Connection reusing with smtp-relay.gmail.com port 465 or 587

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Connection reusing with smtp-relay.gmail.com port 465 or 587

Vladimir Hidalgo
Hi,

I'm using Postfix inside Google Cloud Compute Engine with outbound
port 25 blocked by default and I want to use Postfix to relay email
from my org.

I've setup both SSL and TLS modes successfully (diff installations)
but the problem is that I generate an unique email for each of the
1000 recipients and sending this causes a DoS alert on Gmail after
about 50 consecutive emails.

Their support advice to reuse the connection to send more than 1 email
per connection, but as per the documentation TLS / 587 is not
supported for connection caching.

What about SMTPS on port 465?. I've successfully configured Postfix by using:

relayhost = [smtp-relay.gmail.com]:465
smtp_use_tls = no
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt
smtp_connection_cache_destinations = smtp-relay.gmail.com
connection_cache_ttl_limit = 5m
smtp_destination_concurrency_limit = 1
smtp_destination_rate_delay = 5s


And testing with 1000 emails in queue I got:

Jan 31 04:51:03 edited--email-relay-2 postfix/smtp[9728]: C0C926255F:
to=<[hidden email]>,
relay=smtp-relay.gmail.com[74.125.28.28]:465, delay=3541,
delays=1885/1656/0.49/0.27, dsn=2.0.0, status=sent (250 2.0.0 OK
1517374263 u74sm4385834itb.2 - gsmtp)


I see no conn_use on the log and I'm not sure if cache is also not
supported on this SMTPS mode?

Thanks for any advice on how to cache the connections!
Reply | Threaded
Open this post in threaded view
|

Re: Connection reusing with smtp-relay.gmail.com port 465 or 587

Viktor Dukhovni


> On Jan 30, 2018, at 11:53 PM, Vladimir Hidalgo <[hidden email]> wrote:
>
> I'm using Postfix inside Google Cloud Compute Engine with outbound
> port 25 blocked by default and I want to use Postfix to relay email
> from my org.
>
> I've setup both SSL and TLS modes successfully (diff installations)
> but the problem is that I generate an unique email for each of the
> 1000 recipients and sending this causes a DoS alert on Gmail after
> about 50 consecutive emails.
>
> Their support advice to reuse the connection to send more than 1 email
> per connection, but as per the documentation TLS / 587 is not
> supported for connection caching.
>
> What about SMTPS on port 465?. I've successfully configured Postfix by using:

Postfix does not support TLS connection re-use.  The destination port
plays no role in this, nor does use of wrapper-mode vs. STARTTLS.

I'm afraid you'll need to find a nexthop relay that is willing to accept
your mail traffic one message per connection.  You can configure a TLS
session cache (smtp_tls_session_cache_database) to reduce the cost of
setting up TLS for each message.  This may not appease the resource
limits imposed by your current relay provider, but it won't hurt.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Connection reusing with smtp-relay.gmail.com port 465 or 587

Vladimir Hidalgo
Thank you Viktor, looks like my best bet is to either have another
sever that relays the TCP data from any another port to
smtp-relay.gmail.com's port 25 just to bypass the random restriction
in Google Cloud and make use of connection caching to comply their
requirements. Sadly, changing provider is not an option for me ATM.

Best regards.
Reply | Threaded
Open this post in threaded view
|

Re: Connection reusing with smtp-relay.gmail.com port 465 or 587

Bastian Blank-3
In reply to this post by Vladimir Hidalgo
On Tue, Jan 30, 2018 at 10:53:20PM -0600, Vladimir Hidalgo wrote:
> smtp_destination_concurrency_limit = 1

Please read again what this setting does.  Then remove it.

However I don't think GMail likes it to be used as mass mail sender.

> I see no conn_use on the log and I'm not sure if cache is also not
> supported on this SMTPS mode?

Nope, it is not.

Bastian

--
Live long and prosper.
                -- Spock, "Amok Time", stardate 3372.7