> On Aug 29, 2018, at 12:19 PM, Fazzina, Angelo <angelo.fazz...@uconn.edu>
> wrote:
>
> In answer to: "I get a quick NXDOMAIN. Is that also true for your mail
> server?"
> Yes i get the same results when i do a "dig -x 137.99.149.148" or
> "nslookup 137.99.149.148"
Are you doing the test on the MTA, or a nearby machine? As "root", or as the
"postfix" user?
Is the Postfix smtpd(8) service the user is connecting to chrooted? Look
carefully at the
relevant master.cf entries. If chrooted, check for a working etc/resolv.conf
in the chroot
jail (queue_directory).
> My response to the user has always been it is the client that is sending
> slow, i am just learning how to prove it with my logs.
> I also noticed the repeated new connections, but always blamed the client for
> doing that and not holding onto the connection, and send multiple emails.
Though a new connection for each message is less efficient, it should not be
prohibitively so,
the user should still be able to send O(10) messages per second. Not O(10s)
per message.
> I take this literally "disconnect from unknown[137.99.149.148]" and not that
> Postfix disconnected from the client, but the client disconnected from
> Postfix server.
Yes, the client sends "QUIT" and disconnects.
> In answer to : "How many messages were sent by that user during a sustained
> transmission window."
> "What was the arrival rate? Did it change over that window?"
>
> My claim that i am trying to prove is there is no "sustained
> transmission window" hence the constant connect and disconnect seen in the
> logs.
A sustained transmission window is a period of time during which the client is
actively sending a batch of mail.
> This is what i saw in the logs,
> start = 2018-08-28-09:22:43
> 166 emails sent on mail4
> end = 2018-08-28-10:22:20
166 messages per hour is rather slow. Was this a sustained batch,
or did you arbitrarily choose an hour. Perhaps most of the 166
arrived during the first few minutes??? You need to aggregate
the deliveries by the arrival minute and look at a histogram
of messages per minute.
This is a data analysis problem, you should be able to figure it out,
by rolling up your sleeves and looking carefully at the data. You
may also need PCAP files for the next file this user sends a batch
of mail, so you can see what happens after TCP connection setup.
--
Viktor.
