Greg Sims:
> The situation with outlook got much worse in our overnight runs. We
> transferred 7K subscriber emails to relays ending in outlook.com and
> saw the following feedback in our logs:
>
> MaxConnections: 83, Connection: 1386, RateLimited: 6392
>
> where the following regexp is used in our log post-processor:
>
> MaxConnection -- "^.*: to=<.*>.* said: 451 4.7.652 The mail server .*
> has exceeded the maximum number of connections.*$"
>
> Connection -- "^.*: lost connection with.* while sending RCPT TO.*$"
> (and the like)
>
> RateLimited -- "^.*The mail server .* has been temporarily rate
> limited due to IP reputation.*$"
Have you ever figured out if the initial problem is *concurrency*
or *connection rate* based? (They may rate limit because of an
earlier concurrency violation).
> We made three changes to our configuration yesterday:
>
> (1) smtpd_tls_security_level = none & smtp_tls_security_level = none
> in main.cf as we do not need TLS and do not have it configured. We
> are now seeing "conn_use=" in our logs for the first time.
>
> (2) outlook unix - - n - 6 smtp
> -o syslog_name=outlook
> -o smtp_connection_cache_on_demand=no
>
> (3) we increased our email arrival rate from 500 to 1000 over the past
> two days. this is likely a primary factor.
>
> I looked for domains that *are not* using the outlook: transport but
> are using the outlook.com relay servers. There are 383 such domains
> -- the vast majority are one email address per domain. These domains
> are competing for the limited number of outlook.com connections and
> they are not being controlled by the outlook: transport process limit
> in master.cf. Adding 383 domains to outlook: in transport.regexp
> seems a bit extreme and would be impossible to maintain. How can we
> control the number of connections made on behalf of this set of
> domains to the outlook.com relay servers?
With automated logfile analysis, such domains could be added to a
transport map. Once a map is populated there will be a trickle of
updates.
There is a crude way to automatically group messages by destination
MX hosts, but thath works only for the special case that all messages
have exactly one recipient or all recipients in the same domain.
/etc/postfix/main.cf:
check_recipient_mx_access pcre:/etc/postfix/mx_access
/etc/postfix/mx_access:
/\.outlook\.com$/ FILTER outlook:
# other patterns...
That will send a message to outlook if any MX looks like outlook.
> My solution, without additional input, is to reduce our email arrival
> rate from 1000 to 500 emails per minute. I will also reduce the
> outlook: processes to 2 in master.cf and
> "outlook_destination_concurrency_limit = 2" in main.cf in hopes this
> will minimize the feedback log messages we are seeing from outlook
> relay servers. This "solution" is Very constraining. The google.com
> relay servers can transfer 10,000 emails per minute without a single
> feedback message in the logs. This "solution" is limiting the
> delivery rate of ALL domains at the expense of the outlook.com
> connection limitations. I hope there is a better solution!
The better solution is to be whitelisted at outlook.com.
Otherwise, to send 10,000 emails per minute to other sites, you
need a transport map to group the outlook-based domains.
Wietse
