eNeKuX:
> Hi there,
>
> we are experiencing an strange behaviour of a SPF policy service
> "pypolicyd-spf" on debian-wheezy (v1.0-2).
>
> We have reported the issue at their side
> (https://bugs.launchpad.net/pypolicyd-spf/+bug/1587173) but they
> are pointing us to report it here.
>
>
> When our server is running in our testing environment with near
> "0" mailflow the SPF policy service kicks-in for every incoming
> email and works as expected. Instead, if we move our server to
> production (same server, same configuration but with different IP)
> where there is a high mailflow, the SPF policy service does not
> kick-in for every incoming email but some is processed every 2 to
> 10 minutes.
You have configured smtpd_delay_reject=no. That completely changes
the way that smtpd_client_restrictions is evaluated. Instead of
once per recipient, it is evaluated only once per SMTP session, and
it is evaluated before Postfix has seen the EHLO, MAIL FROM, and
RCPT TO commands.
To debug, I suggest that you do some experiments in the test machine.
Use a mail generator such as smtp-source to demonstrate that Postfix
makes all expected policy calls at all message rates, whether the
mail arrives in parallel or not.
# One session per delivery, slowly:
smtp-source -s 1 -m 10 -w 10 -t recipient host:port
# One session for all deliveries, slowly:
smtp-source -s 1 -m 10 -w 10 -d -t recipient host:port
# Ten parallel sessions, multiple deliveries per session, slowly:
smtp-source -s 10 -m 100 -w 10 -d -t recipient host:port
# One session at a time, multiple deliveries per session, fast:
smtp-source -s 1 -m 1000 -d -t recipient host:port
# Ten parallel sessions, multiple deliveries per session, fast:
smtp-source -s 10 -m 10000 -d -t recipient host:port
smtp-source is part of Postfix source code. It is usually not
installed, because it is an unsupported test program.
Wietse
