Help: sendmail clients opening multiple connections on same ldap

hi,

I am having a weird prob. with sendmail-8.13.1-2 (RHEL4). Some mails
are getting stuck in the queue for long times in locked state.

On searching for the issue, I found that processes are stuck on a
select call. This file descriptor for all the stuck processes is to
the same socket to the ldap daemon. I have pasted the lsof output for
the processes below.

Restarting the ldap service delivers the mails immediately. This
problem is happening only to some of the mails intermittently. There
is no other pattern except that the select hangs on the fd of the ldap
socket. Debug log for ldap shows that all queries are responded and
socket in open state.

At the same time other mails and shell logins are able to get ldap
responses and succeed.

Please help me in sorting out this issue.

thanks,
--
Satya Prasad


PROCESS 1

sendmail 9362 root 4uW REG 8,3 1683 6031070 /var/spool/
mqueue/qflAS7JaPP009216
sendmail 9362 root 5u IPv4 11155277 TCP XXXX.XX.XX:
33724->XXXX.XX.XX:ldap (ESTABLISHED)
sendmail 9362 root 7r REG 8,3 12288 6848586 /etc/mail/
virtusertable.db


PROCESS 2

sendmail 9383 root 3u unix 0xf668ca80 11154986 socket
sendmail 9383 root 4uW REG 8,3 1310 6031102 /var/spool/
mqueue/qflAS7JaPQ009216
sendmail 9383 root 5u IPv4 11155277 TCP XXXX.XX.XX:
33724->XXXX.XX.XX:ldap (ESTABLISHED)
sendmail 9383 root 7r REG 8,3 12288 6848586 /etc/mail/
virtusertable.db

Re: Help: sendmail clients opening multiple connections on same ldap socket

dvsprasad@gmail.com writes:
> I am having a weird prob. with sendmail-8.13.1-2 (RHEL4). Some mails
> are getting stuck in the queue for long times in locked state.
>
> On searching for the issue, I found that processes are stuck on a
> select call. This file descriptor for all the stuck processes is to
> the same socket to the ldap daemon. I have pasted the lsof output for
> the processes below.
>
> Restarting the ldap service delivers the mails immediately. This
> problem is happening only to some of the mails intermittently. There
> is no other pattern except that the select hangs on the fd of the ldap
> socket. Debug log for ldap shows that all queries are responded and
> socket in open state.
>
> At the same time other mails and shell logins are able to get ldap
> responses and succeed.
>
> Please help me in sorting out this issue.

0) Do you use timeout for ldap queries in sendmail configuration?
[-lx option with x being time in seconds ]
#v+
# find all K lines (map definitions) that use ldap
grep ^K /etc/mail/sendmail.cf | grep ldap
#v-

1) Which brand of ldap server do use?
2) Does the problem look to be related to high load periods?
[ldap server reaction to overload not handled properly by sendmail]

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/

Re: Help: sendmail clients opening multiple connections on same ldap

> > At the same time other mails and shell logins are able to get ldap
> > responses and succeed.
>
> > Please help me in sorting out this issue.
>
> 0) Do you use timeout for ldap queries in sendmail configuration?
> [-lx option with x being time in seconds ]
> #v+
> # find all K lines (map definitions) that use ldap
> grep ^K /etc/mail/sendmail.cf | grep ldap
> #v-
>
No entries are displayed with this. We use ldap auth through pam.

> 1) Which brand of ldap server do use?
openldap-2.2.13-4 (RHEL4)
> 2) Does the problem look to be related to high load periods?
> [ldap server reaction to overload not handled properly by sendmail]

Server is not loaded that much. Only sendmail and ldap run on it and
has around 8000 mails/day load.

>
> --
> [pl>en: Andrew] Andrzej Adam Filip : a...@priv.onet.pl : a...@xl.wp.pl
> Open-Sendmail:http://open-sendmail.sourceforge.net/

Re: Help: sendmail clients opening multiple connections on same ldap

On Nov 28, 7:24 pm, Andrzej Adam Filip wrote:
> dvspra...@gmail.com writes:
> > I am having a weird prob. with sendmail-8.13.1-2 (RHEL4). Some mails
> > are getting stuck in the queue for long times in locked state.
>
> > On searching for the issue, I found that processes are stuck on a
> > select call. This file descriptor for all the stuck processes is to
> > the same socket to the ldap daemon. I have pasted the lsof output for
> > the processes below.
>
> > Restarting the ldap service delivers the mails immediately. This
> > problem is happening only to some of the mails intermittently. There
> > is no other pattern except that the select hangs on the fd of the ldap
> > socket. Debug log for ldap shows that all queries are responded and
> > socket in open state.
>
> > At the same time other mails and shell logins are able to get ldap
> > responses and succeed.
>
> > Please help me in sorting out this issue.
>
> 0) Do you use timeout for ldap queries in sendmail configuration?
> [-lx option with x being time in seconds ]

Sorry for not posting this earlier. I could not find this option in
the cf/README. Can you pls let me know how to enable this.

thanks,
--
Satya Prasad
> #v+
> # find all K lines (map definitions) that use ldap
> grep ^K /etc/mail/sendmail.cf | grep ldap
> #v-
>
> 1) Which brand of ldap server do use?
> 2) Does the problem look to be related to high load periods?
> [ldap server reaction to overload not handled properly by sendmail]
>
> --
> [pl>en: Andrew] Andrzej Adam Filip : a...@priv.onet.pl : a...@xl.wp.pl
> Open-Sendmail:http://open-sendmail.sourceforge.net/

Re: Help: sendmail clients opening multiple connections on same ldap socket

dvsprasad@gmail.com writes:

> On Nov 28, 7:24 pm, Andrzej Adam Filip wrote:
>> dvspra...@gmail.com writes:
>> > I am having a weird prob. with sendmail-8.13.1-2 (RHEL4). Some mails
>> > are getting stuck in the queue for long times in locked state.
>>
>> > On searching for the issue, I found that processes are stuck on a
>> > select call. This file descriptor for all the stuck processes is to
>> > the same socket to the ldap daemon. I have pasted the lsof output for
>> > the processes below.
>>
>> > Restarting the ldap service delivers the mails immediately. This
>> > problem is happening only to some of the mails intermittently. There
>> > is no other pattern except that the select hangs on the fd of the ldap
>> > socket. Debug log for ldap shows that all queries are responded and
>> > socket in open state.
>>
>> > At the same time other mails and shell logins are able to get ldap
>> > responses and succeed.
>>
>> > Please help me in sorting out this issue.
>>
>> 0) Do you use timeout for ldap queries in sendmail configuration?
>> [-lx option with x being time in seconds ]
>
> Sorry for not posting this earlier. I could not find this option in
> the cf/README. Can you pls let me know how to enable this.

You wrote your uses ldap only via pam - the above options is available
only when sendmail queries ldap directly (not in your case).

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/

Re: Help: sendmail clients opening multiple connections on same ldap

On Nov 29, 11:55 am, Andrzej Adam Filip wrote:
> dvspra...@gmail.com writes:
> > On Nov 28, 7:24 pm, Andrzej Adam Filip wrote:
> >> dvspra...@gmail.com writes:
> >> > I am having a weird prob. with sendmail-8.13.1-2 (RHEL4). Some mails
> >> > are getting stuck in the queue for long times in locked state.
>
> >> > On searching for the issue, I found that processes are stuck on a
> >> > select call. This file descriptor for all the stuck processes is to
> >> > the same socket to the ldap daemon. I have pasted the lsof output for
> >> > the processes below.
>
> >> > Restarting the ldap service delivers the mails immediately. This
> >> > problem is happening only to some of the mails intermittently. There
> >> > is no other pattern except that the select hangs on the fd of the ldap
> >> > socket. Debug log for ldap shows that all queries are responded and
> >> > socket in open state.
>
> >> > At the same time other mails and shell logins are able to get ldap
> >> > responses and succeed.
>
> >> > Please help me in sorting out this issue.
>
> >> 0) Do you use timeout for ldap queries in sendmail configuration?
> >> [-lx option with x being time in seconds ]
>
> > Sorry for not posting this earlier. I could not find this option in
> > the cf/README. Can you pls let me know how to enable this.
>
> You wrote your uses ldap only via pam - the above options is available
> only when sendmail queries ldap directly (not in your case).
>
> --
> [pl>en: Andrew] Andrzej Adam Filip : a...@priv.onet.pl : a...@xl.wp.pl
> Open-Sendmail:http://open-sendmail.sourceforge.net/

OK. I've sen some thing on openldap lists and set 'idletimeout 15' to
remove idle connections.

I am hoping this will bring the queue process out of the select call.

Regards,
--
Satya Prasad