hi i am using 3.1.15p2 on debian buster. yesterday i faced a situation where the database server reached the "max_connections" limit, email, websites etc. running into trouble. as a quick fix i raised the limit on the database server. investigating the source showed that the server has been overwhelmed by repeatedly incoming emails from more than 1000 different hosts within 30 minutes. luckily fail2ban kicked in quickly, as most of the hosts where listed at RBLs: all emails targeted the same domain with random localpart, like [email protected], [email protected], ... i already noticed, that the mysql server has a big list of sleeping mysql processes of the user ispconfig, so i also reduced the wait_timeout to 180 seconds, not sure if this is too low. so far i didnt notice any problems, should be ok for websites and postfix connections. after some time staring at /etc/postfix/main.cf i noticed that some mysql-tables are prefixed with "proxy:mysql:" while some others are not. these entries are missing the proxy: prefix on the mysql-tables: smtpd_recipient_restrictions virtual_uid_maps virtual_gid_maps relay_domains* relay_recipient_maps* smtpd_sender_restrictions smtpd_client_restrictions * even included in "proxy_read_maps" is there a reason why these parts are not configured to use the proxymap servers? i just tried what happens when i add the missing options to proxy_read_maps and prefix all mysql-tables with proxy, and so far i see no problems. sleeping mysql-processes went down significantly!
Hi, as far as I see, this is the only question From https://linux.die.net/man/8/proxymap: Additionally, proxymap is a bit slower (but greatly reduces the requests from postfix to mysql). However, in some cases (even when already present in proxy_read_maps, it looks like a mistake. You could file a bug report in git: https://git.ispconfig.org/ispconfig/ispconfig3
yeah, i also read this section in the postfix manual i cannot see how using proxymap on the missing ones would be less secure as the ones in use, but maybe i miss something here... bit slower will be ok. thanks for sharing your thoughts! also found this: http://postfix.1071664.n5.nabble.com/postfix-with-mysql-too-many-connections-td81836.html
