Loading ...
Sorry, an error occurred while loading the content.

Re: Delay before initial 220 greeting

Expand Messages
  • Alex
    Hi, ... Yes, it is for legit mail, such as that from constantcontact and other bulk mailers that overwhelm my servers and upset my users who want their more
    Message 1 of 12 , Mar 1 8:49 AM
    • 0 Attachment
      Hi,

      >> I had thought it was related, but another issue I'm trying to figure
      >> out is how to prevent a single remote server from sending thousands of
      >> messages at a time, filling the queue, and causing significant
      >> delivery delays for all mail.
      >
      > Is it safe to assume these thousands of messages are spam, and not legit
      > mail?  If so, simply block the IP address(es) in a cidr table:
      >
      > smtpd_recipient_restrictions
      >        permit_mynetworks
      >        reject_unauth_destination
      >        check_client_access cidr:/etc/postfix/blacklist.cidr
      >        ...
      >
      > /etc/postfix/blacklist.cidr
      > #single IP
      > 10.10.10.10/32          REJECT high rate spammer
      > #class C network
      > 10.10.10.0/24           REJECT snowshoe spammer
      >
      > If it's legit mail, anvil typically takes care of rate throttling, IIRC.
      >  Need more info.  What version of Postfix are you using again?

      Yes, it is for legit mail, such as that from constantcontact and other
      bulk mailers that overwhelm my servers and upset my users who want
      their more important mail.

      I'm using postfix-2.8.7 on fedora15.

      Perhaps someone hows a proper iptables QoS or other throttling ruleset
      that I could use?

      I also appreciate other input on using anvil, but that also appears to
      have at least some unwanted side-effects that may just upset my users
      in other ways.

      Thanks again,
      Alex
    • Brian Evans - Postfix List
      ... Perhaps you would like to rate limit certain IPs? If so, you could apply the above map and, instead of rejecting, perform a check_policy_service action
      Message 2 of 12 , Mar 1 9:42 AM
      • 0 Attachment
        On 3/1/2012 11:49 AM, Alex wrote:
        > Hi,
        >
        >>> I had thought it was related, but another issue I'm trying to figure
        >>> out is how to prevent a single remote server from sending thousands of
        >>> messages at a time, filling the queue, and causing significant
        >>> delivery delays for all mail.
        >> Is it safe to assume these thousands of messages are spam, and not legit
        >> mail? If so, simply block the IP address(es) in a cidr table:
        >>
        >> smtpd_recipient_restrictions
        >> permit_mynetworks
        >> reject_unauth_destination
        >> check_client_access cidr:/etc/postfix/blacklist.cidr
        >> ...
        >>
        >> /etc/postfix/blacklist.cidr
        >> #single IP
        >> 10.10.10.10/32 REJECT high rate spammer
        >> #class C network
        >> 10.10.10.0/24 REJECT snowshoe spammer
        >>
        >> If it's legit mail, anvil typically takes care of rate throttling, IIRC.
        >> Need more info. What version of Postfix are you using again?
        > Yes, it is for legit mail, such as that from constantcontact and other
        > bulk mailers that overwhelm my servers and upset my users who want
        > their more important mail.

        Perhaps you would like to rate limit certain IPs?
        If so, you could apply the above map and, instead of rejecting, perform
        a check_policy_service action along with something like Postfwd.

        A policy server could also be global depending on your needs.

        Brian

        >
        > I'm using postfix-2.8.7 on fedora15.
        >
        > Perhaps someone hows a proper iptables QoS or other throttling ruleset
        > that I could use?
        >
        > I also appreciate other input on using anvil, but that also appears to
        > have at least some unwanted side-effects that may just upset my users
        > in other ways.
        >
        > Thanks again,
        > Alex
      • Stan Hoeppner
        ... I just fired an email to another list where a few Constant Contact folks have been known to participate. A member (non CC) already responded with their
        Message 3 of 12 , Mar 1 2:42 PM
        • 0 Attachment
          On 3/1/2012 11:42 AM, Brian Evans - Postfix List wrote:
          > On 3/1/2012 11:49 AM, Alex wrote:
          >> Hi,
          >>
          >>>> I had thought it was related, but another issue I'm trying to figure
          >>>> out is how to prevent a single remote server from sending thousands of
          >>>> messages at a time, filling the queue, and causing significant
          >>>> delivery delays for all mail.
          >>> Is it safe to assume these thousands of messages are spam, and not legit
          >>> mail? If so, simply block the IP address(es) in a cidr table:
          >>>
          >>> smtpd_recipient_restrictions
          >>> permit_mynetworks
          >>> reject_unauth_destination
          >>> check_client_access cidr:/etc/postfix/blacklist.cidr
          >>> ...
          >>>
          >>> /etc/postfix/blacklist.cidr
          >>> #single IP
          >>> 10.10.10.10/32 REJECT high rate spammer
          >>> #class C network
          >>> 10.10.10.0/24 REJECT snowshoe spammer
          >>>
          >>> If it's legit mail, anvil typically takes care of rate throttling, IIRC.
          >>> Need more info. What version of Postfix are you using again?
          >> Yes, it is for legit mail, such as that from constantcontact and other
          >> bulk mailers that overwhelm my servers and upset my users who want
          >> their more important mail.
          >
          > Perhaps you would like to rate limit certain IPs?
          > If so, you could apply the above map and, instead of rejecting, perform
          > a check_policy_service action along with something like Postfwd.
          >
          > A policy server could also be global depending on your needs.

          I just fired an email to another list where a few Constant Contact folks
          have been known to participate. A member (non CC) already responded
          with their outbound range. Active hosts list within the range after my sig.

          208.75.123.0/24

          I also offered to put CC in contact with Alex if this rate issue might
          be better addressed on their end.

          --
          Stan



          208.75.123.1 coi001.confirmedcc.com
          208.75.123.2 coi002.confirmedcc.com
          208.75.123.3 coi003.confirmedcc.com
          208.75.123.103 coi103.confirmedcc.com
          208.75.123.130 ccm22.constantcontact.com
          208.75.123.131 ccm23.constantcontact.com
          208.75.123.132 ccm24.constantcontact.com
          208.75.123.133 ccm25.constantcontact.com
          208.75.123.134 ccm134.constantcontact.com
          208.75.123.135 ccm135.constantcontact.com
          208.75.123.161 ccm26.constantcontact.com
          208.75.123.162 ccm27.constantcontact.com
          208.75.123.163 ccm38.constantcontact.com
          208.75.123.164 ccm39.constantcontact.com
          208.75.123.165 ccm165.constantcontact.com
          208.75.123.166 ccm166.constantcontact.com
          208.75.123.167 ccm167.constantcontact.com
          208.75.123.168 ccm168.constantcontact.com
          208.75.123.169 ccm169.constantcontact.com
          208.75.123.170 ccm170.constantcontact.com
          208.75.123.193 ccm33.constantcontact.com
          208.75.123.194 ccm34.constantcontact.com
          208.75.123.195 ccm35.constantcontact.com
          208.75.123.196 ccm36.constantcontact.com
          208.75.123.197 ccm197.constantcontact.com
          208.75.123.198 ccm198.constantcontact.com
          208.75.123.200 ccm200.constantcontact.com
          208.75.123.201 ccm201.constantcontact.com
          208.75.123.202 ccm202.constantcontact.com
          208.75.123.225 ccm29.constantcontact.com
          208.75.123.226 ccm30.constantcontact.com
          208.75.123.227 ccm31.constantcontact.com
          208.75.123.228 ccm32.constantcontact.com
          208.75.123.245 mail245.nutshellmail.com
          208.75.123.250 ccm37.constantcontact.com
        Your message has been successfully submitted and would be delivered to recipients shortly.