I have an OS X mail server running using server.app. In the background, it runs Postfix. Recently, my mail queue has been clogging up and I'm not quite sure why. I'll try to force the queue with sudo postqueue -f, but it won't do anything. The only way to get the server to process the queue is to reboot the system.
The mail server will work fine for 2-3 days, and then it will start to clog again. It's more or less forcing me to reboot the system every 2-3 days just to make sure mail is getting delivered.
If I run mailq, the first entry looks like this:
0410E1878AAF 16737 Wed Jul 22 11:38:06 Cheap_Business_Class_Airfare@mexilar.xyz
(host 127.0.0.1[127.0.0.1] said: 451 4.5.0 id=77854-02 - Temporary MTA failure on relaying, From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:[127.0.0.1]:10025): id=77854-02 (in reply to end of DATA command))
rachel@thoughtspacedesigns.com
and all subsequent entries look like this:
048E21879841 16926 Wed Jul 22 13:07:16 CamerasforHomeSecurity@wannile.xyz
(connect to 127.0.0.1[127.0.0.1]:10024: Can't assign requested address)
rachel@thoughtspacedesigns.com
If I look in /var/log/mail.log around the time that the first entry occurred, I see this:
Jul 22 11:38:06 mymailserver.com postfix/postscreen[73556]: CONNECT from [198.52.135.223]:39777 to [MYSERVER'SIPADDRESS]:25
Jul 22 11:38:06 mymailserver.com postfix/postscreen[73556]: PREGREET 29 after 0.08 from [198.52.135.223]:39777: EHLO shunpiking.mexilar.xyz\r\n
Jul 22 11:38:06 mymailserver.com postfix/smtpd[73557]: connect from shunpiking.mexilar.xyz[198.52.135.223]
Jul 22 11:42:52 mymailserver.com postfix/anvil[73561]: statistics: max connection rate 1/60s for (smtpd:198.52.135.223) at Jul 22 11:38:06
Jul 22 11:42:52 mymailserver.com postfix/anvil[73561]: statistics: max connection count 1 for (smtpd:198.52.135.223) at Jul 22 11:38:06
Jul 22 11:42:52 mymailserver.com postfix/anvil[73561]: statistics: max cache size 1 at Jul 22 11:38:06
I redacted the server's actual hostname and IP address in the above mail.log entry.
It looks to me like the server is getting hammered and trying to rate limit itself, but I don't understand why everything is then shutting down. Does anyone have some insight as to how to repair this issue?
EDIT:
Here's the master.cf file from /Library/Server/Mail/Config/postfix/master.cf:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
# ==== Begin auto-generated section ========================================
# This section of the master.cf file is auto-generated by the Server Admin
# Mail backend plugin whenever mails settings are modified.
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd
-o receive_override_options=no_address_mappings
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
smtp unix - - n - - smtp
# === End auto-generated section ===========================================
proxywrite unix - - n - 1 proxymap
# Modern SMTP clients communicate securely over port 25 using the STARTTLS command.
# Some older clients, such as Outlook 2000 and its predecessors, do not properly
# support this command and instead assume a preconfigured secure connection
# on port 465. This was sometimes called "smtps", but such usage was never
# approved by the IANA and therefore conflicts with another, legitimate assignment.
# For more details about managing secure SMTP connections with postfix, please see:
# http://www.postfix.org/TLS_README.html
# To read more about configuring secure connections with Outlook 2000, please read:
# http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307772
# Apple does not support the use of port 465 for this purpose.
# After determining that connecting clients do require this behavior, you may choose
# to manually enable support for these older clients by uncommenting the following
# four lines.
#465 inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
-o content_filter=smtp-amavis:[127.0.0.1]:10024
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
sacl-cache unix - - n - 1 sacl-cache
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=_cyrus argv=/usr/bin/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# Dovecot
#
dovecot unix - n n - 25 pipe
# flags=DRhu user=_dovecot:mail argv=/Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda -d ${user}
# Use these settings to enable +addressing (user+mailbox@example.com)
flags=DRhu user=_dovecot:mail argv=/Applications/Server.app/Contents/ServerRoot/usr/libexec/dovecot/dovecot-lda -d ${user} -a ${recipient} -m ${extension}
#
# ====================================================================
#
# Greylist policy server
#
policy unix - n n - - spawn
user=nobody:mail argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o smtpd_tls_security_level=none
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
EDIT 2:
Upon further inspection, when things start to clog up, I can still telnet on 10024 by typing telnet 127.0.0.1 10024, but I can't telnet to 10025. I get the following error:
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Can't assign requested address
Trying fe80::1...
telnet: connect to address fe80::1: Connection refused
telnet: Unable to connect to remote host
Maybe this will lead to more clues?
