Applicable to:
- Plesk for Linux
Symptoms
- Plesk Obsidian running on a Linux-based operating system
- Postfix keeps stopping, preventing the sending of mail
- Mail is received with a significant delay
- The
/var/log/maillog
on the server contains many errors that are similar to the following:
CONFIG_TEXT: Feb 24 08:39:58 server postfix/spawn[13353]: warning: /usr/lib64/plesk-9.0/postfix-srs: process id 21094: command time limit exceeded
CONFIG_TEXT: 2023-03-30 21:32:07 INFO
postfix/smtpd [3238741]
lost connection after CONNECT from unknown[203.0.113.2]CONFIG_TEXT: postfix/master[10149]: warning: service "smtp" (25) has reached its process limit "100": new clients may experience noticeable delays
postfix/master[10149]: warning: to avoid this condition, increase the process count in master.cf or reduce the service time per client
warning: see http://www.postfix.org/STRESS_README.html for examples of stress-adapting configuration settings
warning: maildrop/777F954752E9: error writing 8E9F654752EA: queue file write error
Cause
The postfix-srs: process id 21094: command time limit exceeded
messages reflect a normal and expected behavior of Postfix, which force closes processes that have not been closed for a very long time.
This usually happens when a mail client does not end its connection to the Postfix as expected (by sending QUIT and "221 2.0.0 Bye) and keeps it open instead.
With that said, this behavior is mostly caused by incorrect behavior on the side of the mail client that is tied to this process and due to this, the mail client's configuration needs to be reviewed and corrected (if possible).
Another possibility for such a situation is an intentional brute-force attack that is meant to cripple your mail server.
When too many such connections are kept open, the Postfix mail server gets overloaded and switches to
stress
mode. Postfix version 2.5 introduces automatic stress-adaptive behavior. When a "public" network service such as the SMTP server runs into an "all server ports are busy" condition, the Postfix master daemon logs a warning, restarts the service (without interrupting existing network sessions), and runs the service with
-o stress=yes
on the server process command line.
Resolution
Confirm if the mail client connections are kept open intentionally as part of a potential brute-force attack by doing the following:
1. Log into your server via SSH
2. Execute the following command in order to see if a small number of IP addresses generates a great number of problematic connections:
# grep -w "connect from" /var/log/maillog | awk -F"[" '{print$3}' | awk -F"]" '{print$1}' |sort -n |uniq -c |sort -nr | head -25
1410 203.0.113.2
3. Execute the following command in order to check if the IP addresses that generate the most connections have many authentication failures:
# grep 203.0.113.2 /var/log/maillog | grep "authentication failure" | wc -l
1648
If too many connections that are causing issues are coming from the same IP address, install Fail2Ban (Plesk > Tools & Settings > Updates and Upgrades) and configure it according to the Fail2Ban Plesk documentation or block the IP's that are causing the issue in the Plesk server firewall.
If there is no brute-force attack, increase the default_process_limit
in /etc/postfix/main.cf
and fine tune other performance and stress related configuration settings in postfix by following stress configuration directives explanations described in the following official page of the Postfix documentation:
Postfix Stress-Dependent Configuration
If there is no brute-force attack and insufficient limits in mail services are responsible, you may apply the following solution:
Connect to the server via SSH and increase process limit for the process mentioned in the maillog:
For imap-login
1. Edit file /etc/dovecot/conf.d/92-plesk-service-imap-login.conf
and increase the process_limit
variable value to a higher one:
# cat /etc/dovecot/conf.d/92-plesk-service-imap.conf | grep 'process'
process_limit = 1024
2. Restart Dovecot:
# systemctl restart dovecot
For SMTP
1. Edit file /etc/postfix/main.cf
and increase the default_process_limit
value to a higher one:
# grep default_process_limit /etc/postfix/main.cf
default_process_limit = 100
2. Restart Postfix:
# systemctl restart postfix
Comments
0 comments
Please sign in to leave a comment.