Loading ...
Sorry, an error occurred while loading the content.
 

Re: smtp_fallback_relay

Expand Messages
  • Zbigniew Szalbot
    ... Right - I think I need some more help... 1/ main.cf: # client smtp authentication smtp_sasl_auth_enable = yes # smtp_sasl_security_options = noanonymous
    Message 1 of 17 , Apr 1, 2008
      2008/3/30, Wietse Venema <wietse@...>:
      > Zbigniew Szalbot:
      >
      > > Hi there,
      > >
      > > > Guessing that you have a postfix server for outgoing mail and you are experiencing problems reaching yahoo.com you just set on your /etc/postfix/transport
      > > >
      > > > yahoo.com :[smarthost.isp.com]
      > > >
      > > > and then you 'compile' it
      > > >
      > > > postmap /etc/postfix/transport
      > >
      > > Thanks! This works but I need to authenticate with my ISP smarthost.
      > > I've read http://www.postfix.org/SASL_README.html#client_sasl
      > > but it is not clear to me how the transport information should be
      > > connected with the authentication mechanism. In other words, how to
      > > authenticate with my isp's smarthost? Beg your patience with me!
      >
      >
      > Configure smtp_sasl_password_maps with your ISP's mailhost name
      > and your password.
      >
      >
      > http://www.postfix.org/SASL_README.html#client_sasl

      Right - I think I need some more help...

      1/ main.cf:
      # client smtp authentication
      smtp_sasl_auth_enable = yes
      # smtp_sasl_security_options = noanonymous
      smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
      smtp_sasl_type = cyrus
      relayhost = [my.isp.com]

      2/ transport map:
      yahoo.com :[my.isp.com]

      3/ sasl_passwd:
      [my.isp.com] user:passwd

      Transport map is ok as I am hammering the right mail server but I am
      not authenticating myself with the remote postfix mail server:

      Apr 1 14:14:30 szalbot postfix/smtp[28449]: 92D852844D:
      to=<someone@...>, relay=slowo.pl[85.14.85.15]:25, delay=0.47,
      delays=0.15/0.09/0.1/0.12, dsn=5.7.1, status=bounced (host
      slowo.pl[85.14.85.15] said: 554 5.7.1 <someone@...>: Relay
      access denied (in reply to RCPT TO command))
      Apr 1 14:14:30 szalbot postfix/cleanup[28441]: 2191728454:
      message-id=<20080401121430.2191728454@...-words.com>
      Apr 1 14:14:30 szalbot postfix/bounce[28451]: 92D852844D: sender
      non-delivery notification: 2191728454
      Apr 1 14:14:30 szalbot postfix/qmgr[28420]: 2191728454: from=<>,
      size=3037, nrcpt=1 (queue active)
      Apr 1 14:14:30 szalbot postfix/qmgr[28420]: 92D852844D: removed

      Any hint what I am doing wrong will be greatly appreciated! Many, many thanks!


      --
      Zbigniew Szalbot
    • Victor Duchovni
      ... Don t cut/paste from main.cf, show postconf -n output. ... Don t cut/paste from the transport table, show postmap -q output. ... Don t cut/paste from
      Message 2 of 17 , Apr 1, 2008
        On Tue, Apr 01, 2008 at 02:22:15PM +0200, Zbigniew Szalbot wrote:

        >
        > 1/ main.cf:
        > # client smtp authentication
        > smtp_sasl_auth_enable = yes
        > # smtp_sasl_security_options = noanonymous
        > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
        > smtp_sasl_type = cyrus
        > relayhost = [my.isp.com]

        Don't cut/paste from main.cf, show "postconf -n" output.

        > 2/ transport map:
        > yahoo.com :[my.isp.com]

        Don't cut/paste from the transport table, show "postmap -q" output.

        > 3/ sasl_passwd:
        > [my.isp.com] user:passwd

        Don't cut/paste from the sasl password table, show "postmap -q" output.

        > Apr 1 14:14:30 szalbot postfix/smtp[28449]: 92D852844D:
        > to=<someone@...>, relay=slowo.pl[85.14.85.15]:25, delay=0.47,
        > delays=0.15/0.09/0.1/0.12, dsn=5.7.1, status=bounced (host
        > slowo.pl[85.14.85.15] said: 554 5.7.1 <someone@...>: Relay
        > access denied (in reply to RCPT TO command))

        This host is not allowing relay access, that does not prove that you
        did not authenticate. You may need to set "debug_peer_list" and examine
        the detailed protocol trace to see what actually happens.

        The ISP relay appears to be running Postfix, and to offer SASL auth.

        250-max.cyfronet.com
        250-PIPELINING
        250-SIZE 51200000
        250-ETRN
        250-AUTH PLAIN LOGIN
        250-AUTH=PLAIN LOGIN
        250-ENHANCEDSTATUSCODES
        250-8BITMIME
        250 DSN

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      • Zbigniew Szalbot
        hi there, Sorry for snippets instead of full information! ... broken_sasl_auth_clients = yes command_directory = /usr/local/sbin config_directory =
        Message 3 of 17 , Apr 1, 2008
          hi there,

          Sorry for snippets instead of full information!

          > Don't cut/paste from main.cf, show "postconf -n" output.
          broken_sasl_auth_clients = yes
          command_directory = /usr/local/sbin
          config_directory = /usr/local/etc/postfix
          content_filter = smtp-amavis:[127.0.0.1]:10024
          daemon_directory = /usr/local/libexec/postfix
          data_directory = /var/db/postfix
          debug_peer_level = 2
          html_directory = no
          mail_owner = postfix
          mailq_path = /usr/local/bin/mailq
          manpage_directory = /usr/local/man
          mydomain = lists.lc-words.com
          myhostname = lists.lc-words.com
          mynetworks_style = host
          newaliases_path = /usr/local/bin/newaliases
          queue_directory = /var/spool/postfix
          readme_directory = no smtp_sasl_auth_enable = yes
          smtp_sasl_security_options = noanonymous smtp_sasl_password_maps =
          hash:/usr/local/etc/postfix/sasl_passwd relayhost = [slowo.pl]
          relay_domains =
          proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
          mailman.szalbot.homedns.org
          sample_directory = /usr/local/etc/postfix
          sendmail_path = /usr/local/sbin/sendmail
          setgid_group = maildrop
          smtp_tls_note_starttls_offer = yes
          smtp_use_tls = yes
          smtpd_recipient_restrictions = permit_mynetworks,
          permit_sasl_authenticated, reject_non_fqdn_hostname,
          reject_non_fqdn_sender, reject_non_fqdn_recipient,
          reject_unauth_destination, reject_unauth_pipelining,
          reject_invalid_hostname, reject_rbl_client zen.spamhaus.org
          smtpd_sasl_auth_enable = yes
          smtpd_sasl_authenticated_header = yes
          smtpd_sasl_local_domain = $myhostname
          smtpd_sasl_path = private/auth
          smtpd_sasl_security_options = noanonymous
          smtpd_sasl_type = dovecot
          smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
          smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
          smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
          smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
          smtpd_tls_loglevel = 0
          smtpd_tls_received_header = yes
          smtpd_tls_session_cache_timeout = 3600s
          smtpd_use_tls = yes
          soft_bounce = no
          tls_random_source = dev:/dev/urandom
          transport_maps = hash:/usr/local/etc/postfix/transport
          unknown_local_recipient_reject_code = 550
          virtual_alias_maps =
          proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
          virtual_mailbox_domains =
          proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
          virtual_mailbox_maps =
          proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
          virtual_transport = virtual

          > Don't cut/paste from the transport table, show "postmap -q" output.
          postmap -q
          postmap: option requires an argument -- q
          postmap: fatal: usage: postmap [-Nfinoprsvw] [-c config_dir] [-d key]
          [-q key] [map_type:]file...

          postmap -q yahoo.com
          postmap: fatal: usage: postmap [-Nfinoprsvw] [-c config_dir] [-d key]
          [-q key] [map_type:]file...
          $ postmap -q yahoo.com /usr/local/etc/postfix/transport

          I am not sure how to use postmap -q so here is the whole content of transport:
          autoreply.szalbot.homedns.org vacation:
          mailman.szalbot.homedns.org mailman:
          yahoo.com :[slowo.pl]


          > Don't cut/paste from the sasl password table, show "postmap -q" output.
          $ cat sasl_passwd
          [slowo.pl] user:passwd


          Thanks!

          --
          Zbigniew Szalbot
        • Victor Duchovni
          ... You let the mail client rewrap the output, not a good idea, but the result is still (just) parseable. ... Are you at all puzzled by this surprisingly long
          Message 4 of 17 , Apr 1, 2008
            On Tue, Apr 01, 2008 at 04:43:46PM +0200, Zbigniew Szalbot wrote:

            > Sorry for snippets instead of full information!

            You let the mail client rewrap the output, not a good idea, but the
            result is still (just) parseable.

            > [...]
            > mydomain = lists.lc-words.com
            > myhostname = lists.lc-words.com
            > mynetworks_style = host
            > newaliases_path = /usr/local/bin/newaliases
            > queue_directory = /var/spool/postfix

            > readme_directory = no smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd relayhost = [slowo.pl]

            Are you at all puzzled by this surprisingly long "readme_directory" setting?

            > relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
            > mailman.szalbot.homedns.org
            > sample_directory = /usr/local/etc/postfix
            > sendmail_path = /usr/local/sbin/sendmail
            > setgid_group = maildrop

            > smtp_tls_note_starttls_offer = yes
            > smtp_use_tls = yes

            And lack of any smtp_sasl_ settings?

            > smtpd_recipient_restrictions = permit_mynetworks,
            > permit_sasl_authenticated, reject_non_fqdn_hostname,
            > reject_non_fqdn_sender, reject_non_fqdn_recipient,
            > reject_unauth_destination, reject_unauth_pipelining,
            > reject_invalid_hostname, reject_rbl_client zen.spamhaus.org
            > ...

            > > Don't cut/paste from the transport table, show "postmap -q" output.

            > postmap -q
            > postmap: option requires an argument -- q
            > postmap: fatal: usage: postmap [-Nfinoprsvw] [-c config_dir] [-d key]
            > [-q key] [map_type:]file...

            The "postmap" command has a manual page. Please read it.

            man postmap

            > > Don't cut/paste from the sasl password table, show "postmap -q" output.
            > $ cat sasl_passwd
            > [slowo.pl] user:passwd

            Show "postmap -q ..." output that demonstrates the entry is in the
            indexed table built from the above source file.

            --
            Viktor.

            Disclaimer: off-list followups get on-list replies or get ignored.
            Please do not ignore the "Reply-To" header.

            To unsubscribe from the postfix-users list, visit
            http://www.postfix.org/lists.html or click the link below:
            <mailto:majordomo@...?body=unsubscribe%20postfix-users>

            If my response solves your problem, the best way to thank me is to not
            send an "it worked, thanks" follow-up. If you must respond, please put
            "It worked, thanks" in the "Subject" so I can delete these quickly.
          • Zbigniew Szalbot
            ... I believe I have now corrected these entries. Thank you. https://mail.google.com/mail/ Gmail - smtp_fallback_relay ... postconf -n broken_sasl_auth_clients
            Message 5 of 17 , Apr 1, 2008
              2008/4/1, Victor Duchovni <Victor.Duchovni@...>:
              > On Tue, Apr 01, 2008 at 04:43:46PM +0200, Zbigniew Szalbot wrote:

              > Are you at all puzzled by this surprisingly long "readme_directory" setting?
              I believe I have now corrected these entries. Thank you.
              https://mail.google.com/mail/
              Gmail - smtp_fallback_relay
              > > smtp_tls_note_starttls_offer = yes
              > > smtp_use_tls = yes
              >
              > And lack of any smtp_sasl_ settings?

              postconf -n
              broken_sasl_auth_clients = yes
              command_directory = /usr/local/sbin
              config_directory = /usr/local/etc/postfix
              content_filter = smtp-amavis:[127.0.0.1]:10024
              daemon_directory = /usr/local/libexec/postfix
              data_directory = /var/db/postfix
              debug_peer_level = 2
              html_directory = no
              mail_owner = postfix
              mailq_path = /usr/local/bin/mailq
              manpage_directory = /usr/local/man
              mydomain = lists.lc-words.com
              myhostname = lists.lc-words.com
              mynetworks_style = host
              newaliases_path = /usr/local/bin/newaliases
              queue_directory = /var/spool/postfix
              readme_directory = no
              relay_domains =
              proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
              mailman.szalbot.homedns.org
              relayhost = [slowo.pl]
              sample_directory = /usr/local/etc/postfix
              sendmail_path = /usr/local/sbin/sendmail
              setgid_group = maildrop
              smtp_sasl_auth_enable = yes
              smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
              smtp_sasl_security_options = noanonymous
              smtp_sasl_type = cyrus
              smtp_tls_note_starttls_offer = yes
              smtp_use_tls = yes
              smtpd_recipient_restrictions = permit_mynetworks,
              permit_sasl_authenticated, reject_non_fqdn_hostname,
              reject_non_fqdn_sender, reject_non_fqdn_recipient,
              reject_unauth_destination, reject_unauth_pipelining,
              reject_invalid_hostname, reject_rbl_client zen.spamhaus.org
              smtpd_sasl_auth_enable = yes
              smtpd_sasl_authenticated_header = yes
              smtpd_sasl_local_domain = $myhostname
              smtpd_sasl_path = private/auth
              smtpd_sasl_security_options = noanonymous
              smtpd_sasl_type = dovecot
              smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
              smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
              smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
              smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
              smtpd_tls_loglevel = 0
              smtpd_tls_received_header = yes
              smtpd_tls_session_cache_timeout = 3600s
              smtpd_use_tls = yes
              soft_bounce = no
              tls_random_source = dev:/dev/urandom
              transport_maps = hash:/usr/local/etc/postfix/transport
              unknown_local_recipient_reject_code = 550
              virtual_alias_maps =
              proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
              virtual_mailbox_domains =
              proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
              virtual_mailbox_maps =
              proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
              virtual_transport = virtual

              and yet when I reload:
              Apr 1 18:11:05 szalbot postfix/smtp[33111]: warning: unsupported SASL
              client implementation: cyrus
              Apr 1 18:11:05 szalbot postfix/smtp[33111]: fatal: SASL library initialization

              Does it mean I have to compile postifx with cyrus support (SASL2)? I
              compiled it with dovecot but changing cyrus to dovecot still produces
              an error about unsupported SASL client implementation.


              > Show "postmap -q ..." output that demonstrates the entry is in the
              > indexed table built from the above source file.
              Ok. lesson learnt.

              postmap -q "yahoo.com" /usr/local/etc/postfix/transport
              :[slowo.pl]

              postmap -q "[slowo.pl]" /usr/local/etc/postfix/sasl_passwd
              user:password

              Thanks for your patience with me!

              --
              Zbigniew Szalbot
            • Zbigniew Szalbot
              Hello - solved! :) Installing sasl2 solved the problem. Sorry for bothering the list. I think I have learnt something though :) Zbigniew Szalbot ... --
              Message 6 of 17 , Apr 1, 2008
                Hello - solved! :)

                Installing sasl2 solved the problem. Sorry for bothering the list. I
                think I have learnt something though :)

                Zbigniew Szalbot

                2008/4/1, Zbigniew Szalbot <zszalbot@...>:
                > 2008/4/1, Victor Duchovni <Victor.Duchovni@...>:
                >
                > > On Tue, Apr 01, 2008 at 04:43:46PM +0200, Zbigniew Szalbot wrote:
                >
                >
                > > Are you at all puzzled by this surprisingly long "readme_directory" setting?
                >
                > I believe I have now corrected these entries. Thank you.
                > https://mail.google.com/mail/
                > Gmail - smtp_fallback_relay
                >
                > > > smtp_tls_note_starttls_offer = yes
                > > > smtp_use_tls = yes
                > >
                > > And lack of any smtp_sasl_ settings?
                >
                >
                > postconf -n
                >
                > broken_sasl_auth_clients = yes
                > command_directory = /usr/local/sbin
                > config_directory = /usr/local/etc/postfix
                > content_filter = smtp-amavis:[127.0.0.1]:10024
                > daemon_directory = /usr/local/libexec/postfix
                > data_directory = /var/db/postfix
                > debug_peer_level = 2
                > html_directory = no
                > mail_owner = postfix
                > mailq_path = /usr/local/bin/mailq
                > manpage_directory = /usr/local/man
                >
                > mydomain = lists.lc-words.com
                > myhostname = lists.lc-words.com
                > mynetworks_style = host
                > newaliases_path = /usr/local/bin/newaliases
                > queue_directory = /var/spool/postfix
                > readme_directory = no
                >
                > relay_domains =
                > proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
                > mailman.szalbot.homedns.org
                >
                > relayhost = [slowo.pl]
                >
                > sample_directory = /usr/local/etc/postfix
                > sendmail_path = /usr/local/sbin/sendmail
                > setgid_group = maildrop
                >
                > smtp_sasl_auth_enable = yes
                >
                > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
                > smtp_sasl_security_options = noanonymous
                >
                > smtp_sasl_type = cyrus
                >
                > smtp_tls_note_starttls_offer = yes
                > smtp_use_tls = yes
                >
                > smtpd_recipient_restrictions = permit_mynetworks,
                > permit_sasl_authenticated, reject_non_fqdn_hostname,
                > reject_non_fqdn_sender, reject_non_fqdn_recipient,
                > reject_unauth_destination, reject_unauth_pipelining,
                > reject_invalid_hostname, reject_rbl_client zen.spamhaus.org
                >
                > smtpd_sasl_auth_enable = yes
                > smtpd_sasl_authenticated_header = yes
                > smtpd_sasl_local_domain = $myhostname
                > smtpd_sasl_path = private/auth
                > smtpd_sasl_security_options = noanonymous
                > smtpd_sasl_type = dovecot
                > smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
                > smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
                > smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
                > smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
                > smtpd_tls_loglevel = 0
                > smtpd_tls_received_header = yes
                > smtpd_tls_session_cache_timeout = 3600s
                > smtpd_use_tls = yes
                > soft_bounce = no
                > tls_random_source = dev:/dev/urandom
                > transport_maps = hash:/usr/local/etc/postfix/transport
                > unknown_local_recipient_reject_code = 550
                > virtual_alias_maps =
                > proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
                > virtual_mailbox_domains =
                > proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
                > virtual_mailbox_maps =
                > proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
                > virtual_transport = virtual
                >
                >
                > and yet when I reload:
                > Apr 1 18:11:05 szalbot postfix/smtp[33111]: warning: unsupported SASL
                > client implementation: cyrus
                > Apr 1 18:11:05 szalbot postfix/smtp[33111]: fatal: SASL library initialization
                >
                > Does it mean I have to compile postifx with cyrus support (SASL2)? I
                > compiled it with dovecot but changing cyrus to dovecot still produces
                > an error about unsupported SASL client implementation.
                >
                >
                >
                > > Show "postmap -q ..." output that demonstrates the entry is in the
                > > indexed table built from the above source file.
                >
                > Ok. lesson learnt.
                >
                >
                > postmap -q "yahoo.com" /usr/local/etc/postfix/transport
                >
                > :[slowo.pl]
                >
                > postmap -q "[slowo.pl]" /usr/local/etc/postfix/sasl_passwd
                > user:password
                >
                > Thanks for your patience with me!
                >
                > --
                >
                > Zbigniew Szalbot
                >


                --
                Zbigniew Szalbot
              • Ralf Hildebrandt
                Currently, smtp_fallback_relay is being used after the first failed delivery. http://www.postfix.org/postconf.5.html#smtp_fallback_relay explicitly mentions:
                Message 7 of 17 , Jun 13, 2013
                  Currently, smtp_fallback_relay is being used after the first failed
                  delivery.

                  http://www.postfix.org/postconf.5.html#smtp_fallback_relay
                  explicitly mentions: "With bulk email deliveries, it can be beneficial
                  to run the fallback relay MTA on the same host, so that it can reuse
                  the sender IP address. This speeds up deliveries that are delayed by
                  IP-based reputation systems (greylist, etc.)."

                  i thought this could be done easier, like:

                  Why not have either a smtp_fallback_relay_threshold
                  parameter, which specifies after how many delivery attempts the mail
                  will be passed to the smtp_fallback_relay.

                  It would have to default to 1 to be backwards compatible.

                  Alternative/additional approach:

                  smtp_fallback_relay_threshold_time (compare to
                  smtp_pix_workaround_threshold_time)

                  How long a message must be queued before the Postfix SMTP client
                  passes the mail to the smtp_fallback_relay.

                  No idea what an appropriate default would be...

                  --
                  [*] sys4 AG

                  http://sys4.de, +49 (89) 30 90 46 64
                  Franziskanerstraße 15, 81669 München

                  Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
                  Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
                  Aufsichtsratsvorsitzender: Florian Kirstein
                • Viktor Dukhovni
                  ... Postfix does not record the number of delivery attempts in the queue file. Updates of such a record (unless it is a one byte gauge that tops out at 255)
                  Message 8 of 17 , Jun 13, 2013
                    On Thu, Jun 13, 2013 at 03:40:33PM +0200, Ralf Hildebrandt wrote:

                    > Currently, smtp_fallback_relay is being used after the first failed
                    > delivery.
                    >
                    > http://www.postfix.org/postconf.5.html#smtp_fallback_relay
                    > explicitly mentions: "With bulk email deliveries, it can be beneficial
                    > to run the fallback relay MTA on the same host, so that it can reuse
                    > the sender IP address. This speeds up deliveries that are delayed by
                    > IP-based reputation systems (greylist, etc.)."
                    >
                    > i thought this could be done easier, like:
                    >
                    > Why not have either a smtp_fallback_relay_threshold
                    > parameter, which specifies after how many delivery attempts the mail
                    > will be passed to the smtp_fallback_relay.
                    >
                    > It would have to default to 1 to be backwards compatible.

                    Postfix does not record the number of delivery attempts in the
                    queue file. Updates of such a record (unless it is a one byte
                    gauge that tops out at 255) cannot be done atomically, it may
                    not accurately reflect the number of delivery attempts, since
                    when a destination is throttled, some recipients are deferred
                    without being tried or re-tried. So at best we could have a
                    one byte count of how many times a message has been deferred.

                    This would need be a new queue-file envelope record, so cleanup
                    would have to write it into new queue files and qmgr would have to
                    update it when deferring a queue file.

                    > Alternative/additional approach:
                    >
                    > smtp_fallback_relay_threshold_time (compare to
                    > smtp_pix_workaround_threshold_time)

                    This can be done without changing the queue file format.

                    > How long a message must be queued before the Postfix SMTP client
                    > passes the mail to the smtp_fallback_relay.

                    Only after first trying the real destination. This may be the
                    first attempt on a sufficiently congested system.

                    > No idea what an appropriate default would be...

                    The default should disable this new feature, some people rely on
                    the fallback relay kicking in right away. Thus the default would
                    be 0.

                    Otherwise, 1-3 hours is about right, the geometric mean of 300s
                    and 5d is 3hours. Use the lower end of the range if maximal_backoff_time
                    is substantially smaller than 1 hour and the higher end if maximal
                    backoff time is at least 1 hour.

                    --
                    Viktor.
                  • Wietse Venema
                    ... Problems: 1) There is no delivery attempt counter. That counter would have to be per-recipient. If this counter is larger than 1 byte, then it may span
                    Message 9 of 17 , Jun 13, 2013
                      Ralf Hildebrandt:
                      > Currently, smtp_fallback_relay is being used after the first failed
                      > delivery.
                      >
                      > http://www.postfix.org/postconf.5.html#smtp_fallback_relay
                      > explicitly mentions: "With bulk email deliveries, it can be beneficial
                      > to run the fallback relay MTA on the same host, so that it can reuse
                      > the sender IP address. This speeds up deliveries that are delayed by
                      > IP-based reputation systems (greylist, etc.)."
                      >
                      > i thought this could be done easier, like:
                      >
                      > Why not have either a smtp_fallback_relay_threshold
                      > parameter, which specifies after how many delivery attempts the mail
                      > will be passed to the smtp_fallback_relay.

                      Problems:

                      1) There is no delivery attempt counter. That counter would have
                      to be per-recipient. If this counter is larger than 1 byte, then
                      it may span disk block boundaries, and it may become corrupted when
                      the machine is shutdown without syncing the disk. Until now, message
                      queue files have a strong guarantee against such corruption.

                      2) As mentioned by Viktor the queue manager defers mail for dead
                      destinations without contacting the SMTP client. In those cases the
                      smtp_fallback_relay feature has no effect. For your suggestion to
                      work we would have to move fallback_relay logic from the SMTP client
                      into the queue manager. That's a lot of complexity for little gain.

                      > Alternative/additional approach:
                      >
                      > smtp_fallback_relay_threshold_time (compare to
                      > smtp_pix_workaround_threshold_time)
                      >
                      > How long a message must be queued before the Postfix SMTP client
                      > passes the mail to the smtp_fallback_relay.

                      A threshold would work, with the default of 0 meaning that the
                      threshold is disabled.

                      My time is very limited, and this feature is simple enough that I
                      will take a patch for this.

                      Wietse
                    • Ralf Hildebrandt
                      ... That sounds good. All I want is the machine to put some effort (a few tries) into delivery instead of going ah, no, give it to the fallback ... OK -- [*]
                      Message 10 of 17 , Jun 14, 2013
                        > > Alternative/additional approach:
                        > >
                        > > smtp_fallback_relay_threshold_time (compare to
                        > > smtp_pix_workaround_threshold_time)
                        > >
                        > > How long a message must be queued before the Postfix SMTP client
                        > > passes the mail to the smtp_fallback_relay.
                        >
                        > A threshold would work, with the default of 0 meaning that the
                        > threshold is disabled.

                        That sounds good. All I want is the machine to put some effort (a few
                        tries) into delivery instead of going "ah, no, give it to the fallback"

                        > My time is very limited, and this feature is simple enough that I
                        > will take a patch for this.

                        OK

                        --
                        [*] sys4 AG

                        http://sys4.de, +49 (89) 30 90 46 64
                        Franziskanerstraße 15, 81669 München

                        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
                        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
                        Aufsichtsratsvorsitzender: Florian Kirstein
                      Your message has been successfully submitted and would be delivered to recipients shortly.