On Thu, Mar 31, 2011 at 07:41:41PM +0100, Mark Alan wrote:
> On Thu, 31 Mar 2011 12:39:20 -0400, Victor Duchovni
> <victor.ducho...@morganstanley.com> wrote:
>
> > The receiving sites policies are stupid if they don't implement
> > them sensibly by just returning 4XX responses without penalizing
> > subsequent transactions.
>
> I am sorry to hijack this thread but we have what seems to be the
> same problem.
>
> While using the default Postfix settings (v.2.8.1 on Ubuntu 10.10), we
> do have trouble to connect with several MTA's (usually
> smtp1.min-saude.pt and smtp2.min-saude.pt, but sometimes others
> at .min-saude.pt).
> The server at smtp3.min-saude.pt never complains, nor do any of
> the other email MTA at .min-saude.pt whose name do not start with
> smtpNN.
>
> When they refuse our connections, they seem to start shutting down at
> 25 to 30 RCPT commands, with:
> "...mx postfix-slow/smtp[4907]: 36BB7818B:
> to=<some_subscri...@subdomain.min-saude.pt>,
> relay=smtp1.min-saude.pt[194.65.151.38]:25, delay=415,
> delays=414/0.25/0.41/0, dsn=4.0.0, status=deferred (host
> smtp1.min-saude.pt[194.65.151.38] refused to talk to me: 421 #4.4.5 Too
> many connections from your host.) "
Why would this be a response to "too many recipient commands", a single
message with many recipients is sent over a single connection, unless
you have set an ill-advised destination recipient limit.
> To deal with this we are currently using:
>
> /etc/postfix/transport
> .min-saude.pt slow:
>
> /etc/postfix/master.cf
> slow unix - - - - - smtp
> -o syslog_name=postfix-slow
> -o smtp_connection_cache_on_demand=no
> EOT
>
> /etc/postfix/main.cf
> slow_destination_concurrency_failed_cohort_limit = 3 # we give up
> after getting three 421
> slow_destination_recipient_limit = 20 # keep it bellow 25
This increases the number of connections, which is unlikely what you
want, provided of course you have messages with a large recipient count.
> slow_destination_rate_delay = 1 # do not know if we really need this
This limits you to one connection at-a-time.
> > Have you considered the less aggressive
> > concurrency feedback controls in Postfix 2.5?
>
> Do you think that the following would be a more elegant approach than
> the above described setting?
>
> /etc/postfix/master.cf
> slow unix - - - - - smtp
> -o syslog_name=postfix-slow
> -o smtp_connection_reuse_time_limit=30s
> EOT
>
> /etc/postfix/main.cf
> slow_initial_destination_concurrency = 2
> slow_destination_concurrency_limit = 15
> slow_destination_concurrency_failed_cohort_limit = 5
> slow_destination_concurrency_positive_feedback = 1/5
> slow_destination_concurrency_negative_feedback = 1/8
That depends on how determined the remote site is to damage the
SMTP eco-system by imposing counter-productive punitive mechanisms
on legitimate senders. You can certainly try, and report your findings.
--
Viktor.
