Re: transport: list of domains
Am 02.10.2012 17:37, schrieb Wietse Venema: > Robert Schetterer: >>> Therefore, instead of using FILTER, and instead of using filters >>> per gmx MX record, I would use a transport map with ``gmx.net->slow:''. >> >> it was asked to avoid list of domains ( may getting huge ) for slow >> transport, so i tested >> check_recipient_mx_access for avoid listing single domains , and use > > I see, many domains sharing the same MX host. > > I would still reduce this to: > > mx_access: > gmx.net FILTER slow: > > instead of using one filter per MX record. > > Wietse > jep youre right, thx for review -- Best Regards MfG Robert Schetterer
Re: transport: list of domains
Robert Schetterer: > > Therefore, instead of using FILTER, and instead of using filters > > per gmx MX record, I would use a transport map with ``gmx.net->slow:''. > > it was asked to avoid list of domains ( may getting huge ) for slow > transport, so i tested > check_recipient_mx_access for avoid listing single domains , and use I see, many domains sharing the same MX host. I would still reduce this to: mx_access: gmx.net FILTER slow: instead of using one filter per MX record. Wietse
Re: transport: list of domains
Am 02.10.2012 17:02, schrieb Wietse Venema: > Robert Schetterer: >> smtpd_data_restrictions = check_recipient_mx_access >> hash:/etc/postfix/check_recipient_mx_access > > Postfix has no multi-recipient lookup feature, so the above is a > NOOP for multi-recipient mail. > >> mx0.gmx.net FILTER slow:mx0.gmx.net >> mx1.gmx.net FILTER slow:mx1.gmx.net > > Absent concrete evidence I would not assume that mx0.gmx.net and > mx1.gmx.net are implemented as one computer per mx record, and I > would not assume that their MX hosts enforce rate limits etc. > independently. > > Therefore, instead of using FILTER, and instead of using filters > per gmx MX record, I would use a transport map with ``gmx.net->slow:''. > > Wietse > it was asked to avoid list of domains ( may getting huge ) for slow transport, so i tested check_recipient_mx_access for avoid listing single domains , and use their mx record for slow transport, gmx was for example ---snip-old mail anglicanboksburg.org.za spambox: angussa.com spambox: ansc.co.za spambox: nushasingh.comspambox: aomega.co.za spambox: aphroditediamonds.co.za spambox: apollo21.co.za spambox: aquaproof.co.za spambox: There are currently 837 lines and all the domains are hosted at spambox.co.za In main.cf I have: spambox_destination_concurrency_limit = 3 spambox_destination_rate_delay = 1s spambox_destination_recipient_limit = 6 In master.cf i have spambox unix - - n - - smtp -o syslog_name=postfix-spambox Is there an easier way to add the entries other than manually adding more to the already existing file with 837 lines? --snip -- Best Regards MfG Robert Schetterer
Re: transport: list of domains
Robert Schetterer: > smtpd_data_restrictions = check_recipient_mx_access > hash:/etc/postfix/check_recipient_mx_access Postfix has no multi-recipient lookup feature, so the above is a NOOP for multi-recipient mail. > mx0.gmx.net FILTER slow:mx0.gmx.net > mx1.gmx.net FILTER slow:mx1.gmx.net Absent concrete evidence I would not assume that mx0.gmx.net and mx1.gmx.net are implemented as one computer per mx record, and I would not assume that their MX hosts enforce rate limits etc. independently. Therefore, instead of using FILTER, and instead of using filters per gmx MX record, I would use a transport map with ``gmx.net->slow:''. Wietse
Re: transport: list of domains
Am 02.10.2012 15:51, schrieb Wietse Venema: > Robert Schetterer: >> master.cf >> ... >> slow unix - - n - - smtp >> >> main.cf >> slow_destination_concurrency_limit = 3 >> slow_destination_rate_delay = 1s >> slow_destination_recipient_limit = 6 > > With slow_destination_recipient_limit > 1, the scheduler controls > delays, concurrencies, etc. per domain (instead of per recipient). > Therefore, different domains are delivered in parallel, subject to > the master.cf process limit. > > With slow_destination_rate_delay > 0, the per-domain concurrency > (per-domain because slow_destination_recipient_limit > 1) is always > 1, otherwise there can be no delay between deliveries to the same > domain. Therefore, slow_destination_concurrency_limit has no effect. > > If you set slow_destination_rate_delay > 0, then you should also > increase the slow_destination_concurrency_failed_cohort_limit > as described in QSHAPE_README. > > Wietse > thx Wietse for making this clear these were setting from thread not mine, just copied it ( shame on me ! ) but what do you think of ? smtpd_recipient_restrictions = permit_mynetworks, ... permit_sasl_authenticated, ... reject_unauth_destination smtpd_data_restrictions = check_recipient_mx_access hash:/etc/postfix/check_recipient_mx_access i.e with gmx /etc/postfix/check_recipient_mx_access mx0.gmx.net FILTER slow:mx0.gmx.net mx1.gmx.net FILTER slow:mx1.gmx.net -- Best Regards MfG Robert Schetterer
Re: transport: list of domains
Robert Schetterer: > master.cf > ... > slow unix - - n - - smtp > > main.cf > slow_destination_concurrency_limit = 3 > slow_destination_rate_delay = 1s > slow_destination_recipient_limit = 6 With slow_destination_recipient_limit > 1, the scheduler controls delays, concurrencies, etc. per domain (instead of per recipient). Therefore, different domains are delivered in parallel, subject to the master.cf process limit. With slow_destination_rate_delay > 0, the per-domain concurrency (per-domain because slow_destination_recipient_limit > 1) is always 1, otherwise there can be no delay between deliveries to the same domain. Therefore, slow_destination_concurrency_limit has no effect. If you set slow_destination_rate_delay > 0, then you should also increase the slow_destination_concurrency_failed_cohort_limit as described in QSHAPE_README. Wietse
Re: transport: list of domains
Am 02.10.2012 11:23, schrieb Tom Kinghorn: > On 02/10/2012 11:21, Robert Schetterer wrote: >> guess this might be better >> >> check_recipient_mx_access type:table >> Search the specified access(5) database for the MX hosts for the >> RCPT TO domain, and execute the corresponding action. Note: a result of >> "OK" is not allowed for safety reasons. Instead, use DUNNO in order to >> exclude specific hosts from blacklists. This feature is available in >> Postfix 2.1 and later. >> >> but i am still not sure if this is working > Thanks to all who have responded. > > I will test and report back on any successes. > > Regards > Tom if played with my test setup and this seems to work but however i dont recommend it as a good idea yet until gurus gave their toughts master.cf ... slow unix - - n - - smtp main.cf i.e slow_destination_concurrency_limit = 3 slow_destination_rate_delay = 1s slow_destination_recipient_limit = 6 smtpd_recipient_restrictions = permit_mynetworks, ... permit_sasl_authenticated, ... reject_unauth_destination smtpd_data_restrictions = check_recipient_mx_access hash:/etc/postfix/check_recipient_mx_access i.e with gmx /etc/postfix/check_recipient_mx_access mx0.gmx.net FILTER slow:mx0.gmx.net mx1.gmx.net FILTER slow:mx1.gmx.net -- Best Regards MfG Robert Schetterer
Re: transport: list of domains
On 02/10/2012 11:21, Robert Schetterer wrote: guess this might be better check_recipient_mx_access type:table Search the specified access(5) database for the MX hosts for the RCPT TO domain, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This feature is available in Postfix 2.1 and later. but i am still not sure if this is working Thanks to all who have responded. I will test and report back on any successes. Regards Tom
Re: transport: list of domains
Am 02.10.2012 11:15, schrieb Robert Schetterer: > Am 02.10.2012 11:00, schrieb Tom Kinghorn: >> On 02/10/2012 10:39, Ralf Hildebrandt wrote: >>> * Tom Kinghorn : >>> domainname domainname: >>> >>> domainname is a copy of the "smtp...smtp" line in master, renamed to >>> "domainname...smtp" >>> >>> and then use domainname_concurrency_limit >>> >> Thanks Ralph. >> >> I think my explanation of the problem was incorrect, my apologies. >> >> let me provide samples: >> >> In transport i have >> >> >> anglicanboksburg.org.za spambox: >> angussa.com spambox: >> ansc.co.za spambox: >> nushasingh.comspambox: >> aomega.co.za spambox: >> aphroditediamonds.co.za spambox: >> apollo21.co.za spambox: >> aquaproof.co.za spambox: >> >> >> There are currently 837 lines and all the domains are hosted at >> spambox.co.za >> >> In main.cf I have: >> >> spambox_destination_concurrency_limit = 3 >> spambox_destination_rate_delay = 1s >> spambox_destination_recipient_limit = 6 >> >> >> In master.cf i have >> >> spambox unix - - n - - smtp -o >> syslog_name=postfix-spambox >> >> Is there an easier way to add the entries other than manually adding >> more to the already >> existing file with 837 lines? >> It just seems like an ineffective way of doing things. >> >> It would be better to limit the domains based on the destination, then >> one could >> use a wildcard so that any domains hosted by .domainname.co.za >> gets x, y, z restrictions. >> >> hope his makes my predicament a little clearer. >> Thanks >> Tom >> > > hm , perhaps some combi of these parameters may work > but wait for others comment, i am really not sure > > http://www.postfix.org/postconf.5.html > check_client_mx_access type:table > Search the specified access(5) database for the MX hosts for the > client hostname, and execute the corresponding action. Note: a result of > "OK" is not allowed for safety reasons. Instead, use DUNNO in order to > exclude specific hosts from blacklists. This feature is available in > Postfix 2.7 and later. guess this might be better check_recipient_mx_access type:table Search the specified access(5) database for the MX hosts for the RCPT TO domain, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This feature is available in Postfix 2.1 and later. but i am still not sure if this is working > > http://www.postfix.org/access.5.html > FILTER transport:destination > After the message is queued, send the entire mes- > sage through the specified external content filter. > The transport name specifies the first field of a > mail delivery agent definition in master.cf; the > syntax of the next-hop destination is described in > the manual page of the corresponding delivery > agent. More information about external content > filters is in the Postfix FILTER_README file. > -- Best Regards MfG Robert Schetterer
Re: transport: list of domains
Am 02.10.2012 11:00, schrieb Tom Kinghorn: > On 02/10/2012 10:39, Ralf Hildebrandt wrote: >> * Tom Kinghorn : >> domainname domainname: >> >> domainname is a copy of the "smtp...smtp" line in master, renamed to >> "domainname...smtp" >> >> and then use domainname_concurrency_limit >> > Thanks Ralph. > > I think my explanation of the problem was incorrect, my apologies. > > let me provide samples: > > In transport i have > > > anglicanboksburg.org.za spambox: > angussa.com spambox: > ansc.co.za spambox: > nushasingh.comspambox: > aomega.co.za spambox: > aphroditediamonds.co.za spambox: > apollo21.co.za spambox: > aquaproof.co.za spambox: > > > There are currently 837 lines and all the domains are hosted at > spambox.co.za > > In main.cf I have: > > spambox_destination_concurrency_limit = 3 > spambox_destination_rate_delay = 1s > spambox_destination_recipient_limit = 6 > > > In master.cf i have > > spambox unix - - n - - smtp -o > syslog_name=postfix-spambox > > Is there an easier way to add the entries other than manually adding > more to the already > existing file with 837 lines? > It just seems like an ineffective way of doing things. > > It would be better to limit the domains based on the destination, then > one could > use a wildcard so that any domains hosted by .domainname.co.za > gets x, y, z restrictions. > > hope his makes my predicament a little clearer. > Thanks > Tom > hm , perhaps some combi of these parameters may work but wait for others comment, i am really not sure http://www.postfix.org/postconf.5.html check_client_mx_access type:table Search the specified access(5) database for the MX hosts for the client hostname, and execute the corresponding action. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This feature is available in Postfix 2.7 and later. http://www.postfix.org/access.5.html FILTER transport:destination After the message is queued, send the entire mes- sage through the specified external content filter. The transport name specifies the first field of a mail delivery agent definition in master.cf; the syntax of the next-hop destination is described in the manual page of the corresponding delivery agent. More information about external content filters is in the Postfix FILTER_README file. -- Best Regards MfG Robert Schetterer
Re: transport: list of domains
On 02/10/2012 10:39, Ralf Hildebrandt wrote: * Tom Kinghorn : domainname domainname: domainname is a copy of the "smtp...smtp" line in master, renamed to "domainname...smtp" and then use domainname_concurrency_limit Thanks Ralph. I think my explanation of the problem was incorrect, my apologies. let me provide samples: In transport i have anglicanboksburg.org.za spambox: angussa.com spambox: ansc.co.za spambox: nushasingh.comspambox: aomega.co.za spambox: aphroditediamonds.co.za spambox: apollo21.co.za spambox: aquaproof.co.za spambox: There are currently 837 lines and all the domains are hosted at spambox.co.za In main.cf I have: spambox_destination_concurrency_limit = 3 spambox_destination_rate_delay = 1s spambox_destination_recipient_limit = 6 In master.cf i have spambox unix - - n - - smtp -o syslog_name=postfix-spambox Is there an easier way to add the entries other than manually adding more to the already existing file with 837 lines? It just seems like an ineffective way of doing things. It would be better to limit the domains based on the destination, then one could use a wildcard so that any domains hosted by .domainname.co.za gets x, y, z restrictions. hope his makes my predicament a little clearer. Thanks Tom
Re: transport: list of domains
On Tue, Oct 02, 2012 at 10:30:27AM +0200, Tom Kinghorn wrote: > Good morning List. [..] > Is there a way to set the smtp_concurrency_limit for these domains > without creating thousands of lines with > > domainnametransport: Something like: mx1.bigisp.com transport: mx2.bigisp.com transport: . . . mxN.bigisp.com transport: where you don't name single domains but the handling MX's? That's not possible. For more information about transport(5) look here: http://www.postfix.org/transport.5.html HTH Dennis
Re: transport: list of domains
* Tom Kinghorn : > Good morning List. > > I have a problem with a service provider rejecting connections due to > "too many concurrent connections". > They have a huge hosting platform with thousands of domains served by > their mail servers. > > Is there a way to set the smtp_concurrency_limit for these domains > without creating thousands of lines with > > domainnametransport: domainname domainname: domainname is a copy of the "smtp...smtp" line in master, renamed to "domainname...smtp" and then use domainname_concurrency_limit -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
transport: list of domains
Good morning List. I have a problem with a service provider rejecting connections due to "too many concurrent connections". They have a huge hosting platform with thousands of domains served by their mail servers. Is there a way to set the smtp_concurrency_limit for these domains without creating thousands of lines with domainnametransport: many thanks Tom