Hi Reindl, As far as I can tell, the anvil settings are running at the default settings in my configuration:-
# postconf -n | grep anvil # postconf -d | grep anvil anvil_rate_time_unit = 60s anvil_status_update_time = 600s However, the rate limit is set to 40 (default is 50) # postconf -n | grep connection_rate_limit smtpd_client_connection_rate_limit = 40 Now I think I know what is happening. Thanks. I don't think that is really needs to be changed. I could increase the smtpd_client_connection_rate_limit and the anvil_rate_time_unit, but its not a major problem. So long as the server is not loosing Email and being civil to Email server, then all is well. It was a compromised user, or a test server: Mar 5 03:21:46 srv4 postfix/anvil[5078]: statistics: max connection rate 1733/60s for (smtp:62.198.48.73) at Mar 5 03:16:45 Cheers. S. On 03/06/2011 01:28 PM, Reindl Harald wrote: > Sounds like you have set something like this in main.cf > > anvil_rate_time_unit = 1800s > smtpd_client_connection_rate_limit = 50 > > this means "a maximum of 50 connection per half a hour from the same ip" > my example 50/18000 is from our live configuration on postfix-servers > as well our barracuda-spamfirewall and is really a good setting because > sometimes over weeks nobody reaches this limit > > if it is reached there is surely a spammer delivering his crap > and postfix will reject temporary connections from the ip > > a normal server will try later, a spammer will give up sooner or later > > > Am 06.03.2011 13:15, schrieb JKL: >> Dear all, >> >> ** QUESTION 1 >> I just noticed this message appearing the log files (mail.log). I >> read a little on the page http://www.postfix.org/QSHAPE_README.html, but >> did not quite understand where my postfix problem lied. The queues are >> very quiet presently. This mail server does not have a lot of throughput. >> >> --------------------- Postfix Begin ------------------------ >> >> 2105 *Warning: Connection rate limit reached (anvil) >> 4 Miscellaneous warnings >> >> 666.166K Bytes accepted 682,154 >> 128.576K Bytes sent via SMTP 131,662 >> 634.608K Bytes delivered 649,839 >> ======== ================================================== >> >> 55 Accepted 20.15% >> 218 Rejected 79.85% >> -------- -------------------------------------------------- >> 273 Total 100.00% >> ======== ================================================== >> >> 1 5xx Reject relay denied 0.46% >> 1 5xx Reject HELO/EHLO 0.46% >> 100 5xx Reject unknown user 45.87% >> 106 5xx Reject RBL 48.62% >> 2 5xx Reject header 0.92% >> 8 5xx Reject milter 3.67% >> -------- -------------------------------------------------- >> 218 Total 5xx Rejects 100.00% >> ======== ================================================== >> >> 7 4xx Reject milter 100.00% >> -------- -------------------------------------------------- >> 7 Total 4xx Rejects 100.00% >> ======== ================================================== >> >> 2406 Connections >> 158 Connections lost (inbound) >> 2406 Disconnections >> 36 Removed from queue >> 32 Delivered >> 13 Sent via SMTP >> >> 5 Timeouts (inbound) >> 1 Illegal address syntax in SMTP command >> 47 Hostname verification errors >> 18 TLS connections (server) >> 6 SASL authenticated messages >> >> >> ---------------------- Postfix End ------------------------- >> >> >> ** QUESTION 2 >> On an additional note a milter is rejecting these messages (about 40 each >> day). I am uncertain which milter is rejecting it from the message. Does >> anyone know how I can identify the milter: >> >> Mar 6 12:04:17 logout postfix/cleanup[18037]: D6861848C7: milter-reject: >> END-OF-MESSAGE from smtp143.junkemailfilter.com[69.50.231.143]: 4.7.1 >> Service unavailable - try again later; from=<remo...@removed.org> >> to=<remo...@klunky.co.uk> proto=ESMTP helo=<junkemailfilter.com> >> >> >> Any one, any ideas? Perhaps, which is likly there is some misconfiguration. >> >> Best regards, s.
