postfix/smtpd: warning: connect to Milter service inet: Connection refused

pete83 · 08-01-2013, 05:43 AM

Hello,

I'm trying to get a postfix server to connect to our milter(spamassasin) again. This has worked before. All other servers are sendmail servers and they connect fine, and the incoming e-mails are getting a spam score in their header. But the postfix server seems not to go past our milter and not getting back spam score in mail-headers.

This warning is in the /var/log/mail.log:

Code:

postfix/smtpd: warning: connect to Milter service inet:milter.host:1025 Connection refused

Along with this warning in syslog:

Code:

postfix/smtpd[18787]: warning: milter inet:milter.host:1025: can't read SMFIC_RCPT reply packet header: Success

On the milter.host I see all other servers connect properly, except for the postfix server:

Code:

info: spamd: connection from sendmail.server.net [XX.XX.XX.XX] at port 48209

When I'm running a netstat -antup | grep 1025 (1025 the port the milter listens to) I see that from both sides from time to time there is a connection.

So with a telnet I can also confirm that connecting to 1025 from the postfix server goes fine.

in /etc/postfix/main.cf:

Code:

smtpd_milters = inet:milter.host:1025
milter_default_action = tempfail

In /etc/postfix/master.cf:

Code:

smtp      inet  n       -       -       -       -       smtpd
...
cyrus     unix  -       n       n       -       -       pipe
   flags= user=cyrus argv=/usr/sbin/cyrdeliver -e -r ${sender} -m ${extension} ${user}

spamc     unix  -       n       n       -       -       pipe
   flags= user=cyrus argv=/usr/bin/spamc -d X.X.X.X -u ${user}@domain.net -e /usr/sbin/cyrdeliver -e -r ${sender} -m ${extension} ${user}

Don't ask me why this is configured this way, this was done before I came here. They only thing I know that it had worked before and that I have to fix this. I have googled for a few days now but can't seem to find an answer that fits our server.

Please some tips asked to debug this problem.

vishesh · 08-01-2013, 06:00 AM

Do all mails of postfix getting same treatment or only a few mails getting stucked?

Thanks

pete83 · 08-01-2013, 06:02 AM

Thank you for your reply.

They are not stuck, the thing is they don't get a spam score from our milter. Ans yes none of the mails is getting a spam score on the postfix server.

vishesh · 08-01-2013, 06:24 AM

I am not sure but hopefully increasing timeout value may resolve the issue. There are three milter related timeout value

milter_command_timeout
milter_connect_timeout
milter_content_timeout

Try to set it to high in main.cf

Thanks

pete83 · 08-01-2013, 06:36 AM

Thank you I will try to set the following values:

Code:

smtpd_milters = inet:milter.host:1025
milter_default_action = tempfail
milter_connect_timeout = 30s
milter_command_timeout = 30s
milter_content_timeout = 300s

Do they take effect with a /etc/init.d/postfix reload or do I have to restart?

In http://www.postfix.org/MILTER_README.html they say:

Beware: 30s may be too short for Milter applications that do lots of DNS lookups. However, if you increase the above timeouts too much, remote SMTP clients may hang up and mail may be delivered multiple times. This is an inherent problem with before-queue filtering.

pete83 · 08-01-2013, 06:45 AM

Hmmmm, a reload doesn't have any effect. And I'm not so eager to restart because this is a vert busy mailserver.

edit:
restart doesn't have any effect either.

vishesh · 08-01-2013, 07:01 AM

I think 30s is too short value.

Thanks

pete83 · 08-01-2013, 08:26 AM

I've set them all to 300s.

Code:

milter_connect_timeout = 300s
milter_command_timeout = 300s
milter_content_timeout = 300s

But then I should see the postfix server connect to the milter but I don't see it in /var/log/spamd.log.

pete83 · 08-02-2013, 03:46 AM

Isn't there some sort of to force a connection to the milter from the command line to debug the connection? Connection is refused but why? And why is this warning logged in /var/log/mail.log:

Code:

postfix/smtpd[18787]: warning: milter inet:milter.host:1025: can't read SMFIC_RCPT reply packet header: Success

descendant_command · 08-02-2013, 05:16 AM

Setup a new instance of postfix with the same config (on another server) to test with, rather than your live one.

pete83 · 08-05-2013, 02:06 AM

I've tried that but same problem.

pete83 · 08-05-2013, 05:15 AM

Stupid......

When I was first confronted with this problem here, they assured me that it had worked before with the current config. But there was a configuration option missing /etc/postfix/master.cf:

Code:

smtp      inet  n       -       -       -       -       smtpd -o content_filter=spamc
...
cyrus     unix  -       n       n       -       -       pipe
   flags= user=cyrus argv=/usr/sbin/cyrdeliver -e -r ${sender} -m ${extension} ${user}

spamc     unix  -       n       n       -       -       pipe
   flags= user=cyrus argv=/usr/bin/spamc -d X.X.X.X -u ${user}@domain.net -e /usr/sbin/cyrdeliver -e -r ${sender} -m ${extension} ${user}

So I put hours of work in trying to debug the current configuration

pete83 · 08-05-2013, 07:39 AM

I thought I had it but when configured as above outgoing mail is also send across the milter and I'm getting the error below in mail.log:

Quote:

postfix postfix/pipe[87887]: XXXXXXXXXX: to=<user@gmail.com>, relay=spamc, delay=7.9, delays=0.15/0/0/7.8, dsn=5.6.0, status=bounced (data format error. Command output: user: Mailbox does not exist

How do I configure postfix with spamc to only scan incoming mail?