Loading ...
Sorry, an error occurred while loading the content.
 

Configuration help

Expand Messages
  • Matthew Claridge
    Hi all, Sorry if this is a really basic question. I ve had a look at the website docs etc, but just want to check here as Postfix is new to me and I haven t
    Message 1 of 15 , Jul 14, 2006
      Hi all,

      Sorry if this is a really basic question. I've had a look at the website
      docs etc, but just want to check here as Postfix is new to me and I
      haven't touched Sendmail for a long time.

      Basically, we currently run a sendmail relay server, which accepts
      incoming email from the internet (from specific addresses - we use an
      anti-virus gateway) for our domains and relays it to our main, internal
      mail server. It also accepts outgoing email from our main server and
      relays that directly to the recipient. There are no user accounts,
      mailboxes or local mail on this relay machine.

      I need to commission a new server for this role and am thinking of
      moving to Postfix as this seems to be well regarded and is reportedly
      easier to maintain. Would postfix be suitable for the role described
      above? If so, what basic configuration would I require for this? If I
      then wanted to switch from sending mail directly, to sending it via our
      anti-virus gateway, how would I do this, assuming the AV gateway has
      multiple possible IP addresses?

      I appreciate this is really basic but I could do with a leg up here :-)

      Many thanks all,
      Matt
    • Noel Jones
      ... Yes, postfix is suitable for this task. Some starting places for your reading adventure... http://www.postfix.org/BASIC_CONFIGURATION_README.html
      Message 2 of 15 , Jul 14, 2006
        At 05:38 AM 7/14/2006, Matthew Claridge wrote:

        >Basically, we currently run a sendmail relay server, which
        >accepts incoming email from the internet (from specific
        >addresses - we use an anti-virus gateway) for our domains
        >and relays it to our main, internal mail server. It also
        >accepts outgoing email from our main server and relays
        >that directly to the recipient. There are no user
        >accounts, mailboxes or local mail on this relay machine.

        Yes, postfix is suitable for this task. Some starting
        places for your reading adventure...
        http://www.postfix.org/BASIC_CONFIGURATION_README.html
        http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

        >If I then wanted to switch from sending mail directly, to
        >sending it via our anti-virus gateway, how would I do
        >this, assuming the AV gateway has multiple possible IP
        >addresses?

        You can tell postfix to send all mail through an external
        host with the relayhost parameter. Use MX records to
        control how multiple IPs are used.
        http://www.postfix.org/postconf.5.html#relayhost

        --
        Noel Jones
      • Matthew Claridge
        Thanks Noel. I ve put together the following config for this server: myorigin = $mydomain mydestination = local_recipient_maps = local_transport = error:local
        Message 3 of 15 , Jul 18, 2006
          Thanks Noel.

          I've put together the following config for this server:

          myorigin = $mydomain
          mydestination =
          local_recipient_maps =
          local_transport = error:local mail delivery is disabled
          mynetworks = x.x.x.x (domain IP range)
          relay_domains = $mydomain
          relayhost =
          notify_classes = bounce, delay, policy, protocol, resource, software
          masquerade_domains = $mydomain
          virtual_alias_maps = hash:/etc/postfix/virtual
          parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
          smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
          relay_recipient_maps =
          transport_maps = hash:/etc/postfix/transport

          and probably these options as well:

          alias_maps = $alias_database
          disable_vrfy_command = yes
          smtpd_banner = $myhostname NO USE ESMTP
          biff = no

          Which I have to say doesn't look that much simpler than sendmail :-)

          Anyway, /etc/postfix/virtual contains postmaster and abuse addresses
          mapped to internal accounts and /etc/postfix//transport contains the ip
          address of our internal smtp server.

          Does this look ok to everyone? I'd really like to swap these servers and
          be confident this one will slot in and take over, but I'm really not :-)

          thanks in advance,
          Matt

          on 14/07/2006 17:49 Noel Jones said the following:

          > At 05:38 AM 7/14/2006, Matthew Claridge wrote:
          >
          >> Basically, we currently run a sendmail relay server, which accepts
          >> incoming email from the internet (from specific addresses - we use an
          >> anti-virus gateway) for our domains and relays it to our main,
          >> internal mail server. It also accepts outgoing email from our main
          >> server and relays that directly to the recipient. There are no user
          >> accounts, mailboxes or local mail on this relay machine.
          >
          >
          > Yes, postfix is suitable for this task. Some starting places for your
          > reading adventure...
          > http://www.postfix.org/BASIC_CONFIGURATION_README.html
          > http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
          >
          >> If I then wanted to switch from sending mail directly, to sending it
          >> via our anti-virus gateway, how would I do this, assuming the AV
          >> gateway has multiple possible IP addresses?
          >
          >
          > You can tell postfix to send all mail through an external host with
          > the relayhost parameter. Use MX records to control how multiple IPs
          > are used.
          > http://www.postfix.org/postconf.5.html#relayhost
          >

          --
          Matthew Claridge
          Product Support Engineer
          RWA Limited

          Tel: 02920 815 054
          Email: mclaridge@...
          Web: www.rwa-net.co.uk
        • Ralf Hildebrandt
          ... Not needed. Default. ... I m not sure that s needed. ... I m not sure that s needed. ... Not needed. Default. ... Not needed. Default. -- Ralf Hildebrandt
          Message 4 of 15 , Jul 18, 2006
            * Matthew Claridge <mclaridge@...>:
            > Thanks Noel.
            >
            > I've put together the following config for this server:
            >
            > myorigin = $mydomain
            > mydestination =
            > local_recipient_maps =
            > local_transport = error:local mail delivery is disabled
            > mynetworks = x.x.x.x (domain IP range)
            > relay_domains = $mydomain

            > relayhost =
            Not needed. Default.

            > notify_classes = bounce, delay, policy, protocol, resource, software
            I'm not sure that's needed.

            > masquerade_domains = $mydomain
            > virtual_alias_maps = hash:/etc/postfix/virtual

            > parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
            I'm not sure that's needed.

            > smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
            Not needed. Default.

            > relay_recipient_maps =
            Not needed. Default.

            --
            Ralf Hildebrandt (Ralf.Hildebrandt@...) spamtrap@...
            Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
            http://www.postfix-buch.com
            arbeit! geissel der menschheit! / verflucht seist du bis ans ende
            aller tage / du, die du uns elend bringst und not / uns zu krueppeln
            machst und zu idioten / uns schlechte laune schaffst und unnuetz
            zwietracht saest / uns den tag raubst und die nacht / verflucht seist
            du / verflucht / in ewigkeit / amen
          • Victor Duchovni
            ... I usually go with notify_classes = software or notify_classes = . At a high volume installation per problem instance notification is not an option,
            Message 5 of 15 , Jul 18, 2006
              On Tue, Jul 18, 2006 at 04:34:15PM +0200, Ralf Hildebrandt wrote:

              > > notify_classes = bounce, delay, policy, protocol, resource, software
              > I'm not sure that's needed.

              I usually go with "notify_classes = software" or "notify_classes =". At
              a high volume installation per problem instance notification is not
              an option, don't want to also DoS my IMAP server when the gateway is under
              stress.

              > > parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
              > I'm not sure that's needed.

              This is actually a good idea. One should work to remove "stmpd_access_maps"
              too, but that means duplicating many of the legacy entries.

              --
              Viktor.

              P.S. Morgan Stanley is looking for a New York City based, Senior Unix
              system/email administrator to architect and sustain the Unix email
              environment. If you are interested, please drop me a note.

              Disclaimer: off-list followups get on-list replies or get ignored.
              Please do not ignore the "Reply-To" header.

              To unsubscribe from the postfix-users list, visit
              http://www.postfix.org/lists.html or click the link below:
              <mailto:majordomo@...?body=unsubscribe%20postfix-users>

              If my response solves your problem, the best way to thank me is to not
              send an "it worked, thanks" follow-up. If you must respond, please put
              "It worked, thanks" in the "Subject" so I can delete these quickly.
            • Noel Jones
              ... [please don t top post] It s well worth your time to create a procedure to validate recipients and not accept and bounce all the crap thrown your way.
              Message 6 of 15 , Jul 18, 2006
                At 09:24 AM 7/18/2006, Matthew Claridge wrote:
                >Thanks Noel.
                >
                >I've put together the following config for this server:
                >
                >myorigin = $mydomain
                >mydestination =
                >local_recipient_maps =
                >local_transport = error:local mail delivery is disabled
                >mynetworks = x.x.x.x (domain IP range)
                >relay_domains = $mydomain
                >relayhost =
                >notify_classes = bounce, delay, policy, protocol,
                >resource, software
                >masquerade_domains = $mydomain
                >virtual_alias_maps = hash:/etc/postfix/virtual
                >parent_domain_matches_subdomains = debug_peer_list
                >smtpd_access_maps
                >smtpd_recipient_restrictions = permit_mynetworks
                >reject_unauth_destination
                >relay_recipient_maps =
                >transport_maps = hash:/etc/postfix/transport

                [please don't top post]
                It's well worth your time to create a procedure to validate
                recipients and not accept and bounce all the crap thrown
                your way. Either use the preferred relay_recipient_maps or
                use reject_unverified_recipient.
                http://www.postfix.org/postconf.5.html#relay_recipient_maps
                http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient


                >and probably these options as well:
                >
                >alias_maps = $alias_database
                >disable_vrfy_command = yes
                >smtpd_banner = $myhostname NO USE ESMTP

                The banner is incorrect. It must be $myhostname
                ESTMP other text...
                If your intention is to disable ESTMP, you can't.


                >biff = no
                >
                >Which I have to say doesn't look that much simpler than
                >sendmail :-)
                >
                >Anyway, /etc/postfix/virtual contains postmaster and abuse
                >addresses mapped to internal accounts and
                >/etc/postfix//transport contains the ip address of our
                >internal smtp server.
                >
                >Does this look ok to everyone? I'd really like to swap
                >these servers and be confident this one will slot in and
                >take over, but I'm really not :-)

                Testing is always a good idea.
                When you first put the server on-line you may want to use
                soft_bounce = yes
                temporarily, but be *sure* to remove that line as soon as
                the server looks as if it's working properly, this setting
                is for testing only.
                http://www.postfix.org/postconf.5.html#soft_bounce

                --
                Noel Jones
              • Matthew Claridge
                ... Yes, realised my mistake with this - this isn t logging, its postmaster emails! I don t want all those emails either :-) ... I don t actually fully
                Message 7 of 15 , Jul 18, 2006
                  on 18/07/2006 15:47 Victor Duchovni said the following:

                  >On Tue, Jul 18, 2006 at 04:34:15PM +0200, Ralf Hildebrandt wrote:
                  >
                  >
                  >
                  >>>notify_classes = bounce, delay, policy, protocol, resource, software
                  >>>
                  >>>
                  >>I'm not sure that's needed.
                  >>
                  >>
                  >
                  >I usually go with "notify_classes = software" or "notify_classes =". At
                  >a high volume installation per problem instance notification is not
                  >an option, don't want to also DoS my IMAP server when the gateway is under
                  >stress.
                  >
                  >
                  Yes, realised my mistake with this - this isn't logging, its postmaster
                  emails! I don't want all those emails either :-)

                  >
                  >
                  >>>parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
                  >>>
                  >>>
                  >>I'm not sure that's needed.
                  >>
                  >>
                  >
                  >This is actually a good idea. One should work to remove "stmpd_access_maps"
                  >too, but that means duplicating many of the legacy entries.
                  >
                  >
                  I don't actually fully understand this but the guide said it was a good
                  idea.....
                • Victor Duchovni
                  ... The primary consequence of this setting is that relay_domains does not by default match all sub-domains, you need to explicitly add .domain.tld to
                  Message 8 of 15 , Jul 18, 2006
                    On Tue, Jul 18, 2006 at 04:10:43PM +0100, Matthew Claridge wrote:

                    > >>>parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
                    > >>>
                    > >>I'm not sure that's needed.
                    > >
                    > >This is actually a good idea. One should work to remove "stmpd_access_maps"
                    > >too, but that means duplicating many of the legacy entries.
                    >
                    > I don't actually fully understand this but the guide said it was a good
                    > idea.....

                    The primary consequence of this setting is that "relay_domains"
                    does not by default match all sub-domains, you need to explicitly add
                    ".domain.tld" to match sub-domains. This is good. It prevents accidental
                    misclassification of sub-domains. The default is:

                    parent_domain_matches_subdomains =
                    debug_peer_list,
                    fast_flush_domains,
                    mynetworks,
                    permit_mx_backup_networks,
                    qmqpd_authorized_clients,
                    relay_domains,
                    smtpd_access_maps

                    You should never list domains in mynetworks, permit_mx_backup_networks or
                    qmqpd_autherized_clients, so that means that you are just excluding
                    "fast_flush_domains" and "relay_domains".

                    --
                    Viktor.

                    P.S. Morgan Stanley is looking for a New York City based, Senior Unix
                    system/email administrator to architect and sustain the Unix email
                    environment. If you are interested, please drop me a note.

                    Disclaimer: off-list followups get on-list replies or get ignored.
                    Please do not ignore the "Reply-To" header.

                    To unsubscribe from the postfix-users list, visit
                    http://www.postfix.org/lists.html or click the link below:
                    <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                    If my response solves your problem, the best way to thank me is to not
                    send an "it worked, thanks" follow-up. If you must respond, please put
                    "It worked, thanks" in the "Subject" so I can delete these quickly.
                  • Matthew Claridge
                    ... Sorry ... Yes, I thought about doing this but not sure I want the overhead of maintaining users on two different servers, especially when users can freely
                    Message 9 of 15 , Jul 18, 2006
                      on 18/07/2006 15:48 Noel Jones said the following:

                      > At 09:24 AM 7/18/2006, Matthew Claridge wrote:
                      >
                      >> Thanks Noel.
                      >>
                      >> I've put together the following config for this server:
                      >>
                      >> myorigin = $mydomain
                      >> mydestination =
                      >> local_recipient_maps =
                      >> local_transport = error:local mail delivery is disabled
                      >> mynetworks = x.x.x.x (domain IP range)
                      >> relay_domains = $mydomain
                      >> relayhost =
                      >> notify_classes = bounce, delay, policy, protocol, resource, software
                      >> masquerade_domains = $mydomain
                      >> virtual_alias_maps = hash:/etc/postfix/virtual
                      >> parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
                      >> smtpd_recipient_restrictions = permit_mynetworks
                      >> reject_unauth_destination
                      >> relay_recipient_maps =
                      >> transport_maps = hash:/etc/postfix/transport
                      >
                      >
                      > [please don't top post]

                      Sorry

                      > It's well worth your time to create a procedure to validate recipients
                      > and not accept and bounce all the crap thrown your way. Either use
                      > the preferred relay_recipient_maps or use reject_unverified_recipient.
                      > http://www.postfix.org/postconf.5.html#relay_recipient_maps
                      > http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient

                      Yes, I thought about doing this but not sure I want the overhead of
                      maintaining users on two different servers, especially when users can
                      freely add aliases on our internal server...the docs don't say anything
                      about how Postfix probes for addresses when there's no list - is this
                      reliable and accurate?

                      >
                      >
                      >> and probably these options as well:
                      >>
                      >> alias_maps = $alias_database
                      >> disable_vrfy_command = yes
                      >> smtpd_banner = $myhostname NO USE ESMTP
                      >
                      >
                      > The banner is incorrect. It must be $myhostname ESTMP other text...
                      > If your intention is to disable ESTMP, you can't.

                      That should be NO UCE.....I copied it that way round from the config
                      guide :-) I'll swap it around then :-)

                      >
                      >
                      >> biff = no
                      >>
                      >> Which I have to say doesn't look that much simpler than sendmail :-)
                      >>
                      >> Anyway, /etc/postfix/virtual contains postmaster and abuse addresses
                      >> mapped to internal accounts and /etc/postfix//transport contains the
                      >> ip address of our internal smtp server.
                      >>
                      >> Does this look ok to everyone? I'd really like to swap these servers
                      >> and be confident this one will slot in and take over, but I'm really
                      >> not :-)
                      >
                      >
                      > Testing is always a good idea.
                      > When you first put the server on-line you may want to use
                      > soft_bounce = yes
                      > temporarily, but be *sure* to remove that line as soon as the server
                      > looks as if it's working properly, this setting is for testing only.
                      > http://www.postfix.org/postconf.5.html#soft_bounce
                      >
                      This is helpful, thanks!
                      --
                      Matthew Claridge
                      Product Support Engineer
                      RWA Limited

                      Tel: 02920 815 054
                      Email: mclaridge@...
                      Web: www.rwa-net.co.uk
                    • Noel Jones
                      ... By default, postfix will accept any recipient address and relay it to your mailstore. If the recipient does not exist either postfix or the mailstore will
                      Message 10 of 15 , Jul 18, 2006
                        At 10:19 AM 7/18/2006, Matthew Claridge wrote:
                        >>It's well worth your time to create a procedure to
                        >>validate recipients and not accept and bounce all the
                        >>crap thrown your way. Either use the preferred
                        >>relay_recipient_maps or use reject_unverified_recipient.
                        >><http://www.postfix.org/postconf.5.html#relay_recipient_maps>http://www.postfix.org/postconf.5.html#relay_recipient_maps
                        >>
                        >>http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
                        >>
                        >Yes, I thought about doing this but not sure I want the
                        >overhead of maintaining users on two different servers,
                        >especially when users can freely add aliases on our
                        >internal server...the docs don't say anything about how
                        >Postfix probes for addresses when there's no list - is
                        >this reliable and accurate?

                        By default, postfix will accept any recipient address and
                        relay it to your mailstore. If the recipient does not
                        exist either postfix or the mailstore will (attempt to)
                        return a bounce message to the (possibly forged) sender
                        address. This often results in a mail server that is very
                        busy returning mail you can't deliver to people who didn't
                        send it. Some domains will blacklist you if they receive
                        too many bogus bounces from your server. This is referred
                        to as
                        backscatter. http://www.postfix.org/BACKSCATTER_README.html#wtf
                        This is not a problem unique to postfix, but affects any
                        mail server configured to accept then bounce invalid recipients.

                        The preferred solution is to export a user list from your
                        mailstore and transfer it to postfix to use as
                        relay_recipient_maps. If it's possible to do at all, it's
                        probably scriptable so it can be done automatically at some
                        suitable interval.
                        If it is not possible to convince the mailstore to give up
                        a list of valid recipients, you can configure postfix to
                        query the mailstore for valid recipients using active
                        address
                        probes.
                        http://www.postfix.org/ADDRESS_VERIFICATION_README.html#how
                        Assuming the mailstore rejects invalid recipients during
                        SMTP, this works well and generally requires little or no
                        maintenance once
                        configured.
                        http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
                        If the mailstore accepts and bounces invalid recipients,
                        using relay_recipient_maps or a similar
                        check_recipient_access table is the only possible solution.

                        --
                        Noel Jones
                      • Matthew Claridge
                        Just put this server in place and it all seems to be fine. I ll leave soft_bounce on for today to see how things go, but I think its all fine :-) I ll try this
                        Message 11 of 15 , Aug 1 1:38 AM
                          Just put this server in place and it all seems to be fine. I'll leave
                          soft_bounce on for today to see how things go, but I think its all fine :-)

                          I'll try this address verification in a day or two, when I can grab a
                          spare hour!

                          Thanks to everyone who offered advice,
                          Matt

                          on 18/07/2006 16:55 Noel Jones said the following:

                          > At 10:19 AM 7/18/2006, Matthew Claridge wrote:
                          >
                          >>> It's well worth your time to create a procedure to validate
                          >>> recipients and not accept and bounce all the crap thrown your way.
                          >>> Either use the preferred relay_recipient_maps or use
                          >>> reject_unverified_recipient.
                          >>> <http://www.postfix.org/postconf.5.html#relay_recipient_maps>http://www.postfix.org/postconf.5.html#relay_recipient_maps
                          >>>
                          >>> http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
                          >>
                          >> Yes, I thought about doing this but not sure I want the overhead of
                          >> maintaining users on two different servers, especially when users can
                          >> freely add aliases on our internal server...the docs don't say
                          >> anything about how Postfix probes for addresses when there's no list
                          >> - is this reliable and accurate?
                          >
                          >
                          > By default, postfix will accept any recipient address and relay it to
                          > your mailstore. If the recipient does not exist either postfix or the
                          > mailstore will (attempt to) return a bounce message to the (possibly
                          > forged) sender address. This often results in a mail server that is
                          > very busy returning mail you can't deliver to people who didn't send
                          > it. Some domains will blacklist you if they receive too many bogus
                          > bounces from your server. This is referred to as backscatter.
                          > http://www.postfix.org/BACKSCATTER_README.html#wtf
                          > This is not a problem unique to postfix, but affects any mail server
                          > configured to accept then bounce invalid recipients.
                          >
                          > The preferred solution is to export a user list from your mailstore
                          > and transfer it to postfix to use as relay_recipient_maps. If it's
                          > possible to do at all, it's probably scriptable so it can be done
                          > automatically at some suitable interval.
                          > If it is not possible to convince the mailstore to give up a list of
                          > valid recipients, you can configure postfix to query the mailstore for
                          > valid recipients using active address probes.
                          > http://www.postfix.org/ADDRESS_VERIFICATION_README.html#how
                          > Assuming the mailstore rejects invalid recipients during SMTP, this
                          > works well and generally requires little or no maintenance once
                          > configured.
                          > http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient
                          > If the mailstore accepts and bounces invalid recipients, using
                          > relay_recipient_maps or a similar check_recipient_access table is the
                          > only possible solution.
                          >

                          --
                          Matthew Claridge
                          Product Support Engineer
                          RWA Limited

                          Tel: 02920 815 054
                          Email: mclaridge@...
                          Web: www.rwa-net.co.uk
                        • David Brophy
                          Hi, I d like to set Postfix up as a high performance MTA for sending high volumes of mail. Our website (dontstayin.com) sends about 100,000 mails per day
                          Message 12 of 15 , Dec 21, 2010
                            Hi,

                            I'd like to set Postfix up as a high performance MTA for sending high volumes of mail.

                            Our website (dontstayin.com) sends about 100,000 mails per day (message notifications etc.)

                            We also send about 1-2 million bulk mails per day, in the form of newsletters and e-flyers (it's all opt-in, targetted and instantly unsubscribable)

                            We're currently using Windows built in smtp server which can't keep up with the load at all, so I'm configuring a Ubuntu server to run Postfix to take over this job.

                            Are the default options for Postfix able to handle this volume? Do I need performance tuning? The server is a dual processor, dual core Opteron with 16GB ram and a 60GB OCZ Vertex 2 SSD disk.

                            Ideally I would like the two types of mail to be handled differently. The bulk mail is much less important than the notifications. I imagine my code could use two separate IP addresses to send mail - one for bulk mail and one for notifications. The expiry times for the bulk mail can be set relatively short so the queue doesn't get too big. I imagine normal settings for the notifications.

                            The important thing is that both queues must be relayed out onto the internet from the same IP address. Our current mail server IP has good reputation and it's on all the relevant white-lists. Having to set this all up again is not something I want to do. 

                            Is there a good step-by-step guide to setting up Postfix in this sort of configuration?

                            Thanks in advance for any help!!!

                            --
                            David Brophy
                            dave@...
                          • Jeroen Geilman
                            ... A single disk drive will not suffice for large volumes. Consider using at least 4 drives in RAID-10, more if you need more throughput. Postfix itself is
                            Message 13 of 15 , Dec 21, 2010
                              On 12/21/10 11:31 AM, David Brophy wrote: Hi,

                              I'd like to set Postfix up as a high performance MTA for sending high volumes of mail.

                              Our website (dontstayin.com) sends about 100,000 mails per day (message notifications etc.)

                              We also send about 1-2 million bulk mails per day, in the form of newsletters and e-flyers (it's all opt-in, targetted and instantly unsubscribable)

                              We're currently using Windows built in smtp server which can't keep up with the load at all, so I'm configuring a Ubuntu server to run Postfix to take over this job.

                              Are the default options for Postfix able to handle this volume? Do I need performance tuning? The server is a dual processor, dual core Opteron with 16GB ram and a 60GB OCZ Vertex 2 SSD disk.


                              A single disk drive will not suffice for large volumes.
                              Consider using at least 4 drives in RAID-10, more if you need more throughput.

                              Postfix itself is rarely, if ever, the bottleneck - but you need to keep in mind that certain core processes are of necessity single-threaded, and hence will only be able to utilize one CPU core.

                              The most prominent would be the queue manager: qmgr(8).
                              This means ALL messages will pass at least once through a process that is bound to a single core.

                              The only way to change this fundamental fact is to run multiple instances of postfix, which would be a good option in your situation.

                              Ideally I would like the two types of mail to be handled differently. The bulk mail is much less important than the notifications. I imagine my code could use two separate IP addresses to send mail - one for bulk mail and one for notifications. The expiry times for the bulk mail can be set relatively short so the queue doesn't get too big. I imagine normal settings for the notifications.

                              Mail doesn't have an "expiry time".
                              You may be talking about the queue lifetime of a message, but messages are sent out as soon as possible - only when messages fail to be delivered the first time does queueing come into play at all, and you normally want to avoid queueing whenever possible, because A. it introduces delays in delivery, and B. as already indicated, messages pass through the single-threaded qmgr once again.


                              The important thing is that both queues must be relayed out onto the internet from the same IP address. Our current mail server IP has good reputation and it's on all the relevant white-lists. Having to set this all up again is not something I want to do.

                              Multiple postfix instances can SEND mail from the same IP without any problems, of course.


                              Is there a good step-by-step guide to setting up Postfix in this sort of configuration?

                              The documentation is quite complete:

                              http://www.postfix.org/OVERVIEW.html

                              http://www.postfix.org/MULTI_INSTANCE_README.html

                              http://www.postfix.org/TUNING_README.html



                              Thanks in advance for any help!!!

                              --
                              David Brophy
                              dave@...


                              -- 
                              J.
                            • lst_hoe02@kwsoft.de
                              ... You may want to use two instances on the same host http://www.postfix.org/MULTI_INSTANCE_README.html For Performance read
                              Message 14 of 15 , Dec 21, 2010
                                Zitat von David Brophy <dave@...>:

                                > Hi,
                                >
                                > I'd like to set Postfix up as a high performance MTA for sending high
                                > volumes of mail.
                                >
                                > Our website (dontstayin.com) sends about 100,000 mails per day (message
                                > notifications etc.)
                                >
                                > We also send about 1-2 million bulk mails per day, in the form of
                                > newsletters and e-flyers (it's all opt-in, targetted and instantly
                                > unsubscribable)
                                >
                                > We're currently using Windows built in smtp server which can't keep up with
                                > the load at all, so I'm configuring a Ubuntu server to run Postfix to take
                                > over this job.
                                >
                                > Are the default options for Postfix able to handle this volume? Do I need
                                > performance tuning? The server is a dual processor, dual core Opteron with
                                > 16GB ram and a 60GB OCZ Vertex 2 SSD disk.
                                >
                                > Ideally I would like the two types of mail to be handled differently. The
                                > bulk mail is much less important than the notifications. I imagine my code
                                > could use two separate IP addresses to send mail - one for bulk mail and one
                                > for notifications. The expiry times for the bulk mail can be set relatively
                                > short so the queue doesn't get too big. I imagine normal settings for the
                                > notifications.
                                >
                                > The important thing is that both queues must be relayed out onto the
                                > internet from the same IP address. Our current mail server IP has good
                                > reputation and it's on all the relevant white-lists. Having to set this all
                                > up again is not something I want to do.
                                >
                                > Is there a good step-by-step guide to setting up Postfix in this sort of
                                > configuration?


                                You may want to use two instances on the same host

                                http://www.postfix.org/MULTI_INSTANCE_README.html

                                For Performance read

                                http://www.postfix.org/TUNING_README.html
                                http://www.postfix.org/QSHAPE_README.html

                                Other Topics you should keep in mind:

                                - Local caching resolver for fast DNS (PDNS,Unbound etc.)
                                - If sending to the big freemail Provider get on their whitelist
                                - Keep you lists as clean as possible
                                - Use a *sending* address perfectly reachable for SAV, bounces etc.
                                - Be sure that your *sending* domain name is resolvable fast, and
                                maybe with higher TTL to stay in the remote DNS caches

                                Regards

                                Andreas
                              • mouss
                                ... when you say 2 millions a day, I guess you don t care about delay? that is, it doesn t matter if a message is sent later in the same day, right? If so, 2
                                Message 15 of 15 , Dec 21, 2010
                                  Le 21/12/2010 11:31, David Brophy a écrit :
                                  > Hi,
                                  >
                                  > I'd like to set Postfix up as a high performance MTA for sending high
                                  > volumes of mail.
                                  >
                                  > Our website (dontstayin.com <http://dontstayin.com>) sends about 100,000
                                  > mails per day (message notifications etc.)
                                  >
                                  > We also send about 1-2 million bulk mails per day, in the form of
                                  > newsletters and e-flyers (it's all opt-in, targetted and instantly
                                  > unsubscribable)
                                  >
                                  > We're currently using Windows built in smtp server which can't keep up
                                  > with the load at all, so I'm configuring a Ubuntu server to run Postfix
                                  > to take over this job.
                                  >
                                  > Are the default options for Postfix able to handle this volume? Do I
                                  > need performance tuning? The server is a dual processor, dual core
                                  > Opteron with 16GB ram and a 60GB OCZ Vertex 2 SSD disk.
                                  >

                                  when you say 2 millions a day, I guess you don't care about delay? that
                                  is, it doesn't matter if a message is sent later in the same day, right?
                                  If so, 2 millions a day means less than 25 messages a second. so the
                                  bottleneck won't be "processing". and assuming you have enough network
                                  bandwidth (if every message is 100 Ko, then you need about 20 Mbps),
                                  that shouldn't be network IO either. your bottleneck is most certainly
                                  disk IO. I assume messages are "personalized" (every recipient gets a
                                  different mail), that is, your postfix will need to queue 2 million
                                  files a day.

                                  > Ideally I would like the two types of mail to be handled differently.

                                  try using different postfix instances (run postfix twice, each with its
                                  own config, queue, ... etc).

                                  > The bulk mail is much less important than the notifications. I imagine
                                  > my code could use two separate IP addresses to send mail - one for bulk
                                  > mail and one for notifications. The expiry times for the bulk mail can
                                  > be set relatively short so the queue doesn't get too big. I imagine
                                  > normal settings for the notifications.
                                  >
                                  > The important thing is that both queues must be relayed out onto the
                                  > internet from the same IP address. Our current mail server IP has good
                                  > reputation and it's on all the relevant white-lists. Having to set this
                                  > all up again is not something I want to do.
                                  >

                                  it's still a good idea to use 2 different IPs (if at your side you find
                                  the need to have different treatment of bulk vs notification mail, be
                                  certain that recipients would like to be able to do the same. and if you
                                  help them, they'll find it nice...).

                                  so my advice is: start getting a good reputation for the new IP now and
                                  you won't regret it.

                                  > Is there a good step-by-step guide to setting up Postfix in this sort of
                                  > configuration?
                                  >
                                  > Thanks in advance for any help!!!
                                  >
                                  > --
                                  > David Brophy
                                  > dave@... <mailto:dave@...>
                                Your message has been successfully submitted and would be delivered to recipients shortly.