From 8d16f17354b4e7a11b1127b94a32fe9be9517617 Mon Sep 17 00:00:00 2001 From: William Hirigoyen Date: Wed, 18 Jan 2023 10:29:41 +0100 Subject: [PATCH] * clamav: set `MaxConnectionQueueLength` to its default value (200), custom (15) was way too small and caused recurrent connections fail in Postfix. * postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs. --- CHANGELOG.md | 2 ++ clamav/tasks/main.yml | 2 +- postfix/templates/packmail_main.cf.j2 | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d601b50d..60118ebe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,8 @@ The **patch** part changes is incremented if multiple releases happen the same m * docker-host: fix type in daemon.json and remove host configuration that is already in the systemd service by default * haproxy: fix missing admin ACL in stats module access permissions * openvpn: fix the client cipher configuration to match the server cipher configuration +* clamav: set `MaxConnectionQueueLength` to its default value (200), custom (15) was way too small and caused recurrent connections fail in Postfix. +* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs. ### Removed diff --git a/clamav/tasks/main.yml b/clamav/tasks/main.yml index 6d1da3eb..f74efae5 100644 --- a/clamav/tasks/main.yml +++ b/clamav/tasks/main.yml @@ -13,7 +13,7 @@ - { key: 'clamav-daemon/StreamMaxLength', type: 'string', value: '25' } - { key: 'clamav-daemon/ReadTimeout', type: 'string', value: '180' } - { key: 'clamav-daemon/StatsEnabled', type: 'boolean', value: 'false' } - - { key: 'clamav-daemon/MaxConnectionQueueLength', type: 'string', value: '15' } + - { key: 'clamav-daemon/MaxConnectionQueueLength', type: 'string', value: '200' } - { key: 'clamav-daemon/LogRotate', type: 'boolean', value: 'true' } - { key: 'clamav-daemon/AllowAllMatchScan', type: 'boolean', value: 'true' } - { key: 'clamav-daemon/ScanOnAccess', type: 'boolean', value: 'false' } diff --git a/postfix/templates/packmail_main.cf.j2 b/postfix/templates/packmail_main.cf.j2 index b8d4ef38..d8fd0604 100644 --- a/postfix/templates/packmail_main.cf.j2 +++ b/postfix/templates/packmail_main.cf.j2 @@ -412,6 +412,7 @@ smtpd_sasl_path = private/auth-client # Amavis and OpenDKIM content_filter = smtp-amavis:[127.0.0.1]:10024 +smtp-amavis_destination_concurrency_failed_cohort_limit = 0 smtpd_milters = inet:[127.0.0.1]:8891 non_smtpd_milters = inet:[127.0.0.1]:8891