[CentOS] Re: Postfix smtp freezing

Mon Aug 13 16:25:28 UTC 2007
Jason Ross <jross at medvoice.com>

Ken,

You are correct, resolve.conf does list my isp's dns 250.171.3.65 which 
is qwest. The internal windows workstations also point o the isp's dns 
server.
Can I setup a cashing dns server on the mail server itself??

PS: I just wanted to say thanks to everyone who has helped me so far.

-jr

Ken Price wrote:
> Jason,
>
> This has nothing to do with AUTHORITATIVE dns.  I'm speculating this 
> is a problem with your choice of RECURSIVE (caching) name servers.  
> Realize, however, that without being on the box and looking at your 
> configuration, all I can do is speculate.
>
>>        Mail .medvoice.com actually resolves to the mail server inside
>> through port forwarding.
>
> Very typical.
>
>> It's not really named that just everything going to the mail ports
>> ends up there.
>
> Understood.  Again, very typical.
>
>> Would DNS still be an issue for sending internal mail.
>
> Maybe, maybe not.  It depends on your internal network setup and where 
> your server and workstations sit respective to each other.  What's in 
> your server's /etc/resolv.conf file?  On your windows workstation, 
> from the command prompt:  ipconfig /all ... what "DNS Servers" are 
> listed here?
>
>> I ran top during one of these unresponsive email spats and noticed
>> that there are no smtp processes listed.
>
> That just means there's no Postfix process in the busiest 20 or so 
> processes.  Use the command "ps -aux" for a more complete process 
> view.  That also means it's very unlikely your server is overloaded or 
> reaching process limits.
>
> When someone initially connects to your mail server, typically the 
> first thing your mail server does is a reverse IP lookup on the person 
> connecting.  Then, depending on your setup, it could also query a 
> number of RBL sources (Real Time Black Hole Lists) to see if the 
> sender is a known spammer.  The more stuff that is done on that 
> initial connection, the more DNS lookups your server has to make and 
> the longer it takes to return the "OK" 220 prompt.  That's why I'm 
> speculating this is a DNS issue.  If my hunch is correct, your 
> /etc/resolv.conf will point to your ISP's recursive (caching) name 
> servers.  Rarely do they perform well since they're shared amongst 
> hundreds/thousands/millions of users.      For performance reasons, 
> you're better off running at least one caching name server of your own 
> inside your network - even on the server in question.  While this is 
> only speculation on your problem, these methods also lean towards 
> "Best Practices" and are simple to implement.
>
> -Ken
>
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>