Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

transport: list of domains

75 views
Skip to first unread message

Tom Kinghorn

unread,
Oct 2, 2012, 4:30:27 AM10/2/12
to
Good morning List.

I have a problem with a service provider rejecting connections due to "too many concurrent connections".
They have a huge hosting platform with thousands of domains served by their mail servers.

Is there a way to set the smtp_concurrency_limit for these domains without creating thousands of lines with

domainname                transport:


many thanks
Tom

Ralf Hildebrandt

unread,
Oct 2, 2012, 4:39:22 AM10/2/12
to
* Tom Kinghorn <thomas....@gmail.com>:
domainname domainname:

domainname is a copy of the "smtp...smtp" line in master, renamed to
"domainname...smtp"

and then use domainname_concurrency_limit

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hil...@charite.de | http://www.charite.de


Dennis Guhl

unread,
Oct 2, 2012, 4:57:21 AM10/2/12
to
On Tue, Oct 02, 2012 at 10:30:27AM +0200, Tom Kinghorn wrote:
> Good morning List.

[..]

> Is there a way to set the smtp_concurrency_limit for these domains
> without creating thousands of lines with
>
> domainname transport:

Something like:

mx1.bigisp.com transport:
mx2.bigisp.com transport:
.
.
.
mxN.bigisp.com transport:

where you don't name single domains but the handling MX's?

That's not possible.

For more information about transport(5) look here:

http://www.postfix.org/transport.5.html

HTH

Dennis

Tom Kinghorn

unread,
Oct 2, 2012, 5:00:45 AM10/2/12
to
On 02/10/2012 10:39, Ralf Hildebrandt wrote:
* Tom Kinghorn <thomas....@gmail.com>:

domainname                  domainname:

domainname is a copy of the "smtp...smtp" line in master, renamed to
"domainname...smtp"

and then use domainname_concurrency_limit
Thanks Ralph.

I think my explanation of the problem was incorrect, my apologies.

let me provide samples:

In transport i have

<snip>
anglicanboksburg.org.za       spambox:
angussa.com                         spambox:
ansc.co.za                             spambox:
nushasingh.com                    spambox:
aomega.co.za                       spambox:
aphroditediamonds.co.za     spambox:
apollo21.co.za                      spambox:
aquaproof.co.za                  spambox:
</snip>

There are currently 837 lines and all the domains are hosted at spambox.co.za

In main.cf I have:

spambox_destination_concurrency_limit = 3
spambox_destination_rate_delay = 1s
spambox_destination_recipient_limit = 6


In master.cf i have

spambox unix  -       -       n       -       -       smtp -o syslog_name=postfix-spambox

Is there an easier way to add the entries other than manually adding more to the already
existing file with 837 lines?
It just seems like an ineffective way of doing things.

It would be better to limit the domains based on the destination, then one could
use a wildcard so that any domains hosted by <host>.domainname.co.za gets x, y, z restrictions.

hope his makes my predicament a little clearer.
Thanks
Tom

Robert Schetterer

unread,
Oct 2, 2012, 5:15:33 AM10/2/12
to
hm , perhaps some combi of these parameters may work
but wait for others comment, i am really not sure

http://www.postfix.org/postconf.5.html
check_client_mx_access type:table
Search the specified access(5) database for the MX hosts for the
client hostname, and execute the corresponding action. Note: a result of
"OK" is not allowed for safety reasons. Instead, use DUNNO in order to
exclude specific hosts from blacklists. This feature is available in
Postfix 2.7 and later.

http://www.postfix.org/access.5.html
FILTER transport:destination
After the message is queued, send the entire mes-
sage through the specified external content filter.
The transport name specifies the first field of a
mail delivery agent definition in master.cf; the
syntax of the next-hop destination is described in
the manual page of the corresponding delivery
agent. More information about external content
filters is in the Postfix FILTER_README file.
--
Best Regards
MfG Robert Schetterer

Robert Schetterer

unread,
Oct 2, 2012, 5:21:00 AM10/2/12
to
guess this might be better

check_recipient_mx_access type:table
Search the specified access(5) database for the MX hosts for the
RCPT TO domain, and execute the corresponding action. Note: a result of
"OK" is not allowed for safety reasons. Instead, use DUNNO in order to
exclude specific hosts from blacklists. This feature is available in
Postfix 2.1 and later.

but i am still not sure if this is working

Tom Kinghorn

unread,
Oct 2, 2012, 5:23:36 AM10/2/12
to
On 02/10/2012 11:21, Robert Schetterer wrote:
guess this might be better

check_recipient_mx_access type:table
    Search the specified access(5) database for the MX hosts for the
RCPT TO domain, and execute the corresponding action. Note: a result of
"OK" is not allowed for safety reasons. Instead, use DUNNO in order to
exclude specific hosts from blacklists. This feature is available in
Postfix 2.1 and later.

but i am still not sure if this is working
Thanks to all who have responded.

I will test and report back on any successes.

Regards
Tom

Robert Schetterer

unread,
Oct 2, 2012, 9:16:38 AM10/2/12
to
if played with my test setup
and this seems to work
but however i dont recommend it as a good idea yet
until gurus gave their toughts

master.cf
...
slow unix - - n - - smtp

main.cf

i.e

slow_destination_concurrency_limit = 3
slow_destination_rate_delay = 1s
slow_destination_recipient_limit = 6

smtpd_recipient_restrictions = permit_mynetworks,
...
permit_sasl_authenticated,
...
reject_unauth_destination

smtpd_data_restrictions = check_recipient_mx_access
hash:/etc/postfix/check_recipient_mx_access

i.e with gmx

/etc/postfix/check_recipient_mx_access

mx0.gmx.net FILTER slow:mx0.gmx.net
mx1.gmx.net FILTER slow:mx1.gmx.net

Wietse Venema

unread,
Oct 2, 2012, 9:51:11 AM10/2/12
to
Robert Schetterer:
> master.cf
> ...
> slow unix - - n - - smtp
>
> main.cf
> slow_destination_concurrency_limit = 3
> slow_destination_rate_delay = 1s
> slow_destination_recipient_limit = 6

With slow_destination_recipient_limit > 1, the scheduler controls
delays, concurrencies, etc. per domain (instead of per recipient).
Therefore, different domains are delivered in parallel, subject to
the master.cf process limit.

With slow_destination_rate_delay > 0, the per-domain concurrency
(per-domain because slow_destination_recipient_limit > 1) is always
1, otherwise there can be no delay between deliveries to the same
domain. Therefore, slow_destination_concurrency_limit has no effect.

If you set slow_destination_rate_delay > 0, then you should also
increase the slow_destination_concurrency_failed_cohort_limit
as described in QSHAPE_README.

Wietse

Robert Schetterer

unread,
Oct 2, 2012, 10:17:39 AM10/2/12
to
thx Wietse for making this clear
these were setting from thread not mine, just copied it ( shame on me ! )

but what do you think of ?

Wietse Venema

unread,
Oct 2, 2012, 11:02:01 AM10/2/12
to
Robert Schetterer:
> smtpd_data_restrictions = check_recipient_mx_access
> hash:/etc/postfix/check_recipient_mx_access

Postfix has no multi-recipient lookup feature, so the above is a
NOOP for multi-recipient mail.

> mx0.gmx.net FILTER slow:mx0.gmx.net
> mx1.gmx.net FILTER slow:mx1.gmx.net

Absent concrete evidence I would not assume that mx0.gmx.net and
mx1.gmx.net are implemented as one computer per mx record, and I
would not assume that their MX hosts enforce rate limits etc.
independently.

Therefore, instead of using FILTER, and instead of using filters
per gmx MX record, I would use a transport map with ``gmx.net->slow:''.

Wietse

Robert Schetterer

unread,
Oct 2, 2012, 11:19:33 AM10/2/12
to
it was asked to avoid list of domains ( may getting huge ) for slow
transport, so i tested
check_recipient_mx_access for avoid listing single domains , and use
their mx record for slow transport, gmx was for example

---snip-old mail

<snip>
anglicanboksburg.org.za spambox:
angussa.com spambox:
ansc.co.za spambox:
nushasingh.com spambox:
aomega.co.za spambox:
aphroditediamonds.co.za spambox:
apollo21.co.za spambox:
aquaproof.co.za spambox:
</snip>

There are currently 837 lines and all the domains are hosted at
spambox.co.za

In main.cf I have:

spambox_destination_concurrency_limit = 3
spambox_destination_rate_delay = 1s
spambox_destination_recipient_limit = 6


In master.cf i have

spambox unix - - n - - smtp -o
syslog_name=postfix-spambox

Is there an easier way to add the entries other than manually adding
more to the already
existing file with 837 lines?
--snip

Wietse Venema

unread,
Oct 2, 2012, 11:37:31 AM10/2/12
to
Robert Schetterer:
> > Therefore, instead of using FILTER, and instead of using filters
> > per gmx MX record, I would use a transport map with ``gmx.net->slow:''.
>
> it was asked to avoid list of domains ( may getting huge ) for slow
> transport, so i tested
> check_recipient_mx_access for avoid listing single domains , and use

I see, many domains sharing the same MX host.

I would still reduce this to:

mx_access:
gmx.net FILTER slow:

instead of using one filter per MX record.

Wietse

Robert Schetterer

unread,
Oct 2, 2012, 12:24:49 PM10/2/12
to
jep youre right, thx for review
0 new messages