Helmut Schneider:
> Am 26.07.2022 um 14:28 schrieb Wietse Venema:
> > Wietse Venema:
> >> Helmut Schneider:
> >> > Error: too many connections from 172.20.16.26
> >> 
> >> LOOK IN YOUR LOGS.
> > 
> > That will tell you if this is a concurrency or rate limti problem.
> > However, the problem is that your exclusion configuration is broken.
> > 
> > You specify a CIDR table, but you failed to tell Postfix
> > that the table is in CIDR format.
> > 
> > smtpd_client_event_limit_exceptions = cidr:/path/to/file
> 
> $ postmulti -i postfix-in -x postconf 
> smtpd_client_connection_limit_exceptions
> smtpd_client_connection_limit_exceptions = 
> cidr:/etc/postfix-in/smtpd_client_connection_limit_exceptions
> $ postmulti -i postfix-in -x postconf smtpd_client_event_limit_exceptions
> smtpd_client_event_limit_exceptions = 
> cidr:/etc/postfix-in/smtpd_client_event_limit_exceptions
> $
> 
> <Relaoded postfix>
> <Flushed queue>
> 
> Jul 26 16:30:52 mail02 postfix-out/error[1388996]: 51DF9B70D8E1: 
> to=<blabla>, relay=none, delay=32196, delays=32196/0.61/0/0.01, 
> dsn=4.7.0, status=deferred (delivery temporarily suspended: host 
> mailin[172.20.16.27] refused to talk to me: 421 4.7.0 mail02 Error: too 
> many connections from 172.20.16.26)
> 
> 172.20.16.26 and 172.20.16.27 are both on the same host so I'm sure I 
> fixed the CIDR notation in all config files (thanks for the hint).

Sorry, I misread your original posting.

The behavior is controlled with

smtpd_client_event_limit_exceptions = 
    cidr:/etc/postfix-in/smtpd_client_event_limit_exceptions

In your smtpd_client_event_limit_exceptions file you have

$ cat /etc/postfix-in/smtpd_client_event_limit_exceptions
$mynetworks
[...]

Postfix does not support $mynetworks substitution in 
files other than main.cf or master.cf.

You have to enumerate the address patterns.

Thus: 

smtpd_client_event_limit_exceptions =
    /etc/postfix-in/smtpd_client_event_limit_exceptions

In smtpd_client_event_limit_exceptions:
127.0.0.0/8     OK
10.0.0.0/8      OK
172.16.0.0/12   OK
192.168.0.0/16  OK

        Wietse

Reply via email to