Re: Excursus Retry 451 452 Strategies

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Excursus Retry 451 452 Strategies

Viktor Dukhovni


> On Jul 29, 2019, at 10:22 AM, Дилян Палаузов <[hidden email]> wrote:
>
> My reading of your answer is, that by default, if some recipients are accepted and others 451/452 rejected, postfix
> closes the SMTP session, reopens a new SMTP session to the same host and tries again to that host (smtp_mx_session_limit default 2).

No.  After a tempfail, the retry happens with any remaining MX host IP addresses
(the purported hostname is irrelevant), or else the remaining recipients are deferred.
The retry is not with "the same" IP address.

> That is, for a message with 11 recipients, if the SMTP accepts one recepient per SMTP transaction and defers the others
> recipient, for a domain having 50 different IP addresses, postfix will deliver the mail to the first ten recipients
> almost at the same time, and delivery to the 11th recipient will be postponed to whenever postfix is configured to
> retry.

No, the first 2 recipients will be delivered (limit of two sessions
per-envelope, per queue activation) and the rest deferred.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Excursus Retry 451 452 Strategies

Viktor Dukhovni


> On Jul 29, 2019, at 1:29 PM, Дилян Палаузов <[hidden email]> wrote:
>
> SpamAssassin recomends inserting fake (lowest and highest) MX records
> https://cwiki.apache.org/confluence/display/spamassassin/OtherTricks to reduce Spam.  E.g. MX aegee.org resolves to 90
> mxf-2.aegee.org. / 10 mail.aegee.org. / 1 mxf-1.aegee.org. and on mxf-1,2.aegee.org there is no SMTP server.

All sorts howtos recommend all sorts of cargo-cult advice, much of
worthless.  This particular one is somewhat popular, but I'm aware
of any evidence of its efficacy.  I prefer reliable, timely email
delivery.

> A mail has 3 recipients and is sent to a domain with fake MX records deployed, but otherwise has 50 distinct accepting
> IP addresses behind the MX records.  The smtp server accepts one recipient per transaction and 451 defers the other
> recipients.  Postfix picks up to 5 (smtp_mx_address_limit) distinct IP addresses from DNS.  Postfix will connect first
> to the fake MX host.

No, because the guide recommends having no SMTP server at the fake
address, so that connection is refused, and Postfix immediately tries
the real MX host.

> Then postfix connects to two other hosts and each host consumes one recipient.  Then postfix gives
> up and retries delivery to the last recipient later.

What is the origin this "one recipient" meme.  Postfix sends
at most 50 by default, and the real MX is expected to accept
them all.

> Why doesn’t postfix handle the 4.5.3 status code in a special way?   As long as per iteration the number of recipients
> is reduced, keep retrying without giving up.

Postfix strives to avoid tying up delivery agents on a single
message for too long, your strategy will too easily impose
unreasonable delays on delivery to other destinations.

If some site has a poorly thought out recipient limit of 1,
they suffer, not everyone else.

--
        Viktor.