How to troubleshoot Postfix 'too many connections' errors after upgrading?

Summary

Troubleshooting Postfix 'too many connections' errors after an upgrade requires a comprehensive approach covering configuration parameters, system resources, network settings, and external factors. The key areas to investigate include process limits, concurrency limits, rate delays, TLS settings, DNS resolution, greylisting policies, reverse DNS records, system load, firewall restrictions, queue management, and connection reuse. Examining Postfix's configuration files, monitoring system resources, and seeking community support are also recommended.

Key findings

  • Process Limits: `default_process_limit` controls the number of concurrent Postfix processes; insufficient limits can cause errors.
  • Concurrency Limits: `transport_destination_concurrency_limit` restricts connections to a destination; overly restrictive values can trigger errors.
  • Rate Delays: `destination_rate_delay` helps manage the connection rate, especially if the upgraded Postfix is more aggressive.
  • TLS Settings: Incorrect TLS configurations (`smtp_tls_security_level`) can lead to connection problems.
  • DNS Issues: Slow or unreliable DNS resolution increases connection retries.
  • Greylisting: Aggressive greylisting with short retry windows can increase connection attempts.
  • Reverse DNS (PTR): Missing or incorrect reverse DNS records can cause connection rejections or delays.
  • System Load: High system load can slow down Postfix and exacerbate connection issues.
  • Firewall Restrictions: Firewall rules might be limiting outbound connections.
  • Queue Management: Backlogged queues can lead to connection spikes.
  • Connection Reuse: Disabled connection reuse (`smtp_tls_connection_reuse`) results in more new connections.
  • System Resources: Insufficient system resources (ulimit) can prevent Postfix from establishing connections.

Key considerations

  • Check Configuration Files: Review main.cf, master.cf, and other relevant configuration files for errors.
  • Examine Error Logs: Analyze Postfix logs for specific error messages related to connection issues.
  • Increase Process Limits: Consider increasing `default_process_limit`, but monitor resource usage.
  • Adjust Concurrency: Review `transport_destination_concurrency_limit` and `initial_destination_concurrency`.
  • Implement Rate Delays: Use `destination_rate_delay` if the upgraded Postfix is too aggressive.
  • Configure TLS Properly: Verify correct TLS settings, including `smtp_tls_security_level`.
  • Optimize DNS Resolution: Ensure fast and reliable DNS resolution.
  • Review Greylisting Policies: Adjust greylisting settings to avoid excessive connection attempts.
  • Configure Reverse DNS: Set up a valid reverse DNS (PTR) record for the server.
  • Monitor System Load: Check CPU, memory, and disk I/O for high load issues.
  • Adjust Firewall Rules: Ensure the firewall isn't limiting outbound connections.
  • Manage the Queue: Monitor the Postfix queue using `mailq` and `postqueue -p`.
  • Enable Connection Reuse: Ensure `smtp_tls_connection_reuse = yes`.
  • Adjust Ulimit Settings: Check and increase system resource limits (ulimit).
  • Seek Community Support: Consult the postfix-users mailing list or online forums for assistance.

What email marketers say
12Marketer opinions

Troubleshooting 'too many connections' errors in Postfix after upgrading involves examining multiple configuration aspects. Key areas include connection limits (`maxproc` in `master.cf`, `initial_destination_concurrency`), resource limits (system ulimit), DNS resolution, TLS settings, firewall restrictions, queue monitoring, connection reuse (`smtp_tls_connection_reuse`), greylisting, reverse DNS records, and overall system load. The errors can also be linked to software bugs with new Postfix releases.

Key opinions

  • Connection Limits: Incorrect settings for `maxproc` or `initial_destination_concurrency` can exhaust available connections.
  • Resource Limits: System-level resource limits (ulimit) can prevent Postfix from opening necessary connections.
  • DNS Issues: Slow or incorrect DNS resolution can lead to increased connection attempts.
  • TLS Configuration: Incorrect TLS settings might cause connection problems.
  • Firewall Restrictions: Firewall rules could be limiting outbound connections from the Postfix server.
  • Queue Backlog: A large queue backlog can lead to connection spikes.
  • Connection Reuse: Disabled connection reuse (`smtp_tls_connection_reuse`) results in more connections being created.
  • Greylisting: Overly aggressive greylisting can increase connection retries.
  • Reverse DNS: Missing or incorrect reverse DNS records can cause connection delays or rejections.
  • System Load: High system load can slow down Postfix and exacerbate connection issues.

Key considerations

  • Check `maxproc`: Ensure the `maxproc` setting in `master.cf` isn't too restrictive for the current workload.
  • Adjust Concurrency: Review and adjust `initial_destination_concurrency` to optimize connection handling.
  • Verify Ulimit: Check system resource limits (ulimit) and increase them if necessary.
  • Test DNS Resolution: Confirm DNS is resolving quickly and accurately.
  • Review TLS Settings: Ensure `smtp_tls_security_level` and related parameters are correctly configured.
  • Examine Firewall Rules: Verify the firewall isn't limiting outbound connections.
  • Monitor the Queue: Use `mailq` and `postqueue -p` to identify any backlogs.
  • Enable Connection Reuse: Ensure `smtp_tls_connection_reuse = yes` is set.
  • Review Greylisting: Adjust greylisting settings if they are too aggressive.
  • Configure Reverse DNS: Make sure the server has a valid reverse DNS (PTR) record.
  • Monitor System Load: Check CPU, memory, and disk I/O to identify high load issues.
Marketer view

Email marketer from Geekflare explains that overly aggressive greylisting can cause senders to retry frequently, increasing the number of connections. Review your greylisting configuration.

April 2023 - Geekflare
Marketer view

Email marketer from EmailAdminBlog.com recommends checking and adjusting Postfix's `initial_destination_concurrency`. They explain that a low initial concurrency setting could lead to quicker exhaustion of available connections.

June 2023 - EmailAdminBlog.com

What the experts say
4Expert opinions

Troubleshooting 'too many connections' errors in Postfix involves examining configuration files, error messages, greylisting settings, and DNS resolution. Configuration files need to be checked, and it's important to differentiate between inbound and outbound settings. Aggressive greylisting and DNS issues are major factors.

Key opinions

  • Configuration Review: Configuration files should be checked, along with the exact errors being received, to identify misconfigurations.
  • Inbound vs. Outbound Settings: `smtpd_junk_command_limit` affects inbound mail, not outbound concurrency issues.
  • Aggressive Greylisting: Aggressive greylisting with a short retry window can lead to increased connection attempts.
  • DNS Resolution: Slow or unreliable DNS resolution leads to more connection retries.

Key considerations

  • Examine Config Files: Check configuration files and error logs.
  • Understand Settings: Understand the difference between inbound and outbound configuration settings.
  • Adjust Greylisting: Review and adjust greylisting settings to avoid excessive connection attempts.
  • Optimize DNS: Ensure fast and reliable DNS resolution.
Expert view

Expert from Spam Resource explains that aggressive greylisting combined with a short retry window can increase connection attempts and trigger 'too many connections' errors in Postfix.

September 2022 - Spam Resource
Expert view

Expert from Email Geeks explains that `smtpd_junk_command_limit` is an inbound mail setting and wouldn't affect outbound concurrency.

June 2021 - Email Geeks

What the documentation says
3Technical articles

Troubleshooting 'too many connections' errors in Postfix after upgrading involves examining key configuration parameters related to process limits, concurrency, and rate delays. Documentation from Postfix.org highlights the importance of `default_process_limit`, `transport_destination_concurrency_limit` (or its transport-specific variants), and `destination_rate_delay` in managing connection behavior.

Key findings

  • Process Limit: `default_process_limit` controls the maximum number of concurrent Postfix processes.
  • Concurrency Limit: `transport_destination_concurrency_limit` restricts concurrent connections to a single destination.
  • Rate Delay: `destination_rate_delay` may be needed if the upgraded Postfix version is more aggressive.

Key considerations

  • Increase Process Limit: Consider increasing `default_process_limit` while monitoring resource usage.
  • Review Concurrency Limit: Assess if `transport_destination_concurrency_limit` is too restrictive.
  • Implement Rate Delay: If necessary, use `destination_rate_delay` to slow down connection attempts.
Technical article

Documentation from Postfix.org explains that the `default_process_limit` parameter controls the maximum number of concurrently running Postfix processes. Increasing this might help, but also check resource usage.

April 2024 - Postfix.org
Technical article

Documentation from Postfix.org explains the use of `destination_rate_delay` parameter. He shares that this might be needed if the upgraded Postfix version is more aggressive, causing the destination server to see too many connections.

November 2021 - Postfix.org