Symptoms
- Postfix keeps stopping, preventing the sending of mail. Mail received with a significant delay;
-
/var/log/maillog
file contain a lot of messages like "lost connection after CONNECT" and the following warning message:
postfix/master[10149]: warning: service "smtp" (25) has reached its process limit "100": new clients may experience noticeable delays
postfix/master[10149]: warning: to avoid this condition, increase the process count in master.cf or reduce the service time per client
warning: see http://www.postfix.org/STRESS_README.html for examples of stress-adapting configuration settings
warning: maildrop/777F954752E9: error writing 8E9F654752EA: queue file write error
Cause
Mail server overloaded and switched to
mode. Postfix version 2.5 introduces automatic stress-adaptive behaviour. When a "public" network service such as the SMTP server runs into an "all server ports are busy" condition, the Postfix master daemon logs a warning, restarts the service (without interrupting existing network sessions), and runs the service with "
stress
" on the server process command line.
-o stress=yes
Resolution
Check whether someone is trying to make a brute-force attack:
# grep -w "connect from" /var/log/maillog | awk -F"[" '{print$3}' | awk -F"]" '{print$1}' |sort -n |uniq -c |sort -nr | head -25
1410 203.0.113.2
# grep 203.0.113.2 /var/log/maillog | grep "authentication failure" | wc -l
1648
In this case install fail2ban (Plesk > Tools & Settings > Updates and Upgrades) and configure it according to documentation or block IP's in firewall.
If there is no brute-force attack increase default_process_limit
in
/etc/postfix/main.cf
and fine tune other performance/stress related configuration settings in postfix by following stress configuration directives explanations described in "Postfix Stress-Dependent Configuration"