Believe me, this is everything but spam-related. It's mostly .org and .edu/.gov kind of mailings (non-profit), but quite a lot of them at one time. I've seen postfix moments like this quite a lot recently: Incoming: 6991 Active: 20000 Deferred: 7897 Bounced: 2319 Hold: 0 Corrupt: 0
I had to employ special output limits for delivery to the hotmail/live mail-addresses, since we suffered bounces due to hotmail/live servers not tolerating the rate at which my postfix was sending them mail. smtp_destination_concurrency_limit = 4 smtp_destination_rate_delay = 1s smtp_extra_recipient_limit = 10 seemed to solve that problem. Microsoft's servers stopped bouncing mail, accepted the rate at which it got mail from our server. But this created a new problem: Other normal local user's mail got delayed by ~30 minutes whenever postfix had to deal with sending out such newsletters. This is not something they're happy with. We decided to create a special MX for just the bulk mailings within our IP-block, the datacentre network we maintain. Here's where my questions arise: The setup is as follows: - We have many servers within the same range, 10.20.30.x (I'll use IPv4 only for ease now), some of them have websites and/or are shared hosting servers that are using a SaaS home-made mailing-GUI for their newsletters and similar high volume recipient list mails. - Our primary MX that needs to send out the bulk for them all is 10.20.30.7 - Is there a way to NOT have to tell postfix to allow the sending domain names, but just the server's IP-addresses that hold those who'd like to send out those mails via 10.20.30.7 ? I would basically like them to use any (valid domain's) from-field they want, and postfix would have to allow it because the source is one of our own servers. Below is my config, it does not want to relay mail from those local servers and I'm not sure why. Do I really have to note down all from-field domains as allowed or what is the best way to accomplish this? I have commented out a lot in this config, because I'm working on getting it as perfect as possible for our purpose. Thanks in advance for any and all feedback on this config, feel free to add improvements: [root@somemailer~]# cat /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP $mail_name #relay_domains = $mydestination, somemailer.net #relay_recipient_maps = #relayhost = #transport_maps = hash:/etc/postfix/transport debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 alias_maps = hash:/etc/aliases sendmail_path = /usr/sbin/sendmail.postfix #newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man readme_directory = /usr/share/doc/postfix-2.8.14/README_FILES inet_protocols = ipv4 # :-/ inet_protocols = all inet_interfaces = 10.20.30.7, 127.0.0.1 smtp_bind_address = mynetworks = 127.0.0.0/8 [::1]/128 192.168.2.0/24, 10.20.30.0/24 smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128 192.168.2.0/24 10.20.30.0/24 smtp_send_xforward_command = yes mydomain = somemailer.net myhostname = bulk.somemailer.net myorigin = $myhostname mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mailer.$mydomain recipient_delimiter = + # tempfailed adapted to 3 minutes: queue_run_delay = 180s minimal_backoff_time = 180s maximal_backoff_time = 3601s disable_vrfy_command = yes biff = no default_process_limit = 1000 trigger_timeout = 1 # ? in_flow_delay = 1s smtpd_delay_reject = yes smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/sender_access, permit smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining, permit smtpd_client_restrictions = permit_mynetworks smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated smtpd_recipient_restrictions = reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_client_access hash:/etc/postfix/whitelist, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client hosts.rbl.zonnet.net, reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client bl.shlink.de, reject_rbl_client bl.blocklist.de, reject_rbl_client spamguard.leadmon.net, reject_rbl_client mail-abuse.blacklist.jippg.org, permit default_destination_concurrency_limit = 0 smtp_connect_timeout = 30 smtp_destination_rate_delay = 1s smtp_extra_recipient_limit = 10 smtpd_timeout = 3600s smtpd_proxy_timeout = 3600s smtpd_error_sleep_time = 2s smtpd_soft_error_limit = 8 smtpd_hard_error_limit = 18 smtpd_recipient_limit = 120 smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes smtpd_reject_footer = For assistance, contact us at hostmas...@somemailer.nl, and please provide the following information in your problem report: time ($localtime), client ($client_address) and server ($server_name). smtpd_client_message_rate_limit = 48 smtpd_client_recipient_rate_limit = 30 # for hotmail/live reception (preventing blocks): slow_destination_rate_delay = 1 slow_destination_concurrency_failed_cohort_limit = 100 smtp_destination_concurrency_limit = 4 smtp_destination_rate_delay = 1s smtp_extra_recipient_limit = 10 queue_minfree = 122880000 qmgr_message_active_limit = 12000 qmgr_message_recipient_limit = 12000 qmgr_site_hog_factor = 100 bounce_size_limit = 150000 mailman_destination_recipient_limit = 1 mailbox_size_limit = 0 message_size_limit = 20480000 # TLS parameters saslauthd TODO ! #smtpd_sasl_local_domain = #smtpd_sasl_auth_enable = yes #broken_sasl_auth_clients = yes #smtpd_sasl_security_options = noanonymous #smtpd_sasl_authenticated_header = no #smtpd_tls_received_header = no #smtpd_tls_security_level=may #smtp_tls_security_level=may #smtp_tls_ciphers = export #smtp_tls_protocols = !SSLv2 #smtpd_tls_loglevel = 1 #smtpd_tls_session_cache_timeout = 3600s #tls_random_source = dev:/dev/urandom #smtpd_tls_auth_only = no #smtpd_use_tls = yes #smtp_use_tls = yes #smtp_tls_note_starttls_offer = yes #smtpd_tls_key_file = /etc/postfix/ssl/mailer.key #smtpd_tls_cert_file = /etc/postfix/ssl/mailer.crt #smtpd_tls_CAfile = /etc/postfix/ssl/ca-certificates.crt #smtp_tls_CAfile = $smtpd_tls_CAfile #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache