Re: avoiding overload on port 587

Fri, 30 Nov 2012 02:12:45 -0800 

On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote:



Zitat von Tomas Macek <ma...@fortech.cz>:


I don't understand now, how Postfix behaves when listenting on submission 
port 587.
Our mailserver is sometimes overloaded on port 25, so we want to use 
postscreen. But I don't understand, how Postfix works when it's stressed on 
port 587, when spammers connect to that opened port and want send their 
"emails". In document http://www.postfix.org/STRESS_README.html there is:



NOTE: To avoid "overload" delays for end-user mail clients, enable the 
"submission" service entry in master.cf (present since Postfix 2.1), and 
tell users to connect to this instead of the public SMTP service.



Should this mean, that Postfix by default does not use counters like 
smtpd_hard_error_limit, smtpd_junk_command_limit and maybe others on 
sumission port? On this port I would prefer using some kind of smtp auth 
and this port should be world accessible to allow the clients using other 
networks to authenticate and send emails.





Port 587 is by default nothing special for Postfix because it is mostly a 
clone of the Port 25 service. The *intended* difference is that Port 587 
should only accept mail by authenticated users, so no chance for spammers if 
they don't own valid credentials. To actually see the difference between Port 
25 and Port 587 settings you have to compare the entries in master.cf.


Regards

Andreas




OK, so there is a chance for spammers to overload the server using 
submission port 587 (the server says then "service "smtp" (25) has
reached its process limit "200"") by exhausting number of available ports 
and the MUA clients then can have also problems to send their

emails? I'm I right?

If I'm, then I don't understand, why to split the processes into 
submission 587 and normal 25, because if the MUA client send the mail
through 25 (hope with postscreen), there is a chance that the 25 is not 
overloaded (because it uses postscreen) and he will be rather

able to send his email compared to 587.
Or I don't still understand something ... :-)

Andreas: sorry for my direct answer to you, my mistake

Tomas






















					Reply via email to