On Mon, Dec 22, 2008 at 08:55:49PM +0100, Bas van Schaik wrote:
> >> The internal mailserver sometimes sends a large batch of mail to the
> >> public mailserver, this is where it gets nasty. The public mailserver
> >> applies the rate limits and starts to tempfail the mail from the
> >> internal server.
> >>
> > Don't do that.
>
> Clearly we have different opinion about this, could you please give some
> arguments to support yours? I have one quite simple argument: I don't
> want other mail (from other people) having large delays because of one
> person sending an awful lot of messages in a batch.
My opinion is informed by a deep understanding of how Postfix and mail
queues in general work. A full brain dump is impractical, sorry the
best I can do right now is to strongly advise you to not rate limit your
internal MTA at the edge MTA.
> >> This is /exactly/ what I want the public mailserver to
> >> do (I don't want to use the smtpd_client_event_limit_exceptions option),
> >>
> > Why?
>
> Many people are using the internal mailserver, many machines are allowed
> to relay through it. However, I do not trust all machines: if someone
> connects an infected laptop (and that happens) which starts to send spam
> through my internal mailserver, I do not want the spam to actually reach
> the internet. That's why the public mailserver is also scanning outgoing
> messages.
Fix the problem at the internal MTA, NOT the edge MTA. Apply rate limits
there, to the individual clients that are relaying through it.
> > If you enforce a connection-rate limit and not a message-rate limit,
> > you will find that the internal server will back off, but you may not
> > like the result.
>
> Sounds good, why would I not like the result? It is still a tempfail,
> the internal server will try again later.
Your internal MTA will stop sending mail, become congested, will try
to send even more mail, yet again exceed the rate limits, ... Once
it accepts mail from its clients, it won't throw it away, so delaying
delivery does reduce the total output, but it does crete severe congestion.
> >> I couldn't find such an option in the postconf(5) manpages, nor could I
> >> find it on the internet. Is there a way to achieve this behavior?
> >>
> >> Furthermore I'm wondering if it is possible to tell Postfix to start
> >> tempfailing incoming messages when the server load exceeds some value?
> >>
> > A terrible idea. This is the most important Sendmail bug fixed by Postfix.
>
> I would like to see this as an optional feature, disabled by default.
> I'd actually enable it, because the mailserver can get overloaded when
> special tasks need to be executed, i.e. when it is also rsync'ing its
> backups.
It is still a bad idea.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
