Mark Alan:
> On Fri, 27 Jul 2012 19:43:59 +0100, Mark Alan
> <va...@e-healthexpert.org> wrote:
>
> > after upgrading to Postfix 2.9.x, using
> > I am now finding a lot of syslog entries like these:
> > /var/log/syslog:Jul 27 12:00:32 mx kernel: [485xxx.xxxxx] FW
> > DROP-OUT IN= OUT=eth0 SRC=xx.xxx.xxx.xx DST=xxx.xx.xxx.xx LEN=77
> > TOS=0x00 PREC=0x00 TTL=64 ID=xxxxx DF PROTO=TCP SPT=xxxxx DPT=25
> > WINDOW=26280 RES=0x00 ACK PSH URGP=0
>
> A more thorough check revealed that this only happens when
> requesting VERP style delivery to process a mailing list.
>
> Has anything changed in Postfix 2.9.x VERP processing?
Postfix without VERP delivers 1 .. $smtp_destination_recipient_limit
(default: 50) recipients per MAIL FROM transaction. If the destination
has more than $smtp_destination_recipient_limit recipients, Postfix
may make parallel connections; existing connections may be reused,
each time sending 1 .. $smtp_destination_recipient_limit recipients
per MAIL FROM transaction.
Postfix with VERP delivers one recipient per MAIL FROM transaction.
If the destination has more than 1 recipient, Postfix may make
parallel connections; existing connections may be reused, each time
sending one recipient per MAIL FROM transaction.
Thus, VERP increases the number of parallel connections. This may
result in overflow of state tables in under-powered stateful routers,
causing them to drop packets that don't match any existing state.
Wietse
