Am 24.10.2014 um 22:56 schrieb Mike Cardwell:
* on the Fri, Oct 24, 2014 at 10:42:27PM +0200, li...@rhsoft.net wrote:
Is there a way to limit connections from web applications on the same
server for postfix?
The web application sends messages via smtp on localhost (127.0.0.1:25).
Need to limit the maximum 5k messages per hour. Is that possible?
You don't want to do that in Postfix, as it would have
to reject mail, and rejected mail would not be delivered.
Rate limit the PHP application.
I did this for a shared hosting system about ten years ago using the
ident functionality in Exim. I installed a local ident daemon and
then configured Exim to talk to it. Once Exim knew the user, it could
apply user-level ratelimiting to both mail submitted via the
executable and that submitted via a TCP socket together.
If Postfix doesn't have ident support and allowing tcp connections
for mail submission is important, you might want to take a look at
Exim instead
that's not the problem
I just re-read his question, and yes, it is the problem.
than you as well as the OP don't understand the real problem
the problem is that a website script can't handle a temporary reject
That's not true.
it is true - period
nobody right in his brain implements a mail queue in a scripting
language like PHP where the script just get terminated after the request
and so you end in lose random mails if for whatever reason the app exceeds
the limits
Web-apps that weren't written to handle retries, don't handle retries. I'll
agree with that.
see above
if you fear injected junk than install a content-filter or just remove
functionality on websites which allow to define destination address by
untrusted user input (recommedn page with a user-defined content part
and so on)
I'm guessing you've never worked for a shared hosting company which
provides a platform where tens of thousands of users can upload their
own php scripts. Content filtering is useful, but ratelimiting is
essential in these environemts.
i guess i have a lot of expierience with webhosting, it's my daily job
rate limiting mail from webapps just burries the issue but don't solve
it and the only gain you have is that probably nobody is missing legit
mail from the damaged apps
If a user attempts to send more email than they are allowed to and the mail
server starts rejecting it and the users code doesn't handle this case, then
from the shared hosting companies point of view, it is a problem at the
users end
blunt speaking outside of a ivory tower
it's the companies problem because if it forces me as user to try
implement a mail queue in a php-application that's just incompetence and
the wrong hosting company - if i have to do that i don't need the f***
MTA at all and can directly deliver to the MX
