On Tue, Aug 22, 2023 at 03:41:43PM -0400, Alex via Postfix-users wrote: > I'm hoping I could ask what is probably an FAQ but I haven't seen > anything on it recently. I've already implemented some type of rate > limiting for delivering to gmail, but it's apparently not working > satisfactorily for them. Notice it's already going through my > throttled transport. > > This mail server unfortunately has quite a few users who use ~/.forward to > forward mail through to their personal gmail account from their corporate > account.
This is a known problem also when a corporate domain is hosted by Google, and mail from "inside" is relayed to Google for delivery. The issue is is that beyond the overall message rate limit (that you might not be exceeding) there is also a per-user message rate limit, and perhaps you're exceeding that limit for some users. The manner in which the bad news is reported by the receiving MTA has in the past been indistinguishable from an overall temporary failure to accept mail from the sending Postfix, with the destination then throttled. Which leads to more deferred mail being accumulated before transmission resumes, only for the door to promptly slam closed again! > Aug 22 15:33:08 cipher postfix-gmail/smtp[2551987]: 5EF9820E0E1E8: > host gmail-smtp-in.l.google.com[64.233.176.27] said: > Our system has detected an unusual rate of unsolicited mail > originating from your IP address. To protect our users from spam, > mail sent from your IP address has been temporarily rate limited. > Please visit > https://support.google.com/mail/?p=UnsolicitedRateLimitError to > review our Bulk Email Senders Guidelines. This is one of those examples. The "421" error is a hard connection close, not a single refused recipient, and Postfix after a few of these considers the remote destination to be down. Given stead traffic, the problem only gets worse. > Any ideas for further tweaking? I'd imagine this is primarily for bulk > email (as the message says), so perhaps I need a separate transport > specifically for bulk email? The only things you can do are: - Refuse to forward email to outside providers. Implement *managed* .forward files that users have to request changes to, and can't edit unilaterally. - Implement aggressive anti-spam filters and per-user incoming message rate limits, that might just keep the volume of mail, and particularly forwarded spam to a low enough level to fly under the radar. For the corporate case, I used to see the problem when developers were silly enough to generate emails for every occurence of some persistent problem in a system they monitored, with hundreds of identical email messages heading for the same mailbox in short succession. I implemented rate limits on essentially identical (sender, recipients, fuzzy matched subject) tuples, with the mail quarantined before reaching the MTA relaying to Gmail. The support team would periodically drain the quarantine of bulk junk. This mostly kept the queue towardds Gmail from clogging. All that said, simply don't forward to Gmail, it simply is not suitable for receiving mail streams that consolidate traffic from potentially spammy sources. -- Viktor. _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
