• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Plesk Milter SASL authentication: 30 seconds delay?

B

BoMbY

New Pleskian
Hello,

there seems to be a 30 seconds delay in SASL authentication, when the Plesk Milter is activated, which causes timeout problems with some clients. Example:

Code: 
Aug  9 17:41:08 lvps91-250-X-X postfix/smtpd[23969]: connect from mail-we0-f177.google.com[74.125.82.177]
Aug  9 17:41:38 lvps91-250-X-X plesk_saslauthd[23973]: listen=6, status=5, dbpath='/var/spool/postfix/plesk/passwd.db', keypath='/var/spool/postfix/plesk/passwd_db_key', chroot=0, unprivileged=1

When I disable the Plesk Milter via main.cf, the delay is completely gone. What I'm wondering is, why the Plesk Milter is running in the first place, for the authentication process? Is there any way to put it into a verbose log mode, to maybe see what exactly is causing this problem?

Thanks and Regards,
BoMbY

Currently running: Parallels Plesk Panel v11.0.9_build110120608.16 os_CentOS 6
 
Perhaps some of mail handlers are triggered after SASL authentication. You can try to disable some of them in before-data queue. You can see list of these handlers with

# /usr/local/psa/admin/sbin/mail_handlers_control --list

Most probably that it is SPF, but I'm not sure. Also there is possible problem with DNS back resolving. Check it.
 
Thanks for the answer. There is currently not much going on, on this server (not transferred all domains to it):

Code: 
.---.-------.--------------------------------------.-----------------.------------------.---------------.
| E | prior |               address                |       name      |       type       |     queue     |
|---|-------|--------------------------------------|-----------------|------------------|---------------|
| X |    10 |                                  all |             spf |           global |  before-queue |
| X |    10 |                                  all | dd52-domainkeys |           global |  before-local |
|   |    30 |                                  all |       sender-ip |           global |  before-queue |
| X |    10 |                       all-recipients |     check-quota |           global |  before-queue |
| X |    10 |                      [onedomain].net | dd51-domainkeys |    sender-domain | before-remote |
'---'-------'--------------------------------------'-----------------'------------------'---------------'

This is why I asked for the debug/verbose mode. I don't really think the DNS is the problem, because my custom policy service using some DNSBLs is working fine (and not causing this kind of delay, and it's running for non-authenticated senders only). Maybe it's the "sender-ip" module? What does that do exactly?

Edit: And the delay/the SASL authentication is earlier than any SPF could be meaningful, right?
Edit2: The delay is actually before any authentication is happening, right after the connect. That's what causing the problems, because some clients simply time out during the authentication, if nothing happens for 30 seconds.
 
Last edited:
You must log in or register to reply here.

Similar threads

A
Question Spam attack in postfix log file
Replies
13
Views
3K
mow
M
S
Question How to prevent of this mail attacks?
Replies
5
Views
2K
Monty
Monty
M
Issue Fail2Ban authentication failure monitor and Plesk Spam Assasin stopping and starting
Replies
5
Views
2K
m3lezZ
m3lezZ
R
Resolved Plesk behind HAProxy
Replies
5
Views
3K
razertechDE
R
G
Question Unable to send emails via phpmailler (codeigniter) smtp to hotmail.
Replies
2
Views
2K
Grepher76
G
Back
Top