On 6/13/2012 4:34 AM, Adrian Gibanel wrote: > I have setup a throttling postfix based on > http://flurdy.com/docs/postfix/ and > http://tech.groups.yahoo.com/group/postfix-users/message/271370 . > In the virtual domains tables I have: localhost, > localhost.localdomain and my.domain.com . > > transport: > ======== > > hotmail.com hotmailratelimit: > yahoo.com yahooratelimit: > > main.cf: (I was suggested to post the postconf -n output instead) > ======== > > alias_database = hash:/etc/postfix/aliases > alias_maps = hash:/etc/postfix/aliases > append_dot_mydomain = no > biff = no > broken_sasl_auth_clients = yes > config_directory = /etc/postfix > default_destination_rate_delay = 15s
You've set the default delay to 15s for all deliveries. Don't do that. rather use: hotmailratelimit_destination_rate_delay = 15s yahooratelimit_destination_rate_delay = 15s http://www.postfix.org/postconf.5.html#default_destination_rate_delay and see the "slow" transport examples under http://www.postfix.org/QSHAPE_README.html#backlog > delay_warning_time = 4h > disable_vrfy_command = yes > inet_interfaces = all > mailbox_command = > mailbox_size_limit = 0 > maximal_backoff_time = 8000s > maximal_queue_lifetime = 3d > minimal_backoff_time = 1000s The default minimal backoff is now 300s, which is probably a better choice. > smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, > reject_rbl_client blackholes.easynet.nl, reject_rbl_client > dnsbl.njabl.org It's customary to proceed the RBL checks with "permit_mynetworks, permit_sasl_authenticated" so you don't reject legit clients. and blackholes.easynet.nl has not been operational for several years. Review all your RBLs periodically. > smtpd_recipient_limit = 16 Artificially limiting the number of recipients per connection just makes your server work harder. > smtpd_recipient_restrictions = reject_unauth_pipelining, > permit_mynetworks, reject_non_fqdn_recipient, > reject_unknown_recipient_domain, reject_unauth_destination, permit > smtpd_data_restrictions = reject_unauth_pipelining > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = $myhostname > smtpd_sender_restrictions = permit_mynetworks, warn_if_reject > reject_non_fqdn_sender, reject_unknown_sender_domain, > reject_unauth_pipelining, permit > smtpd_soft_error_limit = 3 > smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem > smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > smtpd_use_tls = yes > transport_maps = hash:/etc/postfix/transport > unknown_local_recipient_reject_code = 450 This should be 550 unless you're having some problem. > virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf > virtual_gid_maps = static:5000 > virtual_mailbox_base = /var/spool/mail/virtual > virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf > virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf > virtual_uid_maps = static:5000 > > > > master.cf: (Removed comments) > ========= > > smtp inet n - - - - smtpd > hotmailratelimit unix - - - - 1 smtp > -o smtp_fallback_relay= -o syslog_name=slow_queue -o > smtp_helo_timeout=3 > -o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1 It seems counterproductive to set the session limit and mx address limit to 1. These should be left at the defaults. > yahooratelimit unix - - - - 1 smtp > -o smtp_fallback_relay= -o syslog_name=slow_queue -o > smtp_helo_timeout=3 > -o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1 It seems counterproductive to set the session limit and mx address limit to 1. These should be left at the defaults. > relayratelimit unix - - - - 1 smtp > -o smtp_fallback_relay= -o syslog_name=slow_queue -o > smtp_helo_timeout=3 > -o smtp_mx_session_limit=1 -o smtp_mx_address_limit=1 It seems counterproductive to set the session limit and mx address limit to 1. These should be left at the defaults. > > I don't want to throttle the email that goes for my own domain > (my.domain.com). > Removing the default_destination_rate_delay will fix that. -- Noel Jones
