my smtp server is very slow to accept connections today

Paul Howarth paul at city-fan.org
Thu Apr 6 16:09:12 UTC 2006


Don Russell wrote:
> Paul Howarth wrote:
>> Don Russell wrote:
>>> On 4/4/2006 4:29 AM, Paul Howarth wrote:
>>>> Don Russell wrote:
>>>>> I'm using FC5 and have the "nightly yum update" turned on.
>>>>> My FC5 box runs a mail server.
>>>>> Yesterday, there were no problems.
>>>>> Today, I can't send mail from PCs on the network... the Thunderbird
>>> client
>>>>> says "Connected to 10...." and eventuaally times out.
>>>>>> From external machines I can telnet to port 25 and it takes anywhere
> 
>>> from
>>>>> 40-80 seconds to get a reply from the server.
>>>>> If I'm on the same machine as the server, the connection is
> immediate.
>>> That tells me it is not smtp that's slow, but something relating to
> external connections.
>>>>> I have not changed any configurations... but with the nightly
> updates,
>>> what could account for introducing such a delay?
>>>>> I'm thinking somethin like it's trying to a reverse dns look up to
>>> check
>>>>> the address connecting, and that's taking a long time?
>>>>> Any ideas/suggestions?
>>>> Check that your nsswitch.conf has an appropriate hosts entry.
>>> hmmm, I don't know what's "appropriate". :-(
>>> The nsswitch.conf file looks pretty generic... the "hosts" line says:
> hosts: files dns
>> That looks OK.
>>> Guessing, I changed that to
>>> hosts: files dns [NOTFOUND=return]
>>> then "service network restart"
>>> but that had no effect...
>>> hmmm, do I need to have my PCs listed in /etc/hosts ?
>> No. Sendmail needs to look up MX records, which it can't get from a 
> hosts file anyway.
> 
> 
> So why does the host line say "files dns" and not just "dns"? (Off 
> track... I'm just curious)

sendmail is only one of the programs that needs to look up hosts, and 
its requirements are a little unusual (needing to look up MX records 
before A records). Most applications only need the A records, which can 
effectively be supplied by the hosts file.

> Regardless... if sendmail is looking for an MX recod to be associated 
> with the sender address for me, it likely won't find one.

Mail servers fall back to A records in the absence of MX records.

> But, that is 
> nothing new... I use DynDNS to map a name to my ISP IP address and run a 
> mail server at home.

Which should be fine.

>>> If so, that means something changed because this was all working fine  the
>>> other day... could a "nightly yum" have wiped out my /etc/hosts file?
>> Which new packages were installed on the night in question? (check 
> /var/log/yum.log)
> hmm, tons of stuff... I actually went back a day or to prior...
> 
> Mar 29 20:56:48 Updated: libselinux-devel.i386 1.30-1.fc5
> Mar 29 20:57:25 Installed: kernel.i686 2.6.16-1.2080_FC5
> Mar 29 20:57:30 Updated: libselinux.i386 1.30-1.fc5
> Mar 29 20:57:32 Updated: libsemanage.i386 1.6-1.fc5
> Mar 29 20:57:32 Updated: libselinux-python.i386 1.30-1.fc5
> Mar 29 20:57:34 Updated: policycoreutils.i386 1.30.1-2.fc5
> Mar 29 20:57:35 Updated: libsetrans.i386 0.1.20-1.fc5
> Mar 29 20:57:41 Updated: selinux-policy.noarch 2.2.25-2.fc5
> Mar 29 20:57:51 Updated: selinux-policy-targeted.noarch 2.2.25-2.fc5
 > Mar 29 20:57:55 Erased: iiimf-libs
> Mar 31 04:25:26 Updated: samba-common.i386 3.0.22-1.fc5
> Mar 31 04:25:36 Updated: mrtg.i386 2.13.2-0.fc5.1
> Mar 31 04:25:59 Updated: samba.i386 3.0.22-1.fc5
> Mar 31 04:26:01 Updated: wpa_supplicant.i386 1:0.4.8-6.fc5
> Mar 31 04:26:04 Updated: samba-client.i386 3.0.22-1.fc5
> Apr 01 04:13:08 Updated: koffice-core.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:13:13 Updated: koffice-karbon.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:13:18 Updated: koffice-filters.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:13:24 Updated: koffice-kspread.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:13:27 Updated: koffice-kplato.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:13:43 Updated: koffice-kivio.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:13:51 Updated: koffice-kpresenter.i386 1.5.0-0.1.rc1.fc5
 > Apr 01 04:13:54 Updated: koffice-kugar.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:13:57 Updated: koffice-kchart.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:14:04 Updated: koffice-kword.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:14:06 Updated: koffice-kformula.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:14:09 Updated: yumex.noarch 0.99.15-1.0.fc5
> Apr 01 04:14:21 Updated: koffice-krita.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:14:28 Updated: koffice-kexi.i386 1.5.0-0.1.rc1.fc5
> Apr 01 04:14:28 Updated: koffice-suite.i386 1.5.0-0.1.rc1.fc5
> Apr 02 05:40:51 Updated: dia.i386 1:0.94-21
> Apr 03 14:51:59 Updated: policycoreutils.i386 1.30.1-3.fc5

Nothing particularly stands out from that list.

> Note: This policycoreutils update was done AFTER I discovered the
> problem...
> FYI: I run SELinux in permissive mode... so, I supose even if this is 
> some sort of SE issue, it should be transparent and show up as a
> violation warning in my Logwatch report...

I don't think all avcs get reported by logwatch but you're right that 
SELinux should be the issue in permissive mode.

>>>> Check that /etc/resolv.conf points to nameservers that are working.
> Try using "dig" to check them out, e.g.
>>>> $ dig @first.name.server -x 212.56.100.58
>>>> See how long the lookups take.
>>> I tried several times with the two dns addresses in /etc/resolv.conf
> and
>>>   the longest query time was 180mSec, the shortest was 25mSec.
>>> However, I also tried dig @dns-server - x 10.10.10.13
>>> (the 10. address is my PC that tries to connect to my mail server at
> 10.10.10.250)
>>> That timed out after 15 seconds.... expected, but far short of the 
> delay I
>>> see when I "telnet 10.10.10.250 25" from 10.10.10.13

Actually it's curious that you get a timeout rather than an "NXDOMAIN" 
response for a "dig -x 10.10.10.13".

> See my other post where I notice my router firewall is blocking udp port 
> 1078 coming from the DNS server. I have no idea why I'm getting udp 1078 
> traffic from a DNS server... but I'm not a DNS expert...
> 
> FWIW.. I also notice a slow down in connecting to this machine via ssh.
> i.e. from an ssh client on 10.10.10.13 on Windows XP, ssh'ing to
> 10.10.10.250 (where my mail server is) takes longer to respond with the 
> password prompt than it used to.... so something is going on there too.
> 
> Thanks... I appreciate the tips.... :-)

Nothing much obvious here unfortunately. Can you check that your 
system's hostname is set correctly, and that /etc/hosts has the right 
name and address for your host and also localhost?

Paul.





More information about the users mailing list