On 9/8/2009 8:48 AM, Duncan B. wrote:
I'm a new user to Postfix (ex Qmail user) and love it. However, there is
one feature of "qmqtool" that was very useful: qmqtool -i, to list queue
entries by IP address. Is there any way to see which IP addresses in the
postfix queues are the most dominant?
Postfix doesn't store IPs in the queue file, so there is no such tool
for postfix.
However, the 'qshape' tool will list the queue by destination domain.
http://www.postfix.org/QSHAPE_README.html#qshape
Thanks, this is handy but I still find it quite hard to determine which
box the mail has originated from.
Ah, I was thinking destination rather than origin.
There are several tools to extract historical information from
the logs, I suggest postfix-logwatch and/or pflogsumm.
Or I suppose it's possible to hack qshape to retrieve client
information from queue files if you want to try that.
Also I am seeing a lot of bounces in the deferred queue from
mailer-dae...@my-host. Is there a way to instantly destroy double
bounces
rather than defer them, or is this bad practice/against RFC standards?
These aren't double bounces, just regular non-delivery reports.
It's far better to find out why you have a bunch of bounces in your
queue and fix the problem.
Generally this is a result of accepting undeliverable mail. Don't do
that. Use proper recipient validation so postfix can reject unknown
recipients automatically.
http://www.postfix.org/ADDRESS_CLASS_README.html
http://www.postfix.org/LOCAL_RECIPIENT_README.html
This box is a mail relay for broadband users, so will accept all mail
from pre-defined IP ranges, and relay the mail on. I've implemented as
much checking as possible, but of course checking recipients at the end
addresses is unfortunately impossible (without doing read-ahead checking?).
OK, you didn't explain the problem fully. If your users are
sending lots of undeliverable mail, you'll need to take that
up with your users.
Postfix has a bounce_queue_lifetime parameter that can adjust
how long a bounce hangs around in the queue. The default is 5
days - you can set is somewhat smaller, but I would hesitate
to set it less than one or two days.
http://www.postfix.org/postconf.5.html#bounce_queue_lifetime
Finally, is there a way to emulate the 'greet pause' feature of
Sendmail, whereby Postfix will kill the client connection if they send
any commands before the 220 prompt? This seemed to be working with a 2.4
version of Postfix that I was testing, but not with 2.6/2.7. The docs
mention a change to the way this works, but I don't fully understand
this.
I believe this feature is deprecated, but it should still work.
Hmm, it just seemed to stop working after I upgraded to 2.7 :( I wonder
if anyone else has experienced this?
(I wonder if anyone else is using it.) This feature is a
great tool for self-DoS.
I have the following in main.cf
smtpd_client_restrictions = sleep 3, reject_unauth_pipelining,
permit_mynetworks, reject
You probably don't want "reject" at the end.
The mailserver is firewalled off to everything other than our IP ranges,
just thought I'd be an extra measure to prevent connections from invalid
IPs should there be a firewall breach some how :-) I'll remove it though.
I was assuming this was a general purpose MTA; apparently it's
a user submission point only - MSA. In that case, the final
reject is fine, and probably a good idea.
-- Noel Jones
