Loading ...
Sorry, an error occurred while loading the content.

Re: transport: list of domains

Expand Messages
  • Tom Kinghorn
    ... Thanks to all who have responded. I will test and report back on any successes. Regards Tom
    Message 1 of 14 , Oct 2, 2012
    • 0 Attachment
      On 02/10/2012 11:21, Robert Schetterer wrote:
      guess this might be better
      
      check_recipient_mx_access type:table
          Search the specified access(5) database for the MX hosts for the
      RCPT TO domain, and execute the corresponding action. Note: a result of
      "OK" is not allowed for safety reasons. Instead, use DUNNO in order to
      exclude specific hosts from blacklists. This feature is available in
      Postfix 2.1 and later.
      
      but i am still not sure if this is working
      Thanks to all who have responded.

      I will test and report back on any successes.

      Regards
      Tom
    • Robert Schetterer
      ... if played with my test setup and this seems to work but however i dont recommend it as a good idea yet until gurus gave their toughts master.cf ... slow
      Message 2 of 14 , Oct 2, 2012
      • 0 Attachment
        Am 02.10.2012 11:23, schrieb Tom Kinghorn:
        > On 02/10/2012 11:21, Robert Schetterer wrote:
        >> guess this might be better
        >>
        >> check_recipient_mx_access type:table
        >> Search the specified access(5) database for the MX hosts for the
        >> RCPT TO domain, and execute the corresponding action. Note: a result of
        >> "OK" is not allowed for safety reasons. Instead, use DUNNO in order to
        >> exclude specific hosts from blacklists. This feature is available in
        >> Postfix 2.1 and later.
        >>
        >> but i am still not sure if this is working
        > Thanks to all who have responded.
        >
        > I will test and report back on any successes.
        >
        > Regards
        > Tom

        if played with my test setup
        and this seems to work
        but however i dont recommend it as a good idea yet
        until gurus gave their toughts

        master.cf
        ...
        slow unix - - n - - smtp

        main.cf

        i.e

        slow_destination_concurrency_limit = 3
        slow_destination_rate_delay = 1s
        slow_destination_recipient_limit = 6

        smtpd_recipient_restrictions = permit_mynetworks,
        ...
        permit_sasl_authenticated,
        ...
        reject_unauth_destination

        smtpd_data_restrictions = check_recipient_mx_access
        hash:/etc/postfix/check_recipient_mx_access

        i.e with gmx

        /etc/postfix/check_recipient_mx_access

        mx0.gmx.net FILTER slow:mx0.gmx.net
        mx1.gmx.net FILTER slow:mx1.gmx.net

        --
        Best Regards
        MfG Robert Schetterer
      • Wietse Venema
        ... With slow_destination_recipient_limit 1, the scheduler controls delays, concurrencies, etc. per domain (instead of per recipient). Therefore, different
        Message 3 of 14 , Oct 2, 2012
        • 0 Attachment
          Robert Schetterer:
          > master.cf
          > ...
          > slow unix - - n - - smtp
          >
          > main.cf
          > slow_destination_concurrency_limit = 3
          > slow_destination_rate_delay = 1s
          > slow_destination_recipient_limit = 6

          With slow_destination_recipient_limit > 1, the scheduler controls
          delays, concurrencies, etc. per domain (instead of per recipient).
          Therefore, different domains are delivered in parallel, subject to
          the master.cf process limit.

          With slow_destination_rate_delay > 0, the per-domain concurrency
          (per-domain because slow_destination_recipient_limit > 1) is always
          1, otherwise there can be no delay between deliveries to the same
          domain. Therefore, slow_destination_concurrency_limit has no effect.

          If you set slow_destination_rate_delay > 0, then you should also
          increase the slow_destination_concurrency_failed_cohort_limit
          as described in QSHAPE_README.

          Wietse
        • Robert Schetterer
          ... thx Wietse for making this clear these were setting from thread not mine, just copied it ( shame on me ! ) but what do you think of ?
          Message 4 of 14 , Oct 2, 2012
          • 0 Attachment
            Am 02.10.2012 15:51, schrieb Wietse Venema:
            > Robert Schetterer:
            >> master.cf
            >> ...
            >> slow unix - - n - - smtp
            >>
            >> main.cf
            >> slow_destination_concurrency_limit = 3
            >> slow_destination_rate_delay = 1s
            >> slow_destination_recipient_limit = 6
            >
            > With slow_destination_recipient_limit > 1, the scheduler controls
            > delays, concurrencies, etc. per domain (instead of per recipient).
            > Therefore, different domains are delivered in parallel, subject to
            > the master.cf process limit.
            >
            > With slow_destination_rate_delay > 0, the per-domain concurrency
            > (per-domain because slow_destination_recipient_limit > 1) is always
            > 1, otherwise there can be no delay between deliveries to the same
            > domain. Therefore, slow_destination_concurrency_limit has no effect.
            >
            > If you set slow_destination_rate_delay > 0, then you should also
            > increase the slow_destination_concurrency_failed_cohort_limit
            > as described in QSHAPE_README.
            >
            > Wietse
            >

            thx Wietse for making this clear
            these were setting from thread not mine, just copied it ( shame on me ! )

            but what do you think of ?

            smtpd_recipient_restrictions = permit_mynetworks,
            ...
            permit_sasl_authenticated,
            ...
            reject_unauth_destination

            smtpd_data_restrictions = check_recipient_mx_access
            hash:/etc/postfix/check_recipient_mx_access

            i.e with gmx

            /etc/postfix/check_recipient_mx_access

            mx0.gmx.net FILTER slow:mx0.gmx.net
            mx1.gmx.net FILTER slow:mx1.gmx.net


            --
            Best Regards
            MfG Robert Schetterer
          • Wietse Venema
            ... Postfix has no multi-recipient lookup feature, so the above is a NOOP for multi-recipient mail. ... Absent concrete evidence I would not assume that
            Message 5 of 14 , Oct 2, 2012
            • 0 Attachment
              Robert Schetterer:
              > smtpd_data_restrictions = check_recipient_mx_access
              > hash:/etc/postfix/check_recipient_mx_access

              Postfix has no multi-recipient lookup feature, so the above is a
              NOOP for multi-recipient mail.

              > mx0.gmx.net FILTER slow:mx0.gmx.net
              > mx1.gmx.net FILTER slow:mx1.gmx.net

              Absent concrete evidence I would not assume that mx0.gmx.net and
              mx1.gmx.net are implemented as one computer per mx record, and I
              would not assume that their MX hosts enforce rate limits etc.
              independently.

              Therefore, instead of using FILTER, and instead of using filters
              per gmx MX record, I would use a transport map with ``gmx.net->slow:''.

              Wietse
            • Robert Schetterer
              ... it was asked to avoid list of domains ( may getting huge ) for slow transport, so i tested check_recipient_mx_access for avoid listing single domains ,
              Message 6 of 14 , Oct 2, 2012
              • 0 Attachment
                Am 02.10.2012 17:02, schrieb Wietse Venema:
                > Robert Schetterer:
                >> smtpd_data_restrictions = check_recipient_mx_access
                >> hash:/etc/postfix/check_recipient_mx_access
                >
                > Postfix has no multi-recipient lookup feature, so the above is a
                > NOOP for multi-recipient mail.
                >
                >> mx0.gmx.net FILTER slow:mx0.gmx.net
                >> mx1.gmx.net FILTER slow:mx1.gmx.net
                >
                > Absent concrete evidence I would not assume that mx0.gmx.net and
                > mx1.gmx.net are implemented as one computer per mx record, and I
                > would not assume that their MX hosts enforce rate limits etc.
                > independently.
                >
                > Therefore, instead of using FILTER, and instead of using filters
                > per gmx MX record, I would use a transport map with ``gmx.net->slow:''.
                >
                > Wietse
                >

                it was asked to avoid list of domains ( may getting huge ) for slow
                transport, so i tested
                check_recipient_mx_access for avoid listing single domains , and use
                their mx record for slow transport, gmx was for example

                ---snip-old mail

                <snip>
                anglicanboksburg.org.za spambox:
                angussa.com spambox:
                ansc.co.za spambox:
                nushasingh.com spambox:
                aomega.co.za spambox:
                aphroditediamonds.co.za spambox:
                apollo21.co.za spambox:
                aquaproof.co.za spambox:
                </snip>

                There are currently 837 lines and all the domains are hosted at
                spambox.co.za

                In main.cf I have:

                spambox_destination_concurrency_limit = 3
                spambox_destination_rate_delay = 1s
                spambox_destination_recipient_limit = 6


                In master.cf i have

                spambox unix - - n - - smtp -o
                syslog_name=postfix-spambox

                Is there an easier way to add the entries other than manually adding
                more to the already
                existing file with 837 lines?
                --snip
                --
                Best Regards
                MfG Robert Schetterer
              • Wietse Venema
                ... I see, many domains sharing the same MX host. I would still reduce this to: mx_access: gmx.net FILTER slow: instead of using one filter per MX record.
                Message 7 of 14 , Oct 2, 2012
                • 0 Attachment
                  Robert Schetterer:
                  > > Therefore, instead of using FILTER, and instead of using filters
                  > > per gmx MX record, I would use a transport map with ``gmx.net->slow:''.
                  >
                  > it was asked to avoid list of domains ( may getting huge ) for slow
                  > transport, so i tested
                  > check_recipient_mx_access for avoid listing single domains , and use

                  I see, many domains sharing the same MX host.

                  I would still reduce this to:

                  mx_access:
                  gmx.net FILTER slow:

                  instead of using one filter per MX record.

                  Wietse
                • Robert Schetterer
                  ... jep youre right, thx for review -- Best Regards MfG Robert Schetterer
                  Message 8 of 14 , Oct 2, 2012
                  • 0 Attachment
                    Am 02.10.2012 17:37, schrieb Wietse Venema:
                    > Robert Schetterer:
                    >>> Therefore, instead of using FILTER, and instead of using filters
                    >>> per gmx MX record, I would use a transport map with ``gmx.net->slow:''.
                    >>
                    >> it was asked to avoid list of domains ( may getting huge ) for slow
                    >> transport, so i tested
                    >> check_recipient_mx_access for avoid listing single domains , and use
                    >
                    > I see, many domains sharing the same MX host.
                    >
                    > I would still reduce this to:
                    >
                    > mx_access:
                    > gmx.net FILTER slow:
                    >
                    > instead of using one filter per MX record.
                    >
                    > Wietse
                    >

                    jep youre right, thx for review

                    --
                    Best Regards
                    MfG Robert Schetterer
                  Your message has been successfully submitted and would be delivered to recipients shortly.