Victor Duchovni wrote: > On Mon, Dec 22, 2008 at 07:06:15PM +0100, Bas van Schaik wrote: > > >> Hi all, >> >> I have two company mailservers, both running Postfix. One of them is >> "public" (accessible from the internet) and the other is used for >> internal purposes only (i.e.: sending/recieving internal mail and >> sending mail to the internet via the public mailserver). >> >> The public mailserver is (of course) configured to scan for spam and >> viruses and does have rate limitations (smtpd_client_message_rate_limit >> and smtpd_client_connection_count_limit) to avoid getting drowned in >> mail from a single server. >> >> The internal mailserver sometimes sends a large batch of mail to the >> public mailserver, this is where it gets nasty. The public mailserver >> applies the rate limits and starts to tempfail the mail from the >> internal server. >> > Don't do that. > Clearly we have different opinion about this, could you please give some arguments to support yours? I have one quite simple argument: I don't want other mail (from other people) having large delays because of one person sending an awful lot of messages in a batch.
>> This is /exactly/ what I want the public mailserver to >> do (I don't want to use the smtpd_client_event_limit_exceptions option), >> > Why? > Many people are using the internal mailserver, many machines are allowed to relay through it. However, I do not trust all machines: if someone connects an infected laptop (and that happens) which starts to send spam through my internal mailserver, I do not want the spam to actually reach the internet. That's why the public mailserver is also scanning outgoing messages. >> but the internal mailserver keeps trying and trying. >> >> Eventually, all mail from the internal server gets through and other >> mail traveling through the public mailserver does not get affected by >> large delays. However, I think the internal mailserver should stop >> processing the large batch of mail as soon as it notices that the public >> mailserver started tempfailing on it. That would save both mailservers a >> lot of work and would speed up retrying other queued mail. >> > If you enforce a connection-rate limit and not a message-rate limit, > you will find that the internal server will back off, but you may not > like the result. > Sounds good, why would I not like the result? It is still a tempfail, the internal server will try again later. >> I couldn't find such an option in the postconf(5) manpages, nor could I >> find it on the internet. Is there a way to achieve this behavior? >> >> Furthermore I'm wondering if it is possible to tell Postfix to start >> tempfailing incoming messages when the server load exceeds some value? >> > A terrible idea. This is the most important Sendmail bug fixed by Postfix. > I would like to see this as an optional feature, disabled by default. I'd actually enable it, because the mailserver can get overloaded when special tasks need to be executed, i.e. when it is also rsync'ing its backups. >> Of course it is possible to implement a hard-limit on the number of >> smtpd-processes, but that could cause the server to start idling. >> > What problem are you really solving here. Why do you want to cripple > the mail flow from your internal server to the edge server? > Like I said before: I do not want to bother others when sending large batches of mail. -- Bas
