Posts Tagged Postfix Mail Server
Posted by mike Filed Under Dovecot with Comments Off
One thing that you can do is run this command to verify it is listening on the correct port numbers:
netstat -aunt
This should show that Dovecot is listening on ports 143 and 110 for IMAP and POP3.
Check if Dovecot is Listening
Another test is to connect to Dovecot using telnet on port 143. Here is an example with the output you want.
telnet localhost 143
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
* OK dovecot ready.
Check if Dovecot Accepting Passwords
telnet localhost 143
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
* OK dovecot ready.
1 login mike
1 login mike password
1 OK Logged in.
Check if Dovecot is Accepting Remote Logins
telnet 21.14.26.132 143
Trying 21.14.26.132…
Connected to 21-14-26-132.static.example.net (21.14.26.132).
Escape character is ‘^]’.
* OK dovecot ready.
1 login mike password
1 OK Logged in.
Check if Dovecot is Finding the Mailbox
1 select inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1163363765] UIDs valid
* OK [UIDNEXT 1] Predicted next UID
1 OK [READ-WRITE] Select completed.
Posted by mike Filed Under Compile Postfix with Comments Off
Postfix is built in C so you will be compiling C code. Usually the options that you want to create for a project are contained in a Makefile. The make utility creates this Makefile which is used to determine dependencies, any requirements needed or changes you want to create like adding programs or locations of files. The compiler then takes this information and creates object files and links them together into executables.
However, since Postfix creates its own Makefile, you do not need to edit it at all. In fact, the problem with editing the Makefile for Postfix is that your edits will get written over. So, the way to make changes is to use the CCARGS.
Prerequsites to Install
apt-get install db*-devel
apt-get install libdb-dev
Tools You will need
Usually when you install these basic tools the requirements for those tools will be installed as well.
gcc
make
Posted by mike Filed Under Security with Comments Off
Using Pre-Built Templates
Add the pre-built templates for Postfix.
sudo apt-get install apparmor-profiles
This will load many pre-built templates that you can use.
cd /usr/share/doc/apparmor-profiles/extras
Now copy all of the Postfix related profiles into /etc/apparmor.d/.
sudo cp usr.sbin.post* /etc/apparmor.d/
sudo cp usr.lib.post* /etc/apparmor.d/
Restart your the AppArmor daemon.
sudo /etc/init.d/apparmor restart
Now check the number of active profiles.
sudo aa-status
32 profiles are in enforce mode.
/usr/lib/postfix/spawn
/usr/lib/postfix/tlsmgr
/usr/sbin/saslauthd
/usr/lib/postfix/pipe
/usr/lib/postfix/proxymap
/usr/lib/postfix/bounce
/usr/sbin/postalias
/usr/lib/postfix/pickup
/usr/lib/postfix/qmqpd
/usr/lib/postfix/showq
/usr/sbin/avahi-daemon
/usr/lib/postfix/local
/usr/lib/postfix/nqmgr
/usr/sbin/postdrop
/usr/lib/postfix/scache
/usr/lib/postfix/virtual
/usr/lib/postfix/lmtp
/usr/lib/postfix/discard
/usr/lib/postfix/error
/usr/lib/postfix/smtpd
/usr/lib/postfix/smtp
/usr/lib/postfix/cleanup
/usr/sbin/postfix
/usr/sbin/postmap
/usr/sbin/postqueue
/usr/lib/postfix/anvil
/usr/lib/postfix/qmgr
/usr/lib/postfix/master
/usr/lib/postfix/verify
/usr/lib/postfix/flush
/usr/lib/postfix/trivial-rewrite
/usr/lib/postfix/oqmgr
You may not need all of these profiles depending upon what you are running, so remove those you do not need. You can change these to complain mode so you can test. Whatever you do, you should update the settings by running Postfix and then making any adjustments necessary by using the aa-logprof command. This will make sure that your system is running effectively.
aa-logprof
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
Enforce-mode changes:
Profile: /usr/sbin/postfix
Capability: sys_tty_config
Severity: 8
(A)llow / [(D)eny] / Abo(r)t / (F)inish
Adding capability sys_tty_config to profile.
Profile: /usr/sbin/postfix
Path: /etc/postfix/main.cf
Mode: r
Severity: 3
[1 - /etc/postfix/main.cf]
(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish
Adding /etc/postfix/main.cf r to profile.
Profile: /usr/sbin/saslauthd
Path: /var/spool/postfix/var/run/saslauthd/saslauthd.pid.lock
Mode: w
Severity: unknown
[1 - /var/spool/postfix/var/run/saslauthd/saslauthd.pid.lock]
(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish
Adding /var/spool/postfix/var/run/saslauthd/saslauthd.pid.lock w to profile.
= Changed Local Profiles =
The following local profiles were changed. Would you like to save them?
[1 - /usr/sbin/postfix]
2 – /usr/sbin/saslauthd
(S)ave Changes / [(V)iew Changes] / Abo(r)t
Writing updated profile for /usr/sbin/postfix.
Writing updated profile for /usr/sbin/saslauthd.
Posted by mike Filed Under Security with Comments Off
If you are using Postfix on a server that supports AppArmor like Suse, Debian, Ubuntu, etc., you can use AppArmor to protect Postfix. AppArmor attempts to protect processes on the server or desktop from security threats. AppArmor enforces limits on what processes can access on the system. It attempts to restrict processes to those resources that the process requires to function only. AppArmor will not only define the system resources a program can access , it will also determine the privileges with which it can access those resources. To protect applications you will need to set up a security profile for each application that you want to protect.
When you have many software applications on a system you have the risk of hosting software flaws that you are not aware of. These software flaws provide avenues of access for attackers to compromise your system. Exploits that are discovered and on the same day that they are used to crack a system by an attacker are called zero-day exploits. AppArmor provides protection against these kinds of attacks by protecting against known and unknown vulnerabilities.
Install AppArmor
There is no need to install AppArmor on a distro like Ubuntu as it is installed by default. The real issue is that the install has so little protection that it is not very helpful, so you will need to change that. Even in the new Ibex version cups, bind, mysql and slapd are the only processes protected by AppArmor. The Ibex desktop includes the Xsession for gdm.
Check the status of AppArmor
When you check the status as root you will see active profiles. There are several modes that you may notice. Complain mode will help you learn what will happen if there were violations without hindering activity. It is like a warning only mode. Enforce mode means that the kernel will enforce the AppArmor protection for that process.
sudo apparmor_status
# apparmor_status
apparmor module is loaded.
5 profiles are loaded.
0 profiles are in enforce mode.
5 profiles are in complain mode.
/usr/sbin/mysqld
/usr/sbin/slapd
/usr/sbin/cupsd
/usr/sbin/named
/usr/lib/cups/backend/cups-pdf
3 processes have profiles defined.
0 processes are in enforce mode :
3 processes are in complain mode.
/usr/sbin/cupsd (4613)
/usr/sbin/named (4398)
/usr/sbin/mysqld (4518)
0 processes are unconfined but have a profile defined.
Create a New Profile
In order to provide the protection that you need you will be required to create a profile for each application you want to protect. So for Postfix this will require creating profiles for each application that is needed by Postfix to function correctly.
The aa-genprof command is used to create a new profile. From a terminal, as root, use the command aa-genprof:
sudo aa-genprof executable
The first question you will be asked when you begin the creation of a profile is if you want to connect to the repository. This repository which was hosted by Suse, saves profiles created by many different users and distros, which means it probably is not a good idea to enable this, create your own profile.
The second question will look like this:
[(S)can system log for SubDomain events] / (F)inish
At this point you need to have a working Postfix, including your Spam protection and anti-virus protection. AppArmor will scan the whole server to see what processes use Postfix so you can create the profile. Run Postfix by sending mail through it so AppArmor can detect all of the programs needed for the profile. The select “S” to scan for changes. Do this several times and note that you may be asked to accept additions to the profile as it is created. Once you have answered all of the questions then choose finish to complete the profile.
sudo aa-genprof /usr/sbin/postfix
Repository: http://apparmor.test.opensuse.org/backend/api
Would you like to enable access to the
profile repository?
(E)nable Repository / (D)isable Repository / Ask Me (L)ater
Writing updated profile for /usr/sbin/postfix.
Setting /usr/sbin/postfix to complain mode.
Please start the application to be profiled in
another window and exercise its functionality now.
Once completed, select the “Scan” button below in
order to scan the system logs for AppArmor events.
For each AppArmor event, you will be given the
opportunity to choose whether the access should be
allowed or denied.
Profiling: /usr/sbin/postfix
[(S)can system log for SubDomain events] / (F)inish
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
Profiling: /usr/sbin/postfix
[(S)can system log for SubDomain events] / (F)inish
Reading log entries from /var/log/messages.
Updating AppArmor profiles in /etc/apparmor.d.
Profiling: /usr/sbin/postfix
[(S)can system log for SubDomain events] / (F)inish
Here is an example of the basic Postfix profile (found in /etc/apparmor.d), note this is just the start.
# Last Modified: Wed Oct 8 17:42:02 2008
#include <tunables/global>
/usr/sbin/postfix {
#include <abstractions/base>
/usr/sbin/postfix mr,
}
Create the profile in complain mode so that you can test. It can be changed once you are sure it works correctly.
sudo aa-complain /usr/sbin/postfix
You can change the mode to enforce with this command:
sudo aa-enforce /usr/sbin/postfix
Basic Commands
Each of these commands must be run as root.
aa-autodep create a minimal profile
aa-enforce enforce the profile created
aa-complain violations logged but not enforced
aa-audit check the profile
aa-logprof look for error messages, provide a severity level and then give you the option to accept a correction or not.
aa-unconfined list all the network applications that are not protected
Profiles are saved in /etc/apparmor.d.
This is only a start and is an incomplete process until you protect each application that is related to Postfix. Be sure to check out the poston user per-built profiles.
Posted by mike Filed Under Virtual Server with 1 Comment
Virtualized Postfix Mail Server
This section will show you how to virtualize a mail server with OpenVZ. There are several advantages to virtualizing your mail server. One is the ability to backup the entire mail server by either using LVM snapshots, or by creating a compressed tar file. If nothing else this will give you peace of mind in knowing that you can drop the backup in place to have a working mail server in a very short period of time. Secondly, you will be able to place a host firewall in front of the mail server to provide an additional layer of security. You could even build a gateway mail server on the same machine. Third, OpenVZ will give you the ability to clone your mail server to create other mail servers within minutes. By cloning a mail server you can take it and drop it into another box and have a mail server running simply by changing IP, hostname and a few configurations in Postfix. Fourth, virtualization allows you modify the system resources on the fly so that you can increase required CPU, memory and disk space as is required by Postfix. This provides an opportunity to use the box for several other servers at the same time, thus saving you money.
Here is a description of OpenVZ and what it does from the website.
“OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated containers (otherwise known as VEs or VPSs) on a single physical server enabling better server utilization and ensuring that applications do not conflict. Each container performs and executes exactly like a stand-alone server; a container can be rebooted independently and have root access, users, IP addresses, memory, processes, files, applications, system libraries and configuration files.” http://wiki.openvz.org/Main_Page
Create the OpenVZ Host
The first task is to create the OpenVZ host which will hold the virtual servers that you create, including Postfix. The best option for an operating system for your host server is to use CentOS as OpenVZ is built upon Red hat Enterprise, but compatible with other distros.
Add OpenVZ to your yum repositories.
# cd /etc/yum.repos.d
# wget http://download.openvz.org/openvz.repo
# rpm –import http://download.openvz.org/RPM-GPG-Key-OpenVZ
Install the OpenVZ kernel. OpenVZ will only run if you install the kernel and boot to that kerne..
# yum install ovzkernel
Modify /etc/sysctl.conf
Modify sysctl.conf so that it reflects these changes.
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
Turn off SELinux.
Edit /etc/sysconfig/selinux:
SELINUX=disabled
Enable Conntracks for CTO
Enable conntracks for CT0, add the following line to /etc/modprobe.conf file:
options ip_conntrack ip_conntrack_enable_ve0=
Reboot the server and then add the tools needed for OpenVZ.
# yum install vzctl vzquota
Start OpenVZ
# /sbin/service vz start
At this point you should have a working OpenVZ host. If you try to run OpenVZ commands and they do not work then it is probably because the OpenVZ kernel did not automatically boot. Specifically choose the OpenVZ kernel when you boot and it should be OK.
Once the OpenVZ host has been created it is imperative that you protect it from any form of attack because if the host is cracked the virtual servers will also be lost. There are several ways to minimize the access to the host server.
Host Security:
1. Use tcp_wrappers
2. Eliminate all unused services
3. Create a firewall that minimizes any access to the host
4. Only allow one SSH connection to the host
5. Use Port Scan Attack Detector
Posted by mike Filed Under Performance with Comments Off
Testing Load with smtp-source and top
In order to evaluate the load on your box you can run smtp-source and combine that with snapshots of top to evaluate the load on the server. Now open two terminals and in one run the smtp-source command and in the other snapshots for top.
Terminal #1
# time /usr/sbin/smtp-source -s 40 -l 10120 -m 500 -c -f test@example.com -t mike@example.com localhost:25
This example shows 40 parallel sessions (-s 40), almost 10KB sized messages (-l 10120), 500 messages sent (-m 500), counter display (-c), envelope sender and receiver (-f test@example.com -t mike@example.com) and connection on port 25 of the localhost (localhost:25).
Terminal #2
top -b -n10 -d7 > top.txt
This command with top will give you 10 snapshots (-n10) at 7 second intervals (-d7) and create a file called top.txt.
As you evaluate the sample data there are several fields to pay close attention to. The first is the Cpu wa or “amount of time the CPU has been waiting for I/O to complete.” This at any sustained level will dramatically decrease the speed or your mail server. Here is the wa from several snapshots taken and you can see that running at the load that is presented by the smtp-source is not sustainable. Spikes in wa are not a problem is just that your mail server will not be able to maintain anything over 10%, maybe even less.
17.5%wa – 21.5%wa – 20.7%wa – 28.6%wa – 47.9%wa
When you evaluate your I/O be sure that you also evaluate the additional resource load from scanning for virus and also Spam. When you add both of these on top of your mail server that whole process can slow down even more. This whole process is hard to nail down as a science but at least this kind of test will provide you with data that you could compare with multiple mail servers or that you can have a starting point for evaluation.
top – 06:57:35 up 25 min, 2 users, load average: 0.02, 0.21, 0.17
Tasks: 107 total, 1 running, 106 sleeping, 0 stopped, 0 zombie
Cpu(s): 5.6%us, 7.8%sy, 0.0%ni, 66.9%id, 17.5%wa, 0.1%hi, 2.0%si, 0.0%st
Mem: 254368k total, 199080k used, 55288k free, 18384k buffers
Swap: 761848k total, 0k used, 761848k free, 110884k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4354 syslog 20 0 1936 684 532 S 1.1 0.3 0:01.41 syslogd
4684 postfix 20 0 6300 2728 1468 S 0.9 1.1 0:02.41 qmgr
top – 06:57:42 up 25 min, 2 users, load average: 0.02, 0.20, 0.17
Tasks: 113 total, 2 running, 111 sleeping, 0 stopped, 0 zombie
Cpu(s): 9.0%us, 10.7%sy, 0.0%ni, 55.1%id, 21.5%wa, 0.4%hi, 3.3%si, 0.0%st
Mem: 254368k total, 204260k used, 50108k free, 19536k buffers
Swap: 761848k total, 0k used, 761848k free, 112776k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5485 postfix 20 0 5900 3056 2444 R 2.1 1.2 0:00.15 smtpd
4354 syslog 20 0 1936 684 532 S 1.6 0.3 0:01.52 syslogd
4684 postfix 20 0 6300 2728 1468 S 1.3 1.1 0:02.50 qmgr
5495 postfix 20 0 5476 1800 1460 S 1.3 0.7 0:00.09 cleanup
top – 06:57:49 up 26 min, 2 users, load average: 0.02, 0.20, 0.17
Tasks: 112 total, 1 running, 111 sleeping, 0 stopped, 0 zombie
Cpu(s): 8.3%us, 13.0%sy, 0.0%ni, 54.5%id, 20.7%wa, 0.3%hi, 3.3%si, 0.0%st
Mem: 254368k total, 207408k used, 46960k free, 20836k buffers
Swap: 761848k total, 0k used, 761848k free, 114900k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4354 syslog 20 0 1936 684 532 S 1.9 0.3 0:01.65 syslogd
4684 postfix 20 0 6420 2760 1468 S 1.4 1.1 0:02.60 qmgr
4677 root 20 0 5396 1736 1408 S 1.0 0.7 0:00.91 master
5500 postfix 20 0 5412 1688 1372 S 0.9 0.7 0:00.06 trivial-rewrite
top – 06:57:56 up 26 min, 2 users, load average: 1.62, 0.52, 0.27
Tasks: 155 total, 3 running, 152 sleeping, 0 stopped, 0 zombie
Cpu(s): 12.8%us, 16.4%sy, 0.0%ni, 40.5%id, 28.6%wa, 0.4%hi, 1.3%si, 0.0%st
Mem: 254368k total, 228268k used, 26100k free, 21600k buffers
Swap: 761848k total, 0k used, 761848k free, 117700k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5501 postfix 20 0 5900 3060 2444 S 4.0 1.2 0:00.29 smtpd
4684 postfix 20 0 6800 3164 1468 R 3.9 1.2 0:02.87 qmgr
5510 postfix 20 0 5476 1792 1460 D 2.6 0.7 0:00.18 cleanup
4354 syslog 20 0 1936 684 532 S 1.6 0.3 0:01.76 syslogd
4677 root 20 0 5396 1736 1408 S 1.4 0.7 0:01.01 master
top – 06:58:03 up 26 min, 2 users, load average: 2.29, 0.68, 0.33
Tasks: 155 total, 1 running, 154 sleeping, 0 stopped, 0 zombie
Cpu(s): 9.7%us, 16.8%sy, 0.0%ni, 25.1%id, 47.9%wa, 0.0%hi, 0.6%si, 0.0%st
Mem: 254368k total, 233476k used, 20892k free, 22192k buffers
Swap: 761848k total, 0k used, 761848k free, 120992k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4684 postfix 20 0 6800 3164 1468 S 6.0 1.2 0:03.29 qmgr
4677 root 20 0 5396 1736 1408 S 1.8 0.7 0:01.14 master
4354 syslog 20 0 1936 684 532 S 1.3 0.3 0:01.85 syslogd
Solution for I/O Issues
Solutions may be increasing the CPU or number of CPUs available on the mail server and also increasing the ability to read/write on the disks. Increasing read/write can be done by choosing SCSI or using RAID or even LVM.
SCSI
If you choose to select SCSI you have the advantages of the server being able to read/write to multiple disks at the same time. When selecting SCSI be sure to select a brand with a large cache to enhance your speed and also select the fastest speeds you can afford. Once you move to SCSI you can use hardware RAID or software RAID and use RAID 0 to increase read and writes. The biggest problem with RAID 0 is that it does not provide redundancy.
LVM Striping
Striped logical volumes will lay down data on a number of drives, speeding up the I/O process. When laying down each stripe the size of the stripe cannot exceed the size of the extent. The striping will start with the first physical volume and each stripe or extent is then placed on the next physical volume. The size of the stripe is limited to the size of the extent.
The LVM cannot determine if there are multiple physical volumes on the drive, so if you use striping on one disk with several physical volumes it will actually slow down performance instead of enhancing performance.
Posted by mike Filed Under Performance with Comments Off
One of the questions that you will want to solve is how much mail traffic can your hardware handle. This is often why people overbuild hardware is that they just are not sure and no one wants to build a mail server and then rebuild in 3 months. Fortunately, Postfix comes with a couple programs that you can stress your server with and get a general idea of what you need.
Hardware Considerations
When you are building a mail server, especially if you are building a mail server that will host multiple domains, it is very difficult to determine the necessary hardware as growth is unknown in two areas. First, growth in terms of new domains or new accounts on the mail server is tough because business can change and staff may change dramatically in a 6 month period. When you build the mail server you want to build something that will potentially provide 3 years of service, maybe 5. So you must compensate for the amount of growth for your business. Second, growth is difficult to estimate based on the amount of Spam your server must be capable of managing. This is a very frustrating aspect of mail servers in that potentially, Spam could triple in 3 months and it would have very little to do with how you are managing your mail server, so you must also prepare for these kinds of issues. Spam is especially hard on resources as you will be running a programs like Spamassassin and an anti-virus program like ClamAv on each of these emails that hits your system.
Stress Test
The program smtp-source will use port 25 to simulate mail coming to your mail server to process. In this simulation you can perform messages by themselves or in parallel. There are several settings that you can modify to help determine the stress level that your server will best perform at.
In order to run the test you may have to comment out a few lines in your smtpd restrictions.
smtpd_recipient_restrictions =
warn_if_reject reject_non_fqdn_recipient
# reject_non_fqdn_sender
# reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
reject_non_fqdn_hostname
reject_invalid_hostname
# check_helo_access pcre:/etc/postfix/helo_checks
check_sender_mx_access cidr:/etc/postfix/bogus_mx
reject_rbl_client sbl-xbl.spamhaus.org
reject_unverified_sender
permit
Parallel sessions – This will indicate the number of concurrent sessions or maxprocesses that your server will be running.
Message size – You can test various message sizes to simulate the mail that you typically will receive on your server.
Total messages – You can determine the total messages that you will test on receiving.
Display counter -This will just show a counter as the messages are received while the command is running.
# time /usr/sbin/smtp-source -s 20 -l 5120 -m 100 -c -f test@example.com -t mike@example.com localhost:25
100
real 0m2.664s
user 0m0.020s
sys 0m0.100s
This example shows 20 parallel sessions (-s 20), 5KB sized messages (-l 5120), 100 messages ent (-m 100), counter display (-c), envelope sender and receiver (-f test@example.com -t mike@example.com) and connection on port 25 of the localhost (localhost:25).
The “100” indicates the total messages sent. The real time (0m2.664s ) is the time the injection took,.
Here is an additional test on the same server that indicates an increase to 40 sessions, 10 KB mail size and 500 messages. This gives you a way to evaluate the additional load on the server in terms of a comparison time.
# time /usr/sbin/smtp-source -s 40 -l 10120 -m 500 -c -f test@example.com -t mike@example.com localhost:25
500
real 0m29.795s
user 0m0.200s
sys 0m0.530s
Posted by mike Filed Under Compile Postfix with Comments Off
Using strace to Find Problems
The strace command allows you to view the activities of a process. The first thing you will need to do is locate the process ID that you want to trace.
ps aux | grep postfix
Here is partiial output of what this command will provide:
root 5049 0.0 0.6 5396 1736 ? Ss 06:25 0:00 /usr/lib/postfix/master
postfix 5050 0.0 0.6 5404 1652 ? S 06:25 0:00 pickup -l -t fifo -u -c
postfix 5052 0.0 0.7 5444 1832 ? S 06:25 0:00 qmgr -l -t fifo -u
postfix 5065 0.0 0.9 5772 2460 ? S 06:30 0:00 tlsmgr -l -t unix -u -c
postfix 5092 0.0 0.9 5544 2316 ? S 06:40 0:00 smtp -t unix -u -c
Now you can select a process ID, like 5050 and use strace on that PID.
Now as root, use strace.
strace -p 5050
Process 5050 attached – interrupt to quit
alarm(333) = 274
time(NULL) = 1222519411
epoll_wait(8, {{EPOLLIN, {u32=6, u64=577892986457686022}}}, 100, 41000) = 1
time(NULL) = 1222519412
write(5, “\272\23\0\0\1\0\0\0\0\0\0\0″, 12) = 12
read(6, “W”, 1024) = 1
open(“maildrop”, O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0×80000) = 9
fstat64(9, {st_mode=S_IFDIR|S_ISVTX|0730, st_size=4096, …}) = 0
getdents64(9, /* 2 entries */, 4096) = 48
getdents64(9, /* 0 entries */, 4096) = 0
close(9) = 0
write(5, “\272\23\0\0\1\0\0\0\1\0\0\0″, 12) = 12
time(NULL) = 1222519412
alarm(333) = 332
time(NULL) = 1222519412
Running a Debugger for Postfix
If you are having continual problems with Postfix you can runs the gdb debugger which does not require a graphical interface. This is a non-interactive debugger that will print a stack trace if the process crashes. Edit the main.cf file and add this information.
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo
where; sleep 8640000) | gdb $daemon_directory/$process_name
$process_id 2>&1
>$config_directory/$process_name.$process_id.log & sleep 5
Now edit the master.cf and add the “-D” at the end of the line. This will run each daemon under the control of the debugger as described in your main.cf file.
smtp inet n - - - - smtpd -D
Save and restart Postfix. Now when the process is started an output file will be created and named after the daemon and the process ID. If the process crashes a stack trace will be written to the logfile.
« Older Entries
Newer Entries »
