Sandy Drobic wrote: > David C. Rankin wrote: >> Listmates (Sandy), >> >> I have built a fresh 10.3 server, but smtp performance seems slow. >> Are >> there any tips or tricks to improve the mail sending performance. Here > > > The problem starts here: > dig bonza.rbpllc.com > > ; <<>> DiG 9.4.1-P1 <<>> bonza.rbpllc.com > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42966 > ^^^^^^^^ > postconf -d smtp_helo_name > smtp_helo_name = $myhostname > > So you are using an invalid helo name.
Glad to be with you Sandy! Ok, this one is fixed! [EMAIL PROTECTED]:/home/samba/egw3111/backup # dig bonza.rbpllc.com ; <<>> DiG 9.3.2 <<>> bonza.rbpllc.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27035 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;bonza.rbpllc.com. IN A ;; ANSWER SECTION: bonza.rbpllc.com. 2300 IN A 66.76.63.60 ;; AUTHORITY SECTION: rbpllc.com. 4372 IN NS ns1.domaindiscover.com. rbpllc.com. 4372 IN NS ns2.domaindiscover.com. ;; ADDITIONAL SECTION: ns1.domaindiscover.com. 24393 IN A 216.104.162.3 ns2.domaindiscover.com. 47438 IN A 216.104.163.3 ;; Query time: 3 msec ;; SERVER: 192.168.6.16#53(192.168.6.16) ;; WHEN: Wed Jan 9 00:32:34 2008 ;; MSG SIZE rcvd: 133 > >> mynetworks_style = subnet > > Better set this manually. If the Server has an official ip address you > will invite your neighbor servers to use you as relay. > OK, I'm not sure I understand the response. I have it set, are you telling me I should set it to something else?? >> smtpd_client_restrictions = check_client_access >> cidr:/etc/postfix/client_check.cidr, reject_rbl_client relays.ordb.org, >> reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client list.dsbl.org > > Several problems: > You don't exclude authenticated clients or clients in mynetworks. > You are using a dead RBL (relays.ordb.org has gone the way of the > dinosaurs). Ok, I removed relays.ordb.org > > Do you use /etc/postfix/access? If not, drop it from your config. In > this case it would be a check_sender_access because it is placed in > sender_restrictions. > Removed from main.cf > Pet peeve #1: don't use short cuts, always use the complete form. If you > decide one day to move the check to smtpd_recipient_restrictions, it > would suddenly become a check_recipient_access instead of a > check_sender_access. > > Better to set up all checks in one class and disable the rest, it's much > more transparent that way. > > smtpd_client_restrictions = > smtpd_sender_restrictions = > smtpd_sender_restrictions = > smtpd_recipient_restrictions = > reject_non_fqdn_sender, > reject_non_fqdn_recipient > permit_mynetworks > permit_sasl_authenticated > reject_unauth_destination > reject_unlisted_recipient > # check_client_access hash:/etc/postfix/client_whitelist > cidr:/etc/postfix/client_check.cidr > check_recipient_access pcre:/etc/postfix/recipient_check.pcre > reject_invalid_helo_hostname, > reject_non_fqdn_helo_hostname, > # consider using zen.spamhaus.org! > reject_rbl_client sbl-xbl.spamhaus.org > reject_rbl_client list.dsbl.org > OK, just using smtpd_recipient_restrictions now. > Pet peeve #2: > cidr:/etc/postfix/client_check.cidr > check_recipient_access pcre:/etc/postfix/recipient_check.pcre > > Can you tell me what kind of checks are in these files? > Will you be able to tell me in half a year as well? > Yes, I Blacklist APNIC addresses with client_check.cidr and I Blacklist normally abused accounts (sales, accounting, etc..) with recipient_check.pcre > Let's say, you only use it for blacklisting now, but some day you decide > to whitelist someone and say "OK", and suddenly you enable him to use > your server as relay, because you might have put the check before > reject_unauth_destination. As long as you were only using it to reject > clients it wouldn't matter, but whitelist a client and suddenly he can > use you as relay. Whitelist a client before you check for valid > recipients, and you risk to turn into a backscatter source. > > Consider using telling names for the checks: I see your point, good idea. Thanks. > > cidr:/etc/postfix/client_blacklist.cidr > pcre:/etc/postfix/recipient_greylisting_enabled.pcre > pcre:/etc/postfix/recipient_internal_only.pcre > > If necessary split the checks and create separate files for separate > purposes (blacklisting/rejecting, whitelisting, filtering etc.), then > you can easily place them at the correct place in the order of checks. > The policy of your mail system is much more maintainable that way. > >> smtpd_use_tls = no >> strict_8bitmime = no >> strict_rfc821_envelopes = no >> transport_maps = hash:/etc/postfix/transport >> unknown_client_reject_code = 550 >> unknown_local_recipient_reject_code = 550 >> virtual_alias_domains = hash:/etc/postfix/virtual >> virtual_alias_maps = hash:/etc/postfix/virtual >> >> Which of these would affect or help smtp response time? Any tips >> would >> be appreciated. > > After you have fixed your dns settings, Wow, the mail seems much much faster Sandy! I'll do a little more testing tomorrow. Like I said earlier, good to be with you! -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
