Results 1 to 10 of 18

Thread: postfix stops working under Mac OS X Leopard (proxymap/LDAP issue)

Threaded View

  1. #1
    Join Date
    Oct 2008
    Posts
    38
    Rep Power
    6

    Default postfix stops working under Mac OS X Leopard (proxymap/LDAP issue)

    We have a severe problem that is actually preventing us to migrate our old Sun iPlanet 5.2 server to Zimbra 5.
    Whe had two Xserve G5 where we tested for 4 months zcs-4.5.10_GA_1575.MACOSX with Mac OS X Tiger and all things went fine, so we decided to install the new version zcs-5.0.10_GA_2609.MACOSXx86_10.5 on two Xserve Intel with two 2.8 GHz quad-core servers and 4 Gb RAM each and running Leopard 10.5.5.
    Our intent was to switch them as production servers after some weeks of testing with ZCS 5, but we are actually disappointed by the behavior of the Zimbra's postfix.
    Just to give an idea of our scenario, we actually have more than 4.000 users and our company receives 2 millions of messages per day; we luckily have a Sophos antivirus/antispam appliance as our domain's primary MX and it blocks 1.9 milliions of them as spam and unwanted connections, the remaining messages are 80-90% spam and 10-20% legal email.
    Given our number of users and mail volume we decided to install zimbra on 2 servers: one as a ldap_master, mta_main with antispam, another as a ldap_replica, mta_backup (via MX records) and mailbox server.
    So we created a few accounts and mailing lists on the zimbra servers and reconfigured the Sophos appliance to forward the filtered messages to the Zimbra servers; they properly catch the messages directed to their users and mailing lists and forward all the other mail traffic to our old iPlanet server (we modified the domain parameters zimbraMailTransport, zimbraMailCatchAllAddress, zimbraMailCatchAllForwardingAddress).
    All things seemed to work fine when all of a sudden the postfix service stopped working on both servers. We tried all: run zmfixperms, disabled TLS with zmlocalconfig -e ldap_starttls_supported=0, reinstalled the SSL certificates, checked the max number of open processes in /etc/sysctl.conf and /etc/launchd.conf, raised the max number of open files by adding ulimit -n 524288 in /etc/profile, uninstalled and reinstalled the whole zimbra stuff, but to no avail.
    What we actually see is that after a random time (maybe 10 minutes or 10 hours) postfix stops working and the only thing we can do to make it work again is to issue zmcontrol stop && zmcontrol start.
    In zimbra.log we have these error messages
    Oct 25 01:17:55 xxx.xxx.101.21 mail1 postfix/proxymap[63785]: error: dict_ldap_connect: Unable to set STARTTLS: -1: Can't contact LDAP server
    Oct 25 01:17:55: --- last message repeated 2 times ---
    Oct 25 01:17:55 xxx.xxx.101.21 mta postfix/trivial-rewrite[63784]: fatal: proxy:ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
    Oct 25 01:17:55 xxx.xxx.101.21 mta postfix/proxymap[63785]: error: dict_ldap_connect: Unable to set STARTTLS: -1: Can't contact LDAP server
    Oct 25 01:17:55: --- last message repeated 2 times ---
    Oct 25 01:17:55 xxx.xxx.101.22 mail1 postfix/trivial-rewrite[63786]: fatal: proxy:ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
    Oct 25 01:17:55 xxx.xxx.101.22 mail1 postfix/proxymap[63785]: error: dict_ldap_connect: Unable to set STARTTLS: -1: Can't contact LDAP server
    Oct 25 01:17:55: --- last message repeated 2 times ---
    Oct 25 01:17:55 xxx.xxx.101.21 mta postfix/trivial-rewrite[63787]: fatal: proxy:ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
    Oct 25 01:17:55 xxx.xxx.101.21 mta postfix/proxymap[63785]: error: dict_ldap_connect: Unable to set STARTTLS: -1: Can't contact LDAP server
    Oct 25 01:17:55: --- last message repeated 2 times ---
    Oct 25 01:17:55 xxx.xxx.101.22 mail1 postfix/trivial-rewrite[63788]: fatal: proxy:ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
    Oct 25 01:17:55 xxx.xxx.101.22 mail1 postfix/proxymap[63785]: error: dict_ldap_connect: Unable to set STARTTLS: -1: Can't contact LDAP server
    Oct 25 01:17:55 xxx.xxx.101.22 mail1 postfix/proxymap[63785]: fatal: too many errors - program terminated
    I noticed that just before the time we get those errors I also have these messages in the log file:
    Oct 25 01:17:43 mta zimbramon[35312]: 35312:err: Service status change: mta.mycompany.com sasl changed from running to stopped
    Oct 25 01:17:43 mta zimbramon[35312]: 35312:err: Service status change: mta.mycompany.com stats changed from running to stopped
    Oct 25 01:17:43 mta zimbramon[35312]: 35312:err: Service status change: mta.mycompany.com antispam changed from running to stopped
    Oct 25 01:17:44 mta zimbramon[35312]: 35312:err: Service status change: mta.mycompany.com mailboxd changed from running to stopped
    Oct 25 01:17:44 mta zimbramon[35312]: 35312:err: Service status change: mta.mycompany.com mta changed from running to stopped
    Oct 25 01:17:45 mta zimbramon[35312]: 35312:err: Service status change: mta.mycompany.com mailbox changed from running to stopped
    Oct 25 01:17:47 xxx.xxx.101.22 mail1 zimbramon[25265]: 25265:err: Service status change: mail1.mycompany.com sasl changed from running to stopped
    Oct 25 01:17:48 xxx.xxx.101.22 mail1 zimbramon[25265]: 25265:err: Service status change: mail1.mycompany.com stats changed from running to stopped
    Oct 25 01:17:48 xxx.xxx.101.22 mail1 zimbramon[25265]: 25265:err: Service status change: mail1.mycompany.com antispam changed from running to stopped
    Oct 25 01:17:48 xxx.xxx.101.22 mail1 zimbramon[25265]: 25265:err: Service status change: mail1.mycompany.com mailboxd changed from running to stopped
    Oct 25 01:17:49 xxx.xxx.101.22 mail1 zimbramon[25265]: 25265:err: Service status change: mail1.mycompany.com mta changed from running to stopped
    Oct 25 01:17:49 xxx.xxx.101.22 mail1 zimbramon[25265]: 25265:err: Service status change: mail1.mycompany.com mailbox changed from running to stopped
    The ldap service continues to work fine on both servers (we can query both with ldapsearch also from a remote host) while postfix is in this errored state, so the problem is definitely in postfix/proxymap.
    As an addition, also consider that after postfix stops working I see a lot of such messages in the log:
    Oct 25 01:29:12 xxx.xxx.101.22 mail1 postfix/postdrop[14998]: warning: mail_queue_enter: create file maildrop/331796.14998: Permission denied
    Oct 25 01:29:12 xxx.xxx.101.22 mail1 postfix/postdrop[12958]: warning: mail_queue_enter: create file maildrop/335410.12958: Permission denied
    Oct 25 01:29:12 xxx.xxx.101.22 mail1 postfix/postdrop[13534]: warning: mail_queue_enter: create file maildrop/336016.13534: Permission denied
    Oct 25 01:29:12 xxx.xxx.101.22 mail1 postfix/postdrop[13338]: warning: mail_queue_enter: create file maildrop/337388.13338: Permission denied
    and I see that this happens because the zimbra postfix's postdrop process (I am sure it's the zimbra one, not the system postfix's postdrop) tries to spool some error messages in /var/spool/postfix (the system postfix's queue_directory) ... don't know if this is related with the previous proxymap/ldap issue, but why does it happen, shouldn't the simbra prostfix processes always spool their messages in the /opt/zimbra/data/postfix/spool directory, given that queue_directory is properly configured in the zimbra config?
    Before someone points me in that direction, I have read about Bug 29395, but its resolution is actually set to "Fixed". BTW I have posted a comment in bugzilla with a link to this post.

    Edit: Bug 29395 seems to be not strictly related to this problem, so I opened a new bug:
    Bug 32613: postfix and amavis randomly stop working - Can't contact LDAP server
    Last edited by fab; 10-27-2008 at 10:08 AM. Reason: new bug filed

Similar Threads

  1. postdrop fail to create file after upgrade to 5.0.3
    By echoadisan in forum Installation
    Replies: 23
    Last Post: 07-15-2013, 03:02 PM
  2. Snow Leopard to add Full Exchange Support to Mac OS
    By playnada in forum CalDAV / CardDAV / iSync
    Replies: 9
    Last Post: 01-26-2010, 09:36 PM
  3. CalDAV error...
    By toolcaserp in forum Administrators
    Replies: 0
    Last Post: 09-17-2008, 12:26 PM
  4. Network edition trial on Leopard (mac os x)
    By Rodi.reich@gmail.com in forum Installation
    Replies: 4
    Last Post: 03-19-2008, 10:07 PM
  5. Issue with Mac OS uninstall
    By specialagent in forum Installation
    Replies: 0
    Last Post: 03-26-2007, 07:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •