers.  The firewall is
> currently (incorrectly) set to timeout all connections that are idle for
> > 30 minutes.  Since I'm using this MTA for testing only atm, this
> regularly occurs.
> Even though amavis is configured to rely on multiple LDAP servers, it
> does not correctly failover to one of the other LDAP servers when its
> connection is timed out by the firewall:
> May  8 16:26:49 edge01-zcs postfix/smtp[544]: 8B820255:
> to=<quanah at xxxxxxxxxx>, relay=[]:10026, delay=300,
> delays=0.14/0.01/0.01/300, dsn=4.4.2, status=deferred (conversation with
>[] timed out while sending RCPT TO)
> May  8 16:27:25 edge01-zcs amavis[29194]: (29194-02) (!)lookup_ldap:
> timed out at (eval 101) line 185, <GEN15> line 101.
> May  8 16:27:25 edge01-zcs amavis[29194]: (29194-02) (!)Requesting
> process rundown, task exceeded allowed time
> It seems amavis should check if its connection is still active, and if
> not, fallover to one of the other LDAP servers in this scenario.

I guess this is really an issue to bring up with the Net::LDAP folks... It 
requires setting TCP keepalives at the network layer to keep the connection 



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration

More information about the amavis-users mailing list