Hi, the client/[sender] ip 137.99.149.148 is a users desktop running Outlook,
likely with a DHCP address.
In answer to: "I get a quick NXDOMAIN. Is that also true for your mail server?"
Yes i get the same results when i do a "dig -x 137.99.149.148" or
"nslookup 137.99.149.148"
My response to the user has always been it is the client that is sending slow,
i am just learning how to prove it with my logs.
I also noticed the repeated new connections, but always blamed the client for
doing that and not holding onto the connection, and send multiple emails.
I take this literally "disconnect from unknown[137.99.149.148]" and not that
Postfix disconnected from the client, but the client disconnected from Postfix
server.
In answer to : "How many messages were sent by that user during a sustained
transmission window."
"What was the arrival rate? Did it change over that window?"
My claim that i am trying to prove is there is no "sustained
transmission window" hence the constant connect and disconnect seen in the
logs.
Unless i don't know what you mean by a "sustained transmission window" ?
Client connects to massmail.uconn.edu and Load balancer sends email for
massmail.uconn.edu to 3 servers
If the "arrival rate" is calculated from all the "connect from
unknown[137.99.149.148]" lines,
then i will have to crunch the numbers. across 3 servers for 9:40AM 10
emails were processed.
across 3 servers for 9:30AM 36
emails were processed.
This is what i saw in the logs,
start = 2018-08-28-09:22:43
166 emails sent on mail4
end = 2018-08-28-10:22:20
start = 2018-08-28-09:21:55
231 emails sent on mail5
end = 2018-08-28-10:22:27
start = 2018-08-28-08:36:42
257 emails send on mail6
end = 2018-08-28-10:22:06
I am going to recommend user requests a static IP with an A record in our DNS
servers.
I don't see any down side to asking for that.
Thank you.
-ANGELO FAZZINA
ITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail
ang...@uconn.edu
University of Connecticut, ITS, SSG, Server Systems
860-486-9075
-----Original Message-----
From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> On
Behalf Of Wietse Venema
Sent: Wednesday, August 29, 2018 12:03 PM
To: Postfix users <postfix-users@postfix.org>
Subject: Re: Want to be sure i am not throttling user.
Viktor Dukhovni:
> > 09:22:43 mail4 postfix/smtpd[16278]: connect from unknown[137.99.149.148]
> > 09:22:45 mail4 postfix/smtpd[16278]: disconnect from unknown[137.99.149.148]
> >
> > 09:23:06 mail4 postfix/smtpd[16278]: connect from unknown[137.99.149.148]
> > 09:23:08 mail4 postfix/smtpd[16278]: disconnect from unknown[137.99.149.148]
> >
> > 09:23:12 mail4 postfix/smtpd[16278]: connect from unknown[137.99.149.148]
> > 09:23:15 mail4 postfix/smtpd[16278]: disconnect from unknown[137.99.149.148]
> >
> > 09:23:17 mail4 postfix/smtpd[16278]: connect from unknown[137.99.149.148]
> > 09:23:20 mail4 postfix/smtpd[16278]: disconnect from unknown[137.99.149.148]
>
> If the client is doing one delivery at a time with a new connection for each
> message, with no concurrency, what's interesting to see here is the spacing
> *between* connections, which is considerably longer than the duration of
> connections, which again hints at a possible DNS issue, but you have to
> look more closely.
The time from 'TCP connect' to the time that Postfix logs 'connect
from' includes the time to look up the client hostname (and if
available, IP address for that hostname). This -should- be quick,
but may be slow because of a problem in your local DNS.
Wietse
