-------- Original-Nachricht -------- > Datum: Wed, 13 Jan 2010 18:02:38 +0100 > Von: RaSca <ra...@miamammausalinux.org> > An: postfix-users@postfix.org > Betreff: Understanding Postfix and smtpd_recipient_restrictions priorities
> Hi all, > I've got a setup with Debian Lenny, Postfix with MySQL(on a remote > server in the same LAN of the mail server) and Clamav+Spamassassin. > The original smtpd_recipient_restrictions parameter setting was this one: > > smtpd_recipient_restrictions = > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_invalid_hostname > > Spamassassin is configured with rbl check and so those lists were never > considered in Postfix... Until now. > Some days ago we started to serve a mail domain with a large amount of > spam and after that the Mysql database broke up with the message "Too > many connections". > The cause of this problem (as we saw from the logs) was that for any > spam message which was directed to a nonexistent mail address (but with > a correct domain) a connection to the db was also generated. > We've tried to find out a solution by adding some rbl checks directly in > Postfix: > > smtpd_recipient_restrictions = > reject_non_fqdn_recipient, > reject_non_fqdn_sender, > permit_mynetworks, > permit_sasl_authenticated, > reject_unauth_destination, > reject_invalid_helo_hostname, > reject_unknown_sender_domain, > reject_unknown_recipient_domain, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client bl.spamcop.net, > reject_rbl_client list.dsbl.org, > reject_rbl_client rbl.mail-abuse.org, > reject_rbl_client spamsources.fabel.dk, > reject_unlisted_recipient > > putting "reject_unlisted_recipient" after all the rbl check drastically > reduced the db connections, but after some time the Postfix process has > stopped working. > We saw the process up with a "ps", but it was not accepting mail > anymore. The only solution was to manually restart the Postfix daemon. > > To find out a solution we recompiled and installed the 2.6.5 Postfix > release (with vda patch, instead of the default Lenny 2.5.5) and after > that the Postfix process went down just a time in a day, but it was not > necessary to restart the daemon. The original process become responsive > again by itself. > > So the questions are: what the problems may be? Are they caused just by > the amount of messages the mail server must manage? Why a new version > seems to solve the problem? Are the priorities configured in the > smtpd_recipient_restrictions parameters correct? > I would suggest you to use proxy maps to lower the amount of connections to the MySQL backend. And on the above smtpd_recipient_restrictions I would suggest to push reject_unlisted_recipient above all RBL checks since there is no benefit in checking RBLs if you are anyway going to reject them later (if the recipient is not managed on your system). I as well would not use zen.spamhaus.org (without a subscription) if you have a high mail volume. > Thanks for your help, > > -- > RaSca > Mia Mamma Usa Linux: Niente è impossibile da capire, se lo spieghi bene! > ra...@miamammausalinux.org > http://www.miamammausalinux.org -- Preisknaller: GMX DSL Flatrate für nur 16,99 Euro/mtl.! http://portal.gmx.net/de/go/dsl02
