On Thu, Mar 07, 2024 at 12:26:06PM +0000, Colin McKinnon via Postfix-users
wrote:
> I look after a SAAS site where customers can send emails to their own
> domains. At times some of our customers can initiate sending of large mail
> volumes - which can swamp the active queue.
Given sufficient memory, you can substantially raise the active queue
size limit. Servers have a lot more RAM now than they did in 2001.
The default of 20,000 could easily be raised by 10x to 200000 on a
server-class machine.
If customers indeed send mail only to their own domain, the destination
concurrency limits should ensure fairness, given sufficient space in the
queue and sufficiently many delivery agent slots.
Speaking of delivery agent slots, if you have enough network bandwidth,
you can raise the smtp(8) delivery process limit in master.cf from 100
to 1000:
smtp unix - - n - 1000 smtp
Not that this could require some system-dependent tuning of the open
file hard limit in whatever code starts Postfix, if the limit is not
already very generous (on a Fedora 39 system with 65GB RAM, "ulimit -Hn"
reports ~1.8 million max open files).
> >From [1]:
> "The only way to reduce congestion is to either reduce the input rate or
> increase the throughput. Increasing the throughput requires either
> increasing the concurrency or reducing the latency of deliveries."
I am suggesting increasing concurrency, and also increasing the queue
depth to allow your customer to send larger bursts of mail without
overflowing the queue size limit. You can also configure a non-zero
smtpd_client_message_rate_limit
if abuse of your resources is plausible even with the larger queue size.
If that's too crude, you could use a policy service to impose rate
limits per SASL login, or sender address, ...
> I thought that reducing TRANSPORT_recipient_refill_limit and
> TRANSPORT_recipient_limit would prevent messages sent to the customers
> domain from dominating the active queue / prevent blocking of other
> customers / backup messages in the incoming queue.
These controls affect deliveries of single messages with many
recipients, but have no effect on a flood of single-recipient messages.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
