Re: avoiding overload on port 587

Mon, 03 Dec 2012 00:30:48 -0800 


On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote:



Zitat von Tomas Macek <ma...@fortech.cz>:


On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote:



Zitat von Tomas Macek <ma...@fortech.cz>:


On Fri, 30 Nov 2012, lst_ho...@kwsoft.de wrote:



Zitat von Tomas Macek <ma...@fortech.cz>:


I don't understand now, how Postfix behaves when listenting on 
submission port 587.
Our mailserver is sometimes overloaded on port 25, so we want to use 
postscreen. But I don't understand, how Postfix works when it's 
stressed on port 587, when spammers connect to that opened port and 
want send their "emails". In document 
http://www.postfix.org/STRESS_README.html there is:



NOTE: To avoid "overload" delays for end-user mail clients, enable the 
"submission" service entry in master.cf (present since Postfix 2.1), 
and tell users to connect to this instead of the public SMTP service.



Should this mean, that Postfix by default does not use counters like 
smtpd_hard_error_limit, smtpd_junk_command_limit and maybe others on 
sumission port? On this port I would prefer using some kind of smtp 
auth and this port should be world accessible to allow the clients 
using other networks to authenticate and send emails.





Port 587 is by default nothing special for Postfix because it is mostly 
a clone of the Port 25 service. The *intended* difference is that Port 
587 should only accept mail by authenticated users, so no chance for 
spammers if they don't own valid credentials. To actually see the 
difference between Port 25 and Port 587 settings you have to compare the 
entries in master.cf.


Regards

Andreas




OK, so I spent some time reading config params in doc and topics in 
various forums and decided to setup my submission port 587 like this:


submission inet n       -       n       -       -       smtpd
        -o smtpd_etrn_restrictions=reject
        -o smtpd_sasl_auth_enable=yes
        -o 
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject


I decided not to use the "smtpd_sasl_exceptions_networks = $mynetworks", 
because I experienced, that Opera M2 mail client sends the auth 
credentials even if none auth is offered by the mail server... don't know 
why, but maybe there is still some other mail client with this strange 
behaviour...


Do you agree with this setup? Any further recomendations?

Tomas





























					Reply via email to