This morning, I had a client call me bright and early, frantic about some mail problems they were having. All of their mail servers had stopped accepting incoming SMTP connections for some reason, and they couldn’t figure out why.
After a little bit of investigation, I found that they were using postfix with MySQL-based virtual domains. The MySQL authentication was failing, which meant that postfix was unable to look up any valid recipient names. That, in turn was causing tons of retried connections, until they hit the maximum number of connections where Postfix would refuse additional connections.
The problem is that these mail servers were initially set up with some dumb names for some reason. A new administrator noticed the silly names in their Reverse DNS entries and changed them to some more sensible names. The MySQL permissions were based off of the hostnames, so when the names in Reverse DNS changed, it broke the permissions, and the clients were unable to connect.
Solving the problem was simple enough – I just corrected the MySQL permissions, and then had to deal with some huge mail queues for a little while as all of the messages waiting to come in were finally allowed all at once.
The moral of the story is to use sensible names to start out with. These names were chosen to be sortof funny I guess, but it didn’t end up being so amusing in the midst of all of the problems it caused. As a side note, I usually do MySQL permissions based on IP Address as well, so that you further reduce this kind of problem.