Being tormented by a time out

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
26 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Being tormented by a time out

Francisco Neira
Hi all,
Hope you can help me with this.

I did a fresh install of Centos 5 with postfix-2.3.3-2 from RPMs, Spamassassin, Amavisd-new and Clamav. everything is going very good until I send messages to mail.osterlingfirm.com if the message is tiny, there are no problems anything bigger than 100k will receive the following:
Sep  4 16:34:11 mail postfix/smtp[22137]: send attr original_recipient = [hidden email]
Sep  4 16:34:11 mail postfix/smtp[22137]: send attr recipient = [hidden email]
Sep  4 16:34:11 mail postfix/smtp[22137]: send attr dsn_orig_rcpt = [hidden email]
Sep  4 16:34:11 mail postfix/smtp[22137]: send attr reason = conversation with mail.osterlingfirm.com[200.31.124.213] timed out while sending message body
This is the reason why I tweaked (and probably exagerated) the smtp_data parameters.
They have a M$ MTA and as I can read, a Symantec appliance as mailrelay:
220 osterling08.osterlingfirm.com ESMTP Symantec Mail Security

The following is the configuration I am using:

[root@mail postfix]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_size_limit = 9000
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 5
debug_peer_list = osterlingfirm.com
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 300000000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30240000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain
mydomain = midominio.com.pe
myhostname = mail.midominio.com.pe
mynetworks = 127.0.0.0/8, 192.168.100.0/24, 200.62.yyy.xxx/32, 200.62.149.1/32, 190.81.36.162/32, 200.62.www.zzz/32,            200.110.14.94/32, 200.99.93.0/24, 200.99.94.0/24, 200.99.95.0/24,            200.99.65.0/24, 200.99.92.220/32, 200.237.69.219/32, 200.4.245.0/24,            200.22.3.0/24, 200.24.181.0/24, 200.24.183.0/24, 200.37.15.0/24,            200.37.72.0/24, 200.42.3.0/24, 200.44.45.0/24, 200.48.15.0/24,            216.6.88.0/24, 216.6.90.0/24, 216.6.91.0/24, 200.31.96.0/24,            200.31.97.0/24, 200.31.98.0/24, 200.31.99.0/24, 200.62.158.0/24
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_done_timeout = 2200s
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 960s
smtp_destination_recipient_limit = 20
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_etrn_restrictions = reject_unknown_client
smtpd_recipient_limit = 300
smtpd_sender_restrictions = reject_invalid_hostname, reject_unknown_sender_domain
soft_bounce = no
strict_rfc821_envelopes = no
unknown_local_recipient_reject_code = 550

Thanks in advance for your kind attention and comments!

--
Francisco Neira
Usuario Linux # 165985
Lima, Peru -05:00 GMT
Reply | Threaded
Open this post in threaded view
|

Re: Being tormented by a time out

Noel Jones-2
Francisco Neira wrote:

> Hi all,
> Hope you can help me with this.
>
> I did a fresh install of Centos 5 with postfix-2.3.3-2 from RPMs,
> Spamassassin, Amavisd-new and Clamav. everything is going very good
> until I send messages to mail.osterlingfirm.com
> <http://mail.osterlingfirm.com> if the message is tiny, there are no
> problems anything bigger than 100k will receive the following:
> Sep  4 16:34:11 mail postfix/smtp[22137]: send attr original_recipient =
> [hidden email] <mailto:[hidden email]>
> Sep  4 16:34:11 mail postfix/smtp[22137]: send attr recipient =
> [hidden email] <mailto:[hidden email]>
> Sep  4 16:34:11 mail postfix/smtp[22137]: send attr dsn_orig_rcpt =
> rfc822;[hidden email] <mailto:rfc822%[hidden email]>
> Sep  4 16:34:11 mail postfix/smtp[22137]: send attr reason =
> conversation with mail.osterlingfirm.com
> <http://mail.osterlingfirm.com>[200.31.124.213 <http://200.31.124.213>]
> timed out while sending message body
> This is the reason why I tweaked (and probably exagerated) the smtp_data
> parameters.
> They have a M$ MTA and as I can read, a Symantec appliance as mailrelay:
> 220 osterling08.osterlingfirm.com <http://osterling08.osterlingfirm.com>
> ESMTP Symantec Mail Security

[Push the "Plain Text" button when posting from gmail]

Please post complete NON VERBOSE logging of a failed
transaction.  If someone needs verbose logging, they will ask
for it.

It may be helpful also to post a packet capture of a failed
session.
http://www.postfix.org/DEBUG_README.html#sniffer

Are you able to send large mail to other sites successfully?
If this happens with all sites you may have an MTU problem.
Broken MTU is a networking problem, not a postfix problem -
google for more info.

And for a fresh install, why use musty old software?  Current
postfix is 2.5.5 - but this is probably not related to your
problem.  Hopefully you're not using years-old versions of
SpamAssassin, amavisd-new, and clamav also.

--
Noel Jones

>
> The following is the configuration I am using:
>
> [root@mail postfix]# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> bounce_size_limit = 9000
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1 <http://127.0.0.1>]:10024
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 5
> debug_peer_list = osterlingfirm.com <http://osterlingfirm.com>
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
> mail_spool_directory = /var/spool/mail
> mailbox_size_limit = 300000000
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> message_size_limit = 30240000
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
> mail.$mydomain, www.$mydomain, ftp.$mydomain
> mydomain = midominio.com.pe <http://midominio.com.pe>
> myhostname = mail.midominio.com.pe <http://mail.midominio.com.pe>
> mynetworks = 127.0.0.0/8 <http://127.0.0.0/8>, 192.168.100.0/24
> <http://192.168.100.0/24>, 200.62.yyy.xxx/32, 200.62.149.1/32
> <http://200.62.149.1/32>, 190.81.36.162/32 <http://190.81.36.162/32>,
> 200.62.www.zzz/32,            200.110.14.94/32
> <http://200.110.14.94/32>, 200.99.93.0/24 <http://200.99.93.0/24>,
> 200.99.94.0/24 <http://200.99.94.0/24>, 200.99.95.0/24
> <http://200.99.95.0/24>,            200.99.65.0/24
> <http://200.99.65.0/24>, 200.99.92.220/32 <http://200.99.92.220/32>,
> 200.237.69.219/32 <http://200.237.69.219/32>, 200.4.245.0/24
> <http://200.4.245.0/24>,            200.22.3.0/24
> <http://200.22.3.0/24>, 200.24.181.0/24 <http://200.24.181.0/24>,
> 200.24.183.0/24 <http://200.24.183.0/24>, 200.37.15.0/24
> <http://200.37.15.0/24>,            200.37.72.0/24
> <http://200.37.72.0/24>, 200.42.3.0/24 <http://200.42.3.0/24>,
> 200.44.45.0/24 <http://200.44.45.0/24>, 200.48.15.0/24
> <http://200.48.15.0/24>,            216.6.88.0/24
> <http://216.6.88.0/24>, 216.6.90.0/24 <http://216.6.90.0/24>,
> 216.6.91.0/24 <http://216.6.91.0/24>, 200.31.96.0/24
> <http://200.31.96.0/24>,            200.31.97.0/24
> <http://200.31.97.0/24>, 200.31.98.0/24 <http://200.31.98.0/24>,
> 200.31.99.0/24 <http://200.31.99.0/24>, 200.62.158.0/24
> <http://200.62.158.0/24>
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_data_done_timeout = 2200s
> smtp_data_init_timeout = 240s
> smtp_data_xfer_timeout = 960s
> smtp_destination_recipient_limit = 20
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_etrn_restrictions = reject_unknown_client
> smtpd_recipient_limit = 300
> smtpd_sender_restrictions = reject_invalid_hostname,
> reject_unknown_sender_domain
> soft_bounce = no
> strict_rfc821_envelopes = no
> unknown_local_recipient_reject_code = 550
>
> Thanks in advance for your kind attention and comments!
>
> --
> Francisco Neira
> Usuario Linux # 165985
> Lima, Peru -05:00 GMT

Reply | Threaded
Open this post in threaded view
|

Re: Being tormented by a time out

Dennis Hitzigrath
Francisco:

> Francisco Neira wrote:
>> Hi all,
>> Hope you can help me with this.
Not really, but I can feel your pain. I have the same symptoms with
Ubuntu 8.04 and my domain's-relay. Small messages work, big ones
timeout. And if you watch it on iftop you'll see it starting good and
then suddenly stopping and dying.
>>
>> I did a fresh install of Centos 5 with postfix-2.3.3-2 from RPMs,
>> Spamassassin, Amavisd-new and Clamav. everything is going very good
>> until I send messages to mail.osterlingfirm.com
>> <http://mail.osterlingfirm.com> if the message is tiny, there are no
>> problems anything bigger than 100k will receive the following:
If you have the time and the hardware, could you build a CentOS 4 server
as a relay for  "mail.osterlingfirm.com" and see if the problem
persists? That is, you would relay the messages for that domain from
your server to the new CentOS 4 server and from there to
"mail.osterlingfirm.com". Just to see if it works? This is how I could
make it work for me, it's a dumb solution and I hate it, but it works. I
disabled the window size thingy and the ipv6 (on the Ubuntu) and that
didn't change a thing. I had this problem with Postfix 2.5.1, and didn't
notice any other trouble with the network, only this timeout. I would
not know if other domains work, as I can't deliver mail directly; but
again uploads and transfers work OK (also http proxy). I never tried
with CentOS 5 as it felt too new (worried about having the same problem
as with the shiny Ubuntu), but CentOS 4 works.

I am waiting to find the real solution to this problem, (I'm sure it's a
tweak somewhere, but I don't know where, I tried and searched everything
and gave up by now) and I think not many have this kind of problem. At
least now I know that I'm not as nuts as I thought.

And yes, the CentOS 4 also has an "older" version of Postfix, but I'm
guessing it's maintained.

Please let me know if you find a solution to this situation.

Greetings,
dennis.hitzigrath
Reply | Threaded
Open this post in threaded view
|

Add Throttle to outbound email?

Bugzilla from j@mesrobertson.com
We have a client who has done a mailout which adds up to over 1GB in size.

......
1160910 Kbytes in 988 Requests
......

Is there a way I can slow down or throttle the speed at which email is
being sent from a specific email address once the mail is already active?

It is affecting there ADSL connection and users working remotely are
having issues connecting in.

we did advise them to do mailouts after hours but but they decided to do
it anyway...... ho hum

Thanks


Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Noel Jones-2
James Robertson wrote:

> We have a client who has done a mailout which adds up to over 1GB in size.
>
> ......
> 1160910 Kbytes in 988 Requests
> ......
>
> Is there a way I can slow down or throttle the speed at which email is
> being sent from a specific email address once the mail is already active?
>
> It is affecting there ADSL connection and users working remotely are
> having issues connecting in.
>
> we did advise them to do mailouts after hours but but they decided to do
> it anyway...... ho hum
>
> Thanks
>
>

Postfix doesn't have any per-user rate controls (some add-on
policy services can do per-user input rate limits), and output
rate controls are limited to what's available with
http://www.postfix.org/postconf.5.html#default_destination_rate_delay
which is a per-destination limit, not an overall limit.

You could put all those messages on hold and release them
after hours.  man postsuper; man cron

Maybe router or firewall based traffic shaping would help - at
least you could prevent SMTP from hogging all the bandwidth.


--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Being tormented by a time out

Francisco Neira
In reply to this post by Noel Jones-2
Noel Jones wrote:

> Francisco Neira wrote:
>> Hi all,
>> Hope you can help me with this.
>>
>> I did a fresh install of Centos 5 with postfix-2.3.3-2 from RPMs,
>> Spamassassin, Amavisd-new and Clamav. everything is going very good
>> until I send messages to mail.osterlingfirm.com
>> <http://mail.osterlingfirm.com> if the message is tiny, there are no
>> problems anything bigger than 100k will receive the following:
>> Sep  4 16:34:11 mail postfix/smtp[22137]: send attr original_recipient
>> = [hidden email] <mailto:[hidden email]>
>> Sep  4 16:34:11 mail postfix/smtp[22137]: send attr recipient =
>> [hidden email] <mailto:[hidden email]>
>> Sep  4 16:34:11 mail postfix/smtp[22137]: send attr dsn_orig_rcpt =
>> rfc822;[hidden email]
>> <mailto:rfc822%[hidden email]>
>> Sep  4 16:34:11 mail postfix/smtp[22137]: send attr reason =
>> conversation with mail.osterlingfirm.com
>> <http://mail.osterlingfirm.com>[200.31.124.213
>> <http://200.31.124.213>] timed out while sending message body
>> This is the reason why I tweaked (and probably exagerated) the
>> smtp_data parameters.
>> They have a M$ MTA and as I can read, a Symantec appliance as mailrelay:
>> 220 osterling08.osterlingfirm.com
>> <http://osterling08.osterlingfirm.com> ESMTP Symantec Mail Security
>
> [Push the "Plain Text" button when posting from gmail]
>

> Please post complete NON VERBOSE logging of a failed transaction.  If
> someone needs verbose logging, they will ask for it.
>
> It may be helpful also to post a packet capture of a failed session.
> http://www.postfix.org/DEBUG_README.html#sniffer
>
> Are you able to send large mail to other sites successfully?
> If this happens with all sites you may have an MTU problem. Broken MTU
> is a networking problem, not a postfix problem - google for more info.
>
> And for a fresh install, why use musty old software?  Current postfix is
> 2.5.5 - but this is probably not related to your problem.  Hopefully
> you're not using years-old versions of SpamAssassin, amavisd-new, and
> clamav also.
>
Actually I am using the most recent versions of everything in the Centos
  repositories.

The same messages that are accepted in gmail, hotmail and my office's
exim are rejected or at least not completed in that domain.

My logic tells me that the problem is caused by the receiving MTA but I
need to demonstrate that with evidence to a cocky stubborn M$ postmaster.

Nevertheless, I generate the file with tcpdump and tomorrow morning I'll
try to interpret it with wireshark.

Thanks for the ideas and excuse me for that first HTML posting.


--
Francisco Neira Basso
Especialista en Networking y
Seguridad de la InformaciĆ³n


Mensaje enviado desde mi sauco :)
Message sent from my sambucus peruviana



signature.asc (265 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Bugzilla from j@mesrobertson.com
In reply to this post by Noel Jones-2

>
>
> You could put all those messages on hold and release them after
> hours.  man postsuper; man cron
I think i'll go with this.  This might be a dumb question but I have
about 600 messages that all have different ID's.  man postsuper doesn't
highlight how to hold messages from a sender address?

thanks


Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Noel Jones-2
James Robertson wrote:

>
>>
>>
>> You could put all those messages on hold and release them after
>> hours.  man postsuper; man cron
> I think i'll go with this.  This might be a dumb question but I have
> about 600 messages that all have different ID's.  man postsuper doesn't
> highlight how to hold messages from a sender address?
>
> thanks
>
>

see the example under the -d delete option (be sure to use
postsuper -h instead of postsuper -d).

Something like this (untested):

# hold all mail from [hidden email]
mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" }
   { if ($7 == "[hidden email]" )
    print $1 }
   ' | tr -d '*!' | postsuper -h -


--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Sahil Tandon
In reply to this post by Bugzilla from j@mesrobertson.com
James Robertson <[hidden email]> wrote:

> I think i'll go with this.  This might be a dumb question but I have
> about 600 messages that all have different ID's.  man postsuper
> doesn't highlight how to hold messages from a sender address?

There is probably a more elegant way to do this, but you could parse the
output of mailq, and pass the queue IDs to postsuper thusly:

% mailq | grep sender | cut -c 1-9 | postsuper -h -

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Victor Duchovni
On Thu, Sep 04, 2008 at 11:33:25PM -0400, Sahil Tandon wrote:

> James Robertson <[hidden email]> wrote:
>
> > I think i'll go with this.  This might be a dumb question but I have
> > about 600 messages that all have different ID's.  man postsuper
> > doesn't highlight how to hold messages from a sender address?
>
> There is probably a more elegant way to do this, but you could parse the
> output of mailq, and pass the queue IDs to postsuper thusly:
>
> % mailq | grep sender | cut -c 1-9 | postsuper -h -

Postfix queue-ids don't have a fixed width, this is wrong. The length
of a queue-id depends on the numerical range of mail queue inode numbers.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Bugzilla from j@mesrobertson.com
In reply to this post by Noel Jones-2

>
> see the example under the -d delete option (be sure to use postsuper
> -h instead of postsuper -d).
>
> Something like this (untested):
>
> # hold all mail from [hidden email]
> mailq | tail +2 | grep -v '^ *(' | awk  'BEGIN { RS = "" }
>   { if ($7 == "[hidden email]" )
>    print $1 }
>   ' | tr -d '*!' | postsuper -h -
>
>
great!

that worked a treat.

Cheers Noel!
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Sahil Tandon
In reply to this post by Victor Duchovni
Victor Duchovni <[hidden email]> wrote:

> > % mailq | grep sender | cut -c 1-9 | postsuper -h -
>
> Postfix queue-ids don't have a fixed width, this is wrong. The length
> of a queue-id depends on the numerical range of mail queue inode
> numbers.

Woops, sorry for the noise; maybe the following variant, if the OP wants
to HOLD messages in the active queue:

% mailq | grep sender | cut -d \* -f 1 | postsuper -h -

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Victor Duchovni
On Fri, Sep 05, 2008 at 12:15:19AM -0400, Sahil Tandon wrote:

> Victor Duchovni <[hidden email]> wrote:
>
> > > % mailq | grep sender | cut -c 1-9 | postsuper -h -
> >
> > Postfix queue-ids don't have a fixed width, this is wrong. The length
> > of a queue-id depends on the numerical range of mail queue inode
> > numbers.
>
> Woops, sorry for the noise; maybe the following variant, if the OP wants
> to HOLD messages in the active queue:
>
> % mailq | grep sender | cut -d \* -f 1 | postsuper -h -

Not all the messages will be in the active queue, so "*" is not
the right delimeter. I am afraid cut(1) is the wrong tool for
the job.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Being tormented by a time out

mouss-2
In reply to this post by Francisco Neira
Francisco Neira wrote:

>
> Actually I am using the most recent versions of everything in the Centos
>  repositories.
>

You can use
        http://postfix.wl0.org/


> The same messages that are accepted in gmail, hotmail and my office's
> exim are rejected or at least not completed in that domain.
>
> My logic tells me that the problem is caused by the receiving MTA but I
> need to demonstrate that with evidence to a cocky stubborn M$ postmaster.
>

it may be that the server disconnects because of message size limits.

http://service1.symantec.com/support/ent-gate.nsf/docid/2007090713043654

or it may be a network problem. for example, aggressive ICMP filtering
will break PMTU discovery (ICMP type 3 Code 4 is needed for PMTU discovery):

$ ping mail.osterlingfirm.com
PING mail.osterlingfirm.com (200.31.124.213): 56 data bytes
^C
--- mail.osterlingfirm.com ping statistics ---
19 packets transmitted, 0 packets received, 100.0% packet loss

so it looks like they love icmp filtering... sigh.

another candidate is TCP windows scaling, which is mishandled by old
firewalls.
http://www.google.fr/search?q=firewall+bug+tcp+windows+scaling
If this is the case, transfers from a "recent" system (linux, bsd, ...
windows vista) may fail.

> Nevertheless, I generate the file with tcpdump and tomorrow morning I'll
> try to interpret it with wireshark.
>
> Thanks for the ideas and excuse me for that first HTML posting.
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Sahil Tandon
In reply to this post by Victor Duchovni
Victor Duchovni <[hidden email]> wrote:

> > Woops, sorry for the noise; maybe the following variant, if the OP
> > wants to HOLD messages in the active queue:
> >
> > % mailq | grep sender | cut -d \* -f 1 | postsuper -h -
>
> Not all the messages will be in the active queue, so "*" is not
> the right delimeter.

This is why, above, I wrote _if_ the OP wants to HOLD messages in the
_active_ queue.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Victor Duchovni
On Fri, Sep 05, 2008 at 07:46:53AM -0400, Sahil Tandon wrote:

> Victor Duchovni <[hidden email]> wrote:
>
> > > Woops, sorry for the noise; maybe the following variant, if the OP
> > > wants to HOLD messages in the active queue:
> > >
> > > % mailq | grep sender | cut -d \* -f 1 | postsuper -h -
> >
> > Not all the messages will be in the active queue, so "*" is not
> > the right delimeter.
>
> This is why, above, I wrote _if_ the OP wants to HOLD messages in the
> _active_ queue.

Better tools than cut have been posted before. Piping garbage into
postsuper -h - is not a good idea.

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Juan Miscaro-2
In reply to this post by Noel Jones-2
2008/9/4 Noel Jones <[hidden email]>:

> James Robertson wrote:
>>
>> We have a client who has done a mailout which adds up to over 1GB in size.
>>
>> ......
>> 1160910 Kbytes in 988 Requests
>> ......
>>
>> Is there a way I can slow down or throttle the speed at which email is
>> being sent from a specific email address once the mail is already active?
>>
>> It is affecting there ADSL connection and users working remotely are
>> having issues connecting in.
>>
>> we did advise them to do mailouts after hours but but they decided to do
>> it anyway...... ho hum
>>
>> Thanks
>>
>>
>
> Postfix doesn't have any per-user rate controls (some add-on policy services
> can do per-user input rate limits), and output rate controls are limited to
> what's available with
> http://www.postfix.org/postconf.5.html#default_destination_rate_delay
> which is a per-destination limit, not an overall limit.

[...]

> Maybe router or firewall based traffic shaping would help - at least you
> could prevent SMTP from hogging all the bandwidth.

That's an interesting option.  How would Postfix react to saturated
bandwidth?  Will it simply defer messages and try again?

/juan
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Wietse Venema
Juan Miscaro:

> > Postfix doesn't have any per-user rate controls (some add-on policy services
> > can do per-user input rate limits), and output rate controls are limited to
> > what's available with
> > http://www.postfix.org/postconf.5.html#default_destination_rate_delay
> > which is a per-destination limit, not an overall limit.
>
> [...]
>
> > Maybe router or firewall based traffic shaping would help - at least you
> > could prevent SMTP from hogging all the bandwidth.
>
> That's an interesting option.  How would Postfix react to saturated
> bandwidth?  Will it simply defer messages and try again?

Postfix handles timeouts as required by the RFC.

But there is no reason why Postfix should time out when bandwidth
is limited. Just reduce main.cf:default_process_limit so you don't
try to run an insane number of email deliveries in parallel.

In your case, putting the mail "on hold" is an appropriate solution.
You can do this while mail arrives (header/body_checks or perhaps
smtpd_sender_restrictions) or after-the-fact with mailq|postsuper.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Hannes Erven
In reply to this post by Juan Miscaro-2
Juan Miscaro schrieb:
>> James Robertson wrote:
 >>
>> Maybe router or firewall based traffic shaping would help - at least you
>> could prevent SMTP from hogging all the bandwidth.
>
> That's an interesting option.  How would Postfix react to saturated
> bandwidth?  Will it simply defer messages and try again?

We use a setting like this at one of our clients:

iptables -I OUTPUT -d \! "192.168.1.0/24" -p tcp --dport 25 -j DROP
iptables -I OUTPUT -d \! "192.168.1.0/24" -p tcp --dport 25 -m limit
--limit 240/sec -j ACCEPT
iptables -I OUTPUT -d     "127.0.0.1/24" -p tcp --dport 25 -j ACCEPT


(Rules are "in reverse order" since they are inserted.)

This allows traffic to the smtp on localhost (127.0.0.1) and the local
network (192.168.1.0/24) with no limits and restricts smtp traffic to
other destinations to 240 packets per second.
Since one packet is roughly 1500 bytes, SMTP traffic has a maximum of
about 3.6 MBit/sec. We use this setting on a 4MBit/sec DSL line.

It is transparent to postfix whether your uplink is slow or if you drop
packets with iptables: the tcp layer will throttle the connections and
retransmit packets as appropriate.

As has been said, you should configure postfix to a "sane" number of
parallel deliveries. And you should also make sure that there is enough
space on the queue partition when the client starts their mailing ;-)


-hannes
Reply | Threaded
Open this post in threaded view
|

Re: Add Throttle to outbound email?

Sahil Tandon
In reply to this post by Victor Duchovni
Victor Duchovni <[hidden email]> wrote:

> > > Not all the messages will be in the active queue, so "*" is not
> > > the right delimeter.
> >
> > This is why, above, I wrote _if_ the OP wants to HOLD messages in the
> > _active_ queue.
>
> Better tools than cut have been posted before. Piping garbage into
> postsuper -h - is not a good idea.

How is the output of cut in last example "garbage"?

--
Sahil Tandon <[hidden email]>
12