Le 03/12/2021 à 14:48, Yves-Marie Le Pors Chauvel a écrit :
Hi folks,
I moved from Postfix 3.1.15 to 3.5.6... It was mandatory to upgrade it
in order to remove any legacy version (OS and Postfix) !
Before that everything was perfect : respecting the limit of
connections for a specific route per IP with connection reuse without
TLS ! Since moving from 3.1.15 to 3.5.6, we are receiving a lot of
‘too many connections’ deferred : 421 mwinf5c42 ME Trop de connexions,
veuillez verifier votre configuration. Too many connections, slow
down. OFR004_104 [104]
Here is my transport map :
#ORANGE orange.fr <http://orange.fr> orange: csp-audit.com
<http://csp-audit.com> orange: franceadhesif.fr
<http://franceadhesif.fr> orange: rgr-avocats.com
<http://rgr-avocats.com> orange: fermedevilliers.fr
<http://fermedevilliers.fr> orange: abex-ec.fr <http://abex-ec.fr>
orange: pyrcarto.fr <http://pyrcarto.fr> orange: agencecharles.fr
<http://agencecharles.fr> orange: emballagedigest.eu
<http://emballagedigest.eu> orange: da-conseil.com
<http://da-conseil.com> orange: somaris.com <http://somaris.com>
orange: auto3000sa.fr <http://auto3000sa.fr> orange: batee.fr
<http://batee.fr> orange: dynamelec.fr <http://dynamelec.fr> orange:
a4architectes.com <http://a4architectes.com> orange:
transports-fronton.fr <http://transports-fronton.fr> orange:
fruitaliance.com <http://fruitaliance.com> orange: exp-automoto.com
<http://exp-automoto.com> orange: aaformation.com
<http://aaformation.com> orange: aer-sa.fr <http://aer-sa.fr> orange:
atalentec.com <http://atalentec.com> orange: bst.fr <http://bst.fr>
orange: cabinetec.fr <http://cabinetec.fr> orange: cabinetsecom.com
<http://cabinetsecom.com> orange: dhalluin-peny.fr
<http://dhalluin-peny.fr> orange: gescomm-fr.com
<http://gescomm-fr.com> orange: gsf-am.com <http://gsf-am.com> orange:
kalyseo.fr <http://kalyseo.fr> orange: mattholding.fr
<http://mattholding.fr> orange: mktool.com <http://mktool.com> orange:
quilico-archi.com <http://quilico-archi.com> orange: tea-cefi.com
<http://tea-cefi.com> orange: tramobus.com <http://tramobus.com>
orange: #WANADOO wanadoo.fr <http://wanadoo.fr> wanadoo:
Here is part of my main.cf <http://main.cf> :
smtp_tls_connection_reuse = yes smtp_connection_reuse_time_limit =
100s smtp_connection_cache_time_limit = 1s
# Orange policy orange_initial_destination_concurrency =1
orange_destination_concurrency_limit = 1 orange_destination_rate_delay
= 0 orange_destination_recipient_limit = 10 # Wanadoo policy
wanadoo_initial_destination_concurrency = 1
wanadoo_destination_concurrency_limit = 1
wanadoo_destination_rate_delay = 0 wanadoo_destination_recipient_limit
= 10
Here is part of my master.cf <http://master.cf> :
#
==========================================================================
# service type private unpriv chroot wakeup maxproc command + args #
(yes) (yes) (yes) (never) (100) #
==========================================================================
orange unix - - y - 2 smtp wanadoo unix - - y - 1 smtp
/As you can notice maxproc = 2 for orange route, but as you know (I
won’t learn you anything) Orange + Wanadoo is a 3 connection limit
(recommended 2 for Orange and 1 for Wanadoo)./
I’ve asked the MBP and he confirmed that we have more than 3
connexions at the exact same time... Does anyone know if Postfix
changed the way it is managing connections (something like moving from
connection limit to active connection limit ? that could be an
explanation ==> active + idles > 3) ? For information, adding TLS or
not, does not change this issue...
Does anyone have any advice to tune my conf in order to avoid such
issues ? If you need more elements, feel free to ask !
Regards,
Hello,
Orange/Wanadoo setup is a mess for SMTP servers.
Take in mind that all their rate limiting is implemented at the IP/TCP
level, not SMTP level.
Orange and Wanadoo are behind the same IPs so do not use two transport
but only one or you will trigger the simultaneous max TCP session quota.
Use aggressive SMTP session reuse for SMTP AND for SMTP TLS or you will
trigger the max session per hour.
So relevant part of my config is:
main.cf : (no need to touch other default values)
slow_destination_concurrency_limit=1
smtp_tls_connection_reuse = yes
master.cf:(yes 30s is insane, but their setup too)
slow unix - - n - - smtp
-o { smtp_connection_cache_destinations = wanadoo.fr, orange.fr }
-o smtp_connection_cache_time_limit=30
Fix your transport table :
Many entries are no longer hosted on "Orange" system.
All entries but wanadoo.fr and orange.fr are on a different MX :
smtppromx.orange.fr for which the rate limiting is less problematic.
So limiting your transport table with only an entry for wanadoo.fr and
and entry for orange.fr poining to the "slow" transport should be
sufficient.
Postfix will not exactly honor the max simultaneous connection
specified, Viktor had explained why before and it seems that it is an
area that need some work if I remember correctly (please correct me if I
am wrong). But this setup give pretty good results on high volume traffic.
Orange fixed some time ago the most problematic configuration: wanadoo
and orange where on two different MX but with the same IP, but still use
one MX entry with a A entry with two IP.
Regards,
Emmanuel.
