Hi,
I posted the message below a few days ago, and haven't seen any
responses. Were my questions too confusing or did I otherwise not
provide the info necessary to help with my problem?
Thanks,
Alex
On 04/18/2015 10:25 PM, Alex Regan wrote:
Hi,
I have a fedora20 system with postfix-2.10.5 that is primarily used as a
mail store. I'd like to get some kind of rate limiting working to build
a better reputation with gmail and other systems.
This server has a couple of hundred IMAP users for a branch of a larger
company. The mail is sent from the corporate server, through a mail
router, then delivered on this system. Many of these users forward their
mail off this system to a remote account, many of which are gmail and
yahoo.
On occasion, the corporate office sends a few thousand messages to the
recipients on this system, which causes the system to queue these
messages then forward hundreds at a time to the user's remote yahoo and
gmail accounts. This frequently results in temporary bounces such as:
Apr 18 09:04:38 email postfix/smtp[30964]: 0B83D40570: host
gmail-smtp-in.l.google.com[64.233.171.26] said: 421-4.7.0 [66.XX.XX.100
15] Our system has detected an unusual rate of 421-4.7.0
unsolicited mail originating from your IP address. To protect our
421-4.7.0 users from spam, mail sent from your IP address has been
temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0
http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421
4.7.0 Email Senders Guidelines. n88si4525330qge.91 - gsmtp (in reply to
end of DATA command)
I'm trying to understand how best to rate limit mail to a group of
senders without too significantly delaying mail to these recipients.
Maybe one approach would be to implement the delay in the same way gmail
does on the mail router, such that mail is delayed at the corporate system?
The problem I'm having with my current configuration is mail is being
delivered entirely too slowly. I hoped someone had a configuration they
know to work with gmail or could generally explain what I'm doing wrong.
Setting a destination_rate_delay to 2s seems entirely too slow. I
currently have destination_recipient_limit set to 15 or so.
I feel like it would be nice to have an initial destination delay, then
no further throttling, but I'd love to hear people's experiences on if
that was a good idea.
I've created these services in master.cf:
polite unix - - n - - smtp
-o syslog_name=postfix-polite
turtle unix - - n - - smtp
-o syslog_name=postfix-turtle
My transport_rate file looks like this:
/\@gmail\.com$/ polite:
/yahoo(\.[a-z]{2,3}){1,2}$/ turtle:
/\@hotmail\.com$/ polite:
/secureserver\.net$/ polite:
Suggestions for other common systems that would be good candidates for
throttling?
I've included my main.cf below. Thanks for any ideas.
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_mail_to_files = alias,forward
always_bcc = mail-archive
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
disable_mime_input_processing = no
header_checks = pcre:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 24000000
mydestination = $myhostname, localhost.$mydomain
mynetworks = 127.0.0.0/8, 64.X.XX.0/27
newaliases_path = /usr/bin/newaliases.postfix
transport_maps = regexp:/etc/postfix/transport_limit
polite_destination_concurrency_limit = 10
polite_destination_rate_delay = 2s
polite_destination_recipient_limit = 15
polite_initial_destination_concurrency = 1
queue_directory = /var/spool/postfix
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_CAfile = /var/www/mail.example.com-443/ssl/gd_bundle-2014.crt
smtp_tls_exclude_ciphers = 3DES
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_non_fqdn_sender,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_invalid_helo_hostname,
reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
reject_rhsbl_sender mykey.dbl.dq.spamhaus.net,
reject_rhsbl_helo mykey.dbl.dq.spamhaus.net,
check_client_access hash:/etc/postfix/client_checks,
check_sender_access hash:/etc/postfix/sender_checks,
check_recipient_access pcre:/etc/postfix/local_recip_map, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file =
/var/www/mail.example.com-443/ssl/server-postfix-cert-2014.pem
smtpd_tls_key_file = /var/www/mail.example.com-443/ssl/key-postfix-2014.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
submission_overrides = no_unknown_recipient_checks,
no_address_mappings, no_header_body_checks
tls_random_source = dev:/dev/urandom
turtle_destination_concurrency_limit = 5
turtle_destination_rate_delay = 3s
turtle_destination_recipient_limit = 10
turtle_initial_destination_concurrency = 1
unknown_local_recipient_reject_code = 550
Thanks,
Alex
