Believe me, this is everything but spam-related. It's mostly .org and
.edu/.gov kind of mailings (non-profit), but quite a lot of them at
one time. I've seen postfix moments like this quite a lot recently:
Incoming: 6991
Active: 20000
Deferred: 7897
Bounced: 2319
Hold: 0
Corrupt: 0

I had to employ special output limits for delivery to the hotmail/live
mail-addresses, since we suffered bounces due to hotmail/live servers
not tolerating the rate at which my postfix was sending them mail.

smtp_destination_concurrency_limit = 4
smtp_destination_rate_delay = 1s
smtp_extra_recipient_limit = 10

seemed to solve that problem. Microsoft's servers stopped bouncing
mail, accepted the rate at which it got mail from our server. But this
created a new problem:
Other normal local user's mail got delayed by ~30 minutes whenever
postfix had to deal with sending out such newsletters. This is not
something they're happy with.

We decided to create a special MX for just the bulk mailings within
our IP-block, the datacentre network we maintain. Here's where my
questions arise:

The setup is as follows:
- We have many servers within the same range, 10.20.30.x (I'll use
IPv4 only for ease now),
some of them have websites and/or are shared hosting servers that are
using a SaaS home-made mailing-GUI for their newsletters and similar
high volume recipient list mails.
- Our primary MX that needs to send out the bulk for them all is
- Is there a way to NOT have to tell postfix to allow the sending
domain names, but just the server's IP-addresses that hold those who'd
like to send out those mails via ?
I would basically like them to use any (valid domain's) from-field
they want, and postfix would have to allow it because the source is
one of our own servers.

Below is my config, it does not want to relay mail from those local
servers and I'm not sure why. Do I really have to note down all
from-field domains as allowed or what is the best way to accomplish
this? I have commented out a lot in this config, because I'm working
on getting it as perfect as possible for our purpose.

Thanks in advance for any and all feedback on this config, feel free
to add improvements:
[root@somemailer~]# cat /etc/postfix/

smtpd_banner = $myhostname ESMTP $mail_name
#relay_domains = $mydestination,
#relay_recipient_maps =
#relayhost =
#transport_maps = hash:/etc/postfix/transport

debug_peer_level = 2
debugger_command =
 ddd $daemon_directory/$process_name $process_id & sleep 5

alias_maps = hash:/etc/aliases
sendmail_path = /usr/sbin/sendmail.postfix
#newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
readme_directory = /usr/share/doc/postfix-2.8.14/README_FILES

inet_protocols = ipv4
# :-/ inet_protocols = all
inet_interfaces =,
smtp_bind_address =
mynetworks = [::1]/128,
smtpd_authorized_xforward_hosts = [::1]/128
smtp_send_xforward_command = yes

mydomain =
myhostname =
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost,
$mydomain, mailer.$mydomain
recipient_delimiter = +

# tempfailed adapted to 3 minutes:
queue_run_delay = 180s
minimal_backoff_time = 180s
maximal_backoff_time = 3601s

disable_vrfy_command = yes
biff = no
default_process_limit = 1000
trigger_timeout = 1
# ? in_flow_delay = 1s
smtpd_delay_reject = yes

smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, check_sender_access
hash:/etc/postfix/sender_access, permit
smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining, permit
smtpd_client_restrictions = permit_mynetworks
smtpd_relay_restrictions = permit_mynetworks,
reject_unauth_destination, permit_sasl_authenticated
smtpd_recipient_restrictions = reject_unauth_destination,
reject_invalid_hostname, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, check_client_access
hash:/etc/postfix/whitelist, reject_unauth_pipelining,
reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_rbl_client, reject_rbl_client, reject_rbl_client,
reject_rbl_client, reject_rbl_client,
reject_rbl_client, reject_rbl_client, permit

default_destination_concurrency_limit = 0
smtp_connect_timeout = 30
smtp_destination_rate_delay = 1s
smtp_extra_recipient_limit = 10
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
smtpd_error_sleep_time = 2s
smtpd_soft_error_limit = 8
smtpd_hard_error_limit = 18
smtpd_recipient_limit = 120
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_reject_footer = For assistance, contact us at, and please provide the following information
in your problem report: time ($localtime), client ($client_address)
and server ($server_name).
smtpd_client_message_rate_limit = 48
smtpd_client_recipient_rate_limit = 30

# for hotmail/live reception (preventing blocks):
slow_destination_rate_delay = 1
slow_destination_concurrency_failed_cohort_limit = 100
smtp_destination_concurrency_limit = 4
smtp_destination_rate_delay = 1s
smtp_extra_recipient_limit = 10

queue_minfree = 122880000
qmgr_message_active_limit = 12000
qmgr_message_recipient_limit = 12000
qmgr_site_hog_factor = 100
bounce_size_limit = 150000
mailman_destination_recipient_limit = 1
mailbox_size_limit = 0
message_size_limit = 20480000

# TLS parameters saslauthd TODO !
#smtpd_sasl_local_domain =
#smtpd_sasl_auth_enable = yes
#broken_sasl_auth_clients = yes
#smtpd_sasl_security_options = noanonymous
#smtpd_sasl_authenticated_header = no
#smtpd_tls_received_header = no
#smtp_tls_ciphers = export
#smtp_tls_protocols = !SSLv2
#smtpd_tls_loglevel = 1
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
#smtpd_tls_auth_only = no
#smtpd_use_tls = yes
#smtp_use_tls = yes
#smtp_tls_note_starttls_offer = yes

#smtpd_tls_key_file = /etc/postfix/ssl/mailer.key
#smtpd_tls_cert_file = /etc/postfix/ssl/mailer.crt
#smtpd_tls_CAfile = /etc/postfix/ssl/ca-certificates.crt
#smtp_tls_CAfile = $smtpd_tls_CAfile

#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Reply via email to