[Q] Warning: Connection rate limit reached (anvil), and "milter-reject: END-OF-MESSAGE"
JKL
Dear all,
** QUESTION 1
I just noticed this message appearing the log files (mail.log). I
read a little on the page http://www.postfix.org/QSHAPE_README.html, but
did not quite understand where my postfix problem lied. The queues are
very quiet presently. This mail server does not have a lot of throughput.
--------------------- Postfix Begin ------------------------
2105 *Warning: Connection rate limit reached (anvil)
4 Miscellaneous warnings
666.166K Bytes accepted 682,154
128.576K Bytes sent via SMTP 131,662
634.608K Bytes delivered 649,839
======== ==================================================
55 Accepted 20.15%
218 Rejected 79.85%
-------- --------------------------------------------------
273 Total 100.00%
======== ==================================================
1 5xx Reject relay denied 0.46%
1 5xx Reject HELO/EHLO 0.46%
100 5xx Reject unknown user 45.87%
106 5xx Reject RBL 48.62%
2 5xx Reject header 0.92%
8 5xx Reject milter 3.67%
-------- --------------------------------------------------
218 Total 5xx Rejects 100.00%
======== ==================================================
7 4xx Reject milter 100.00%
-------- --------------------------------------------------
7 Total 4xx Rejects 100.00%
======== ==================================================
2406 Connections
158 Connections lost (inbound)
2406 Disconnections
36 Removed from queue
32 Delivered
13 Sent via SMTP
5 Timeouts (inbound)
1 Illegal address syntax in SMTP command
47 Hostname verification errors
18 TLS connections (server)
6 SASL authenticated messages
---------------------- Postfix End -------------------------
** QUESTION 2
On an additional note a milter is rejecting these messages (about 40 each day). I am uncertain which milter is rejecting it from the message. Does anyone know how I can identify the milter:
Mar 6 12:04:17 logout postfix/cleanup[18037]: D6861848C7: milter-reject: END-OF-MESSAGE from smtp143.junkemailfilter.com[69.50.231.143]: 4.7.1 Service unavailable - try again later; from=<REM...@REMOVED.org> to=<REM...@klunky.co.uk> proto=ESMTP helo=<junkemailfilter.com>
Any one, any ideas? Perhaps, which is likly there is some misconfiguration.
Best regards, s.
Reindl Harald
anvil_rate_time_unit = 1800s
smtpd_client_connection_rate_limit = 50
this means "a maximum of 50 connection per half a hour from the same ip"
my example 50/18000 is from our live configuration on postfix-servers
as well our barracuda-spamfirewall and is really a good setting because
sometimes over weeks nobody reaches this limit
if it is reached there is surely a spammer delivering his crap
and postfix will reject temporary connections from the ip
a normal server will try later, a spammer will give up sooner or later
--
Mit besten Grüßen, Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/
JKL
As far as I can tell, the anvil settings are running at the default
settings in my configuration:-
# postconf -n | grep anvil
# postconf -d | grep anvil
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
However, the rate limit is set to 40 (default is 50)
# postconf -n | grep connection_rate_limit
smtpd_client_connection_rate_limit = 40
Now I think I know what is happening. Thanks.
I don't think that is really needs to be changed. I could increase the
smtpd_client_connection_rate_limit and the anvil_rate_time_unit, but its
not a major problem. So long as the server is not loosing Email and
being civil to Email server, then all is well.
It was a compromised user, or a test server:
Mar 5 03:21:46 srv4 postfix/anvil[5078]: statistics: max connection
rate 1733/60s for (smtp:62.198.48.73) at Mar 5 03:16:45
Cheers.
S.