On 3/7/2012 8:21 PM, Alex wrote: > I've set this on both the primary and secondary MX servers now.
So now you only need to pay attention to non bulk senders to make sure they're not delaying due to the 1 connection limit. It most likely won't be a problem, but keep an eye on it just in case. > Can you explain how this parameter actually works? Currently, services > such as constantcontact make many thousands of connections to the > server at a time. I'm assuming each connection represents one message. It's very simple. The parameter name is actually self explanatory. This limits the number of concurrent SMTP connections from any remote host. For example, if Constant Contact is currently hitting you from 20 different hosts, each one is allowed to make 50 connections, for 1000 concurrent total connections. By setting this parameter to 1 that connection total drops from 1000 to 20. Thus CC can now only tie up at max 20 of your 100 smtpd processes, and the rate at which they can pump mail is decreased by a factor of ~50. This in turn decreases the load on your queue by a factor of ~50. This is why this one setting can simultaneously fix your timeout issue and your overloaded queue. The timeouts disappear because you now have more smtpd processes free to accept connections whereas before they were all full at times, causing clients to wait. The queue is no longer overloaded because the bulk senders can only pump about 1/50th as much mail into your queue. > By setting smtpd_client_connection_count_limit to 1, isn't it only > regulating the number of messages per connection, not the actual > number of connections? No. This setting limits the number of connections per client. > In the docs it says it shouldn't be used to limit legitimate traffic. > Is that not the case? This depends on how do you define "legitimate" traffic? This setting, and 2 others similar to it, allow you to shape problematic traffic patterns. These are global settings. Thus if you take the "legitimate traffic" statement literally, then all your traffic must be illegitimate in order to use these settings, in which case the proper course of action is to simply shut the server down, since no traffic is legit. So don't take that statement *literally*. > Maybe it's premature to mention it now, but I believe it was rob0 that > had previously mentioned using the anvil_rate* and smtpd_*rate > parameters. Are the others not necessary? These parameters slow down *all* clients, no matter how many concurrent connections they make. You don't want to slow all clients. Your goal is to eliminate the problems caused by bulk mailers. The setting I recommended does that, but it shouldn't slow down non bulk senders. BTW, what tools are you using to monitor your Postfix performance? -- Stan
