[CentOS] Re: Postfix smtp freezing

Mon Aug 13 16:01:14 UTC 2007
Ken Price <kprice at nowyouknow.net>

Jason,

This has nothing to do with AUTHORITATIVE dns.  I'm speculating this  
is a problem with your choice of RECURSIVE (caching) name servers.   
Realize, however, that without being on the box and looking at your  
configuration, all I can do is speculate.

>        Mail .medvoice.com actually resolves to the mail server inside
> through port forwarding.

Very typical.

> It's not really named that just everything going to the mail ports
> ends up there.

Understood.  Again, very typical.

> Would DNS still be an issue for sending internal mail.

Maybe, maybe not.  It depends on your internal network setup and where  
your server and workstations sit respective to each other.  What's in  
your server's /etc/resolv.conf file?  On your windows workstation,  
from the command prompt:  ipconfig /all ... what "DNS Servers" are  
listed here?

> I ran top during one of these unresponsive email spats and noticed
> that there are no smtp processes listed.

That just means there's no Postfix process in the busiest 20 or so  
processes.  Use the command "ps -aux" for a more complete process  
view.  That also means it's very unlikely your server is overloaded or  
reaching process limits.

When someone initially connects to your mail server, typically the  
first thing your mail server does is a reverse IP lookup on the person  
connecting.  Then, depending on your setup, it could also query a  
number of RBL sources (Real Time Black Hole Lists) to see if the  
sender is a known spammer.  The more stuff that is done on that  
initial connection, the more DNS lookups your server has to make and  
the longer it takes to return the "OK" 220 prompt.  That's why I'm  
speculating this is a DNS issue.  If my hunch is correct, your  
/etc/resolv.conf will point to your ISP's recursive (caching) name  
servers.  Rarely do they perform well since they're shared amongst  
hundreds/thousands/millions of users.      For performance reasons,  
you're better off running at least one caching name server of your own  
inside your network - even on the server in question.  While this is  
only speculation on your problem, these methods also lean towards  
"Best Practices" and are simple to implement.

-Ken