Transport Connection Limiting
Hello, Wonder if someone can point me in the right direction. We hold transport routes for loads of destinations and sometimes encounter an issue if one particular domain/route suddenly gets a hugh influx of mail. Say for instance one particular domain gets 10,000 emails, it could be ages before postifx looks to deliver the email for the other routes and therefore that particluar routes is hogging resources. Just wondered if there is a way to limit connections per transport route? Thanks Dan.
mail server on vm
Hi all I have configured postfix on centos virtual machine it works fine but I can't add virtual domain to postfix it always refuse receiving via this domain Postconf -n output alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix disable_dns_lookups = yes disable_vrfy_command = yes home_mailbox = Maildir/ html_directory = no inet_interfaces = all local_recipient_maps = proxy:unix:passwd.byname, $alias_maps,$virtual_mailbox_maps local_transport = local mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man mydestination = localhost mydomain = myserver.com myhostname = mail.mysever.com mynetworks = 192.168.56.0/24, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix relay_domains = setgid_group = postdrop smtp_host_lookup = native smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_banner = $myhostname ESMTP smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 450 virtual_alias_maps = hash:/etc/postfix/virtual virtual_gid_maps = static:501 virtual_mailbox_base = /home/vmail/ virtual_mailbox_domains = myserver.com,tech-vm.com virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_minimum_uid = 500 virtual_transport = virtual virtual_uid_maps = static:501 and the error I have is Recipient address rejected: User unknown in virtual mailbox table;(when receiving ) Regards
Re: mail server on vm
Amira Othman: > and the error I have is Recipient address rejected: User unknown in virtual > mailbox table;(when receiving ) The recipient DOMAIN matches virtual_mailbox_domains, but the recipient ADDRESS does not match virtual_mailbox_maps (or virtual_alias_maps). See: http://www.postfix.org/ADDRES_CLASS_README.html http://www.postfix.org/VIRTUAL_README.html Wietse
Re: Transport Connection Limiting
Dan S: > Hello, > > Wonder if someone can point me in the right direction. > > We hold transport routes for loads of destinations and sometimes encounter > an issue if one particular domain/route suddenly gets a hugh influx of mail. > > Say for instance one particular domain gets 10,000 emails, it could be ages > before postifx looks to deliver the email for the other routes and therefore > that particluar routes is hogging resources. > > Just wondered if there is a way to limit connections per transport route? This requires a policy or milter daemon. Perhaps policyd, postfwd, mailfromd, or other. Wietse
Re: using header_checks to change message-id header
On Tue, Aug 16, 2011 at 2:35 AM, Ralf Hildebrandt wrote: > * Peter Blair : >> /Message-Id:\s+<(.*?)@my.domain.com>/ REPLACE Message-Id: >> <$1...@my.domain.net> > > Warning: this might also alter Resent-Message-Id: into Message-Id:!!! -1s/might/will/ Cheers! :)
Re: using header_checks to change message-id header
Thanks all for the help. I decided instead to just replace all instances of my internal domain using the following on my gateway server: /^(.*?)internal\.domain\.com(.*?)/ REPLACE ${1}pretend_name.domain.com${2} This is because it wasn't modifying the Resent-Message-Id headers. And on my internal server I just reverse the process. It doesn't seem to work on lines containing multiple references to my internal server, but that doesn't really affect me as I remove the received lines altogether when it crosses my gateway. Anyway, thanks again for the help!
Re: Using negative feedback to control sites returning "too many connects" warnings.
Can you confirm my understanding of the following settings. initial_destination_concurrency = 5 default_destination_concurrency_limit = 20 default_destination_concurrency_positive_feedback = 1/2 default_destination_concurrency_negative_feedback = 1 default_destination_concurrency_failed_cohort_limit = 1 This would cause the initial concurrency to begin at 5 It would take two successful psuedo-cohorts before it increased the concurrency to 6, effectively halving the rate of growth of positive concurrency. It would take 30 successful psuedo-cohorts to reach the maximum concurrency of 20. It would take a single failed cohort to drop the concurrency by 1. or would it be marked dead on the first failed cohort, and restart later back at 5? Is there any way to make it drop concurrency by MORE than one? If I understand the docs saying the following is invalid: default_destination_concurrency_negative_feedback = 3/1 On Tue, Aug 16, 2011 at 8:50 AM, Donovan Bray wrote: > How about using initial concurrency, negative and positive feedback so that > dynamically it loses concurrency faster on failure than it gains on success? > > I've seen no examples of how to configure it other than the defaults > specified. > > On Aug 15, 2011, at 4:59 PM, Wietse Venema wrote: > > >> I have several domains that I need to deliver for; and I use > >> sender_dependent_default_transport_maps to map those to the correct IP's > to > >> send out of. > >> > >> I am experiencing a couple of related domains begin to defer our mail > with > >> with 450 and 421's. > >> > >> Aug 15 10:10:13 server postfix/smtp[27375]: B2A93E39647: host > >> scc-mailrelay.att.net[204.127.208.75] refused to talk to me: 450 > xx.xx.xx.xx > >> has too many connections ( 3 ) on sccwmxc01 > > > > You can limit the per-destination concurrency with: > > > > /etc/postfix/main.cf: > >xxx_destination_concurrency_limit = 2 > > > > where xxx is the name of a mail delivery transport (first field in > > master.cf). > > > > Or you can just ignore the issue and let Postfix deliver the mail > > on the next delivery attempt. > > > > I have no quick solution for (per-sender source IP address) AND > > (destination-dependent concurrency limit). If you need that amount > > of control, then separate Postfix instances are required. > > > >Wietse >
Re: Using negative feedback to control sites returning "too many connects" warnings.
Donovan Bray: > Can you confirm my understanding of the following settings. No. You don't solve problems by playing with scheduler feedback. The entire concept of feedback is largely bogus, as shown by the measurements in SCHEDULER_README.html. Wietse > initial_destination_concurrency = 5 > default_destination_concurrency_limit = 20 > default_destination_concurrency_positive_feedback = 1/2 > default_destination_concurrency_negative_feedback = 1 > default_destination_concurrency_failed_cohort_limit = 1 > > This would cause the initial concurrency to begin at 5 > It would take two successful psuedo-cohorts before it increased the > concurrency to 6, effectively halving the rate of growth of positive > concurrency. > It would take 30 successful psuedo-cohorts to reach the maximum concurrency > of 20. > It would take a single failed cohort to drop the concurrency by 1. or would > it be marked dead on the first failed cohort, and restart later back at 5? > > Is there any way to make it drop concurrency by MORE than one? If I > understand the docs saying the following is invalid: > > default_destination_concurrency_negative_feedback = 3/1 > > > On Tue, Aug 16, 2011 at 8:50 AM, Donovan Bray wrote: > > > How about using initial concurrency, negative and positive feedback so that > > dynamically it loses concurrency faster on failure than it gains on success? > > > > I've seen no examples of how to configure it other than the defaults > > specified. > > > > On Aug 15, 2011, at 4:59 PM, Wietse Venema wrote: > > > > >> I have several domains that I need to deliver for; and I use > > >> sender_dependent_default_transport_maps to map those to the correct IP's > > to > > >> send out of. > > >> > > >> I am experiencing a couple of related domains begin to defer our mail > > with > > >> with 450 and 421's. > > >> > > >> Aug 15 10:10:13 server postfix/smtp[27375]: B2A93E39647: host > > >> scc-mailrelay.att.net[204.127.208.75] refused to talk to me: 450 > > xx.xx.xx.xx > > >> has too many connections ( 3 ) on sccwmxc01 > > > > > > You can limit the per-destination concurrency with: > > > > > > /etc/postfix/main.cf: > > >xxx_destination_concurrency_limit = 2 > > > > > > where xxx is the name of a mail delivery transport (first field in > > > master.cf). > > > > > > Or you can just ignore the issue and let Postfix deliver the mail > > > on the next delivery attempt. > > > > > > I have no quick solution for (per-sender source IP address) AND > > > (destination-dependent concurrency limit). If you need that amount > > > of control, then separate Postfix instances are required. > > > > > >Wietse > >