Slow email with jails and Postfix

Remington · Jan 27, 2024

I've developed a mail servlet application using the Jakarta Mail API. When sending emails between jails on my production server using internal IP addresses, the process is extremely slow, taking around 30 seconds to a minute. I've tried using both port 587 for external communication and port 2525 for internal mail, but the issue persists. It's worth mentioning that I don't encounter any problems when my test server sends emails to the production server. Our mail server is using Postfix. Has anyone encountered a similar problem or can offer insights into potential causes and solutions?

richardtoohey2 · Jan 27, 2024

30 seconds smells like DNS (as in a name resolution timeout). But that’s a complete guess!

Remington · Jan 27, 2024

That's what I thought but I added the addresses in /etc/hosts and Postfix's /usr/local/etc/postfix/helo_access and disabled helo for 2525 as it's not needed for internal emails.

richardtoohey2 · Jan 27, 2024

Any reverse name lookups? Sorry might be a complete red herring but 30 second network delays usually end up being DNS in my experience.

Remington · Jan 27, 2024

This is what I have for port 2525 in /usr/local/etc/postfix/master.cf so no filtering rules will apply unless if I'm missing something that could cause the delay? I don't want to mess with the configurations for port 25, 465, 587 or other ports as it's for external mail services. I don't know if converting my jail to VNET will make any difference?

Code:

2525      inet  n       -       n       -       -       smtpd
  -o smtpd_sasl_auth_enable=no
  -o smtpd_helo_required=no

VladiBG · Jan 27, 2024

Postfix Debugging Howto

covacat · Jan 27, 2024

don't know about postfix but sendmail won't use hosts (will ignore nsswitch.conf), only dns

Remington · Jan 28, 2024

Okay. I put a verbose for port 2525 in master.cf. Here's the log and I'm not sure if this provide any clue where I should be looking? I see there is 20 seconds delay.

Code:

Jan 28 02:39:00 mail postfix/smtpd[84646]: connect from vps01.acme.com[192.168.8.6]
Jan 28 02:39:00 mail postfix/smtpd[84646]: match_list_match: vps01.acme.com: no match
Jan 28 02:39:00 mail postfix/smtpd[84646]: match_list_match: 192.168.8.6: no match
Jan 28 02:39:00 mail postfix/smtpd[84646]: match_list_match: vps01.acme.com: no match
Jan 28 02:39:00 mail postfix/smtpd[84646]: match_list_match: 192.168.8.6: no match
Jan 28 02:39:00 mail postfix/smtpd[84646]: smtp_stream_setup: maxtime=300 enable_deadline=0 min_data_rate=0
Jan 28 02:39:00 mail postfix/smtpd[84646]: match_hostname: smtpd_client_event_limit_exceptions: vps01.acme.com ~? 192.168.8.5
Jan 28 02:39:00 mail postfix/smtpd[84646]: match_hostaddr: smtpd_client_event_limit_exceptions: 192.168.8.6 ~? 192.168.8.5
Jan 28 02:39:00 mail postfix/smtpd[84646]: match_hostname: smtpd_client_event_limit_exceptions: vps01.acme.com ~? 192.168.8.6
Jan 28 02:39:00 mail postfix/smtpd[84646]: match_hostaddr: smtpd_client_event_limit_exceptions: 192.168.8.6 ~? 192.168.8.6
Jan 28 02:39:00 mail postfix/smtpd[84646]: > vps01.acme.com[192.168.8.6]: 220 mail.acme.com ESMTP Postfix
Jan 28 02:39:00 mail postfix/smtpd[84646]: smtp_stream_setup: maxtime=300 enable_deadline=0 min_data_rate=0
Jan 28 02:39:20 mail postfix/smtpd[84646]: < vps01.acme.com[192.168.8.6]: EHLO vps01.acme.com
Jan 28 02:39:20 mail postfix/smtpd[84646]: match_list_match: vps01.acme.com: no match
Jan 28 02:39:20 mail postfix/smtpd[84646]: match_list_match: 192.168.8.6: no match
Jan 28 02:39:20 mail postfix/smtpd[84646]: > vps01.acme.com[192.168.8.6]: 250-mail.acme.com
Jan 28 02:39:20 mail postfix/smtpd[84646]: > vps01.acme.com[192.168.8.6]: 250-PIPELINING

VladiBG · Jan 28, 2024

It look like your client respond with 20sec delay after it receive the 220 greeting banner to the SMTP client send from the server.

Jan 28 02:39:00 mail postfix/smtpd[84646]: > vps01.acme.com[192.168.8.6]: 220 mail.acme.com ESMTP Postfix
Jan 28 02:39:00 mail postfix/smtpd[84646]: smtp_stream_setup: maxtime=300 enable_deadline=0 min_data_rate=0
Jan 28 02:39:20 mail postfix/smtpd[84646]: < vps01.acme.com[192.168.8.6]: EHLO vps01.acme.com

Try to send e-mail via telnet. (user@contoso.com must be valid local mailbox or you need AUTH for outside/remote relay)

 

telnet localhost 2525

EHLO vps01.acme.com
MAIL FROM: user@contoso.com
RCPT TO: user@contoso.com
DATA
to: user@contoso.com
from: user@contoso.com
subject: test
date: Sun, 28 Jan 2024 00:00:00 +0000
test body
.
quit

Remington · Jan 28, 2024

VladiBG said:
It look like your client respond with 20sec delay after it receive the 220 greeting banner to the SMTP client send from the server.

Try to send e-mail via telnet. (user@contoso.com must be valid local mailbox or you need AUTH for outside/remote relay)

telnet localhost 2525

Already did this and 20 seconds delay is still present. I've spent 2 days reading posts about this problem and there's no easy solution.

The only thing I can think is setting up a 2nd instance of postfix for port 2525 with no filtering rules or find a really simple smtp server to listen on port 2525.

I know postfix can be somewhat a pain to configure for internal email without compromising filtering rules for other ports.

Remington · Jan 28, 2024

Looks like I will have to setup Authoritative DNS such as unbound or BIND9 on my server to resolve local IP addresses and reverse DNS lookups and hope that will resolve the 20 seconds delay.

kalleboy · Jan 28, 2024

Is "vps01.acme.com" the hostname of the mail server and your MX record?

Could you try this?

in your /etc/hosts file, add it; (12.23.32.41 = your server's public IP address)

 

127.0.0.1 localhost

12.23.32.41 mail.yourdomain.com

(set the FQDN of your mail server there)

Also do the same in the hosts file of every Jail you're trying to send/receive emails.

Add such line to your jails' hosts file, too.

and then only on the mail server itself, copy your hosts file (replacing if any existing) to ;

/var/spool/postfix/etc/hosts

and then in your postfix main.cf file, replace the values or add;

 

lmtp_host_lookup = native

smtp_host_lookup = native, dns

inet_protocols = ipv4

Also, what do you have in your /etc/resolv.conf file? If you don't have any local name/caching server like unbound, try to add a closest external public DNS IP in your resolv.conf file.

Like:

Bash:

nameserver 151.236.220.5
nameserver 176.58.116.5
lookup file bind

(keep "lookup file bind" as it refers to hosts file)

and then copy your resolv.conf file, to here;

/var/spool/postfix/etc/resolv.conf

(Replace the existing one)

Reboot and try again.

Remington · Jan 29, 2024

I installed unbound and it still doesn't work. I was able to dig and it returns the information correctly but postfix don't see it. I guess it needs BIND as authoritative service.

Anyway, I found another solution... IPv6 and it works!

I will attempt to revisit the unbound/postfix issue at a later date when I have time.