Re: Configuration for rate limited Amazon SES relay

[Rohit Shriwas]

I should add I have the following limits set in master.cf as well:

smtp      unix  -       -       n       -       10      smtp
relay     unix  -       -       n       -       10      smtp

I think this, along with the following in main.cf:

default_destination_rate_delay = 1s
default_destination_concurrency_failed_cohort_limit = 10
default_destination_recipient_limit = 1

_should_ restrict outgoing mail to no more than 10 per second. Thoughts?

On Thursday 30 June 2016 12:41 PM, Rohit Shriwas wrote:
> Hello everyone,
> 
> I have an account with Amazon SES for use by multiple services. However,
> Amazon requires me to limit the rate at which emails are dispatched to
> 14 per second. To this end, I've setup an SMTP relay using Postfix with
> the intent of rate limiting email dispatch locally before attempting to
> connect to SES. I _think_ I've got it right but I would really
> appreciate opinions, and possible corrections from the community as well.
> 
> Here is the configuration I have right now, I think it should limit
> outgoing mail to 10 per second. Please advise.
> 
> ##### Postfix MTA configuration for Amazon SES relay #####
> 
> # SMTP Client Configuration
> smtp_tls_CAfile = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> 
> smtp_tls_ciphers = high
> smtp_tls_security_level = verify
> smtp_tls_mandatory_ciphers = high
> 
> # Amazon SES Relay SASL Auth
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
> smtp_sasl_security_options = noanonymous
> smtp_sasl_tls_security_options = noanonymous
> relayhost = [email-smtp.us-east-1.amazonaws.com]:587
> 
> # Concurrency and rate limits
> default_destination_rate_delay = 1s
> default_destination_concurrency_failed_cohort_limit = 10
> default_destination_recipient_limit = 1
> 
> # SMTPD Server Configuration
> smtpd_tls_ciphers = high
> smtpd_tls_cert_file = /etc/postfix/ssl/sslcert.__comodo-chain.crt
> smtpd_tls_key_file = /etc/postfix/ssl/sslcert.__comodo.key
> smtpd_tls_CAfile = $smtp_tls_CAfile
> smtpd_tls_security_level = encrypt
> smtpd_tls_mandatory_ciphers = high
> message_size_limit = 2000000
> 
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> 
> smtpd_relay_restrictions =
>     reject_unauth_pipelining,
>     reject_non_fqdn_recipient,
>     reject_unknown_recipient_domain,
>     permit_auth_destination,
>     permit_sasl_authenticated,
>     reject
> 
> smtpd_etrn_restrictions = permit_auth_destination, reject
> 
> 

signature.asc
Description: OpenPGP digital signature