Re: Same sender, same sasl user
Working perfect! Thank you, Mr. Venema. - Mensagem original - De: "Wietse Venema" <wie...@porcupine.org> Para: "postfix-users" <postfix-users@postfix.org> Enviadas: Quinta-feira, 24 de maio de 2018 12:43:14 Assunto: Re: Same sender, same sasl user Alfredo Saldanha: > Hello people > I'm trying to setup sender must be tha same sasl user authentication, but I > don't care where the connection comes from or is going. > I'd like only to prevent fake sender. I've tried > 'smtp_sender_dependent_authentication = yes', but I think that is not enough. > Some tip? > Maybe: http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps http://www.postfix.org/postconf.5.html#reject_sender_login_mismatch Postfix also has reject_authenticated_sender_login_mismatch and reject_known_sender_login_mismatch for corner cases. Wietse
Same sender, same sasl user
Hello people I'm trying to setup sender must be tha same sasl user authentication, but I don't care where the connection comes from or is going. I'd like only to prevent fake sender. I've tried 'smtp_sender_dependent_authentication = yes', but I think that is not enough. Some tip? Thanks.
Re: virtual_alias_maps accounts are bypassing smtpd_recipient_restrictions
Hi Wietse, So it means that there is a postfix wrong behavior? Alfredo - Mensagem original - De: "Wietse Venema" <wie...@porcupine.org> Para: "postfix-users" <postfix-users@postfix.org> Enviadas: Quinta-feira, 17 de março de 2016 21:09:15 Assunto: Re: virtual_alias_maps accounts are bypassing smtpd_recipient_restrictions Alfredo Saldanha: > Hello all, > > Why my virtual_alias_maps accounts are bypassing > smtpd_recipient_restrictions? > > Example: > > accou...@mydomain.tld accou...@mydomain.tld, accou...@mydomain.tld, > accou...@mydomain.tld > > The account1 is ok, it pass in smtpd_recipient_restrinctions, but the others > don't. TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html Thank you for using Postfix. Wietse
virtual_alias_maps accounts are bypassing smtpd_recipient_restrictions
Hello all, Why my virtual_alias_maps accounts are bypassing smtpd_recipient_restrictions? Example: accou...@mydomain.tld accou...@mydomain.tld, accou...@mydomain.tld, accou...@mydomain.tld The account1 is ok, it pass in smtpd_recipient_restrinctions, but the others don't. Some tip? Thanks.
Re: virtual_alias_maps accounts are bypassing smtpd_recipient_restrictions
Sorry guys, now I realize what was wrong. The problem is my configuration mistake. My bad. Best regards, Alfredo - Mensagem original - De: "Noel Jones" <njo...@megan.vbhcs.org> Para: "postfix-users" <postfix-users@postfix.org> Enviadas: Sexta-feira, 18 de março de 2016 11:13:08 Assunto: Re: virtual_alias_maps accounts are bypassing smtpd_recipient_restrictions On 3/18/2016 8:51 AM, Alfredo Saldanha wrote: > Hi Wietse, > > So it means that there is a postfix wrong behavior? > > Alfredo No one here understands your question. You can help us by describing exactly what is happening, compared to what you expected to happen. Include postfix logging showing the unexpected behavior. Include your 'postconf -n' output. -- Noel Jones
Re: Milter not to all messages
Nice way, Stephen. I'll think about that. Thank you. - Mensagem original - De: "Stephen Satchell" <l...@satchell.net> Para: "Alfredo Saldanha" <asalda...@infolink.com.br>, "postfix-users" <postfix-users@postfix.org> Enviadas: Sexta-feira, 11 de março de 2016 14:11:11 Assunto: Re: Milter not to all messages On 03/11/2016 06:48 AM, Alfredo Saldanha wrote: > Is there some way to use milter check in a type of conditional ? > In my situation here, it can not be mandatory to each message. > I'm asking this because some users here want to receive all messages without > Spam verification. When I was running mail servers for a medium-sized web hosting company, I ran into the same problem: some customers did not want spam filtering on all mailboxes in their domains, or on particular mailboxes in their domain. So I had an exception list, and my milter would query the exception list so that the exceptions could be short-circuited. Easy to do in Perl; equally easy to do in Python. I had also coded a global exception for "postmaster", so that the mail service would be RFC compliant. (I had considered also making a global exception for "hostmaster" but decided against it. Not many of our customers defined this role account for their domain.) Customer didn't want "postmaster"? We would redirect it to the support postmaster mail account. Simple.
Re: Milter not to all messages
So I need another Postfix instance to do this. I can use transport maps to select which user will pass in milter. Thanks Wietse. - Mensagem original - De: "Wietse Venema" <wie...@porcupine.org> Para: "postfix-users" <postfix-users@postfix.org> Enviadas: Sexta-feira, 11 de março de 2016 11:52:48 Assunto: Re: Milter not to all messages Alfredo Saldanha: > Is there some way to use milter check in a type of conditional ? No. Milters can't start somewhere in the middle of an SMTP session. They must be able to inspect and respond to all connection stages. Wietse > In my situation here, it can not be mandatory to each message. > I'm asking this because some users here want to receive all messages without > Spam verification. > > Part of my main.cf: > http://dpaste.com/3HFRR6V > > Thanks. >
Milter not to all messages
Is there some way to use milter check in a type of conditional ? In my situation here, it can not be mandatory to each message. I'm asking this because some users here want to receive all messages without Spam verification. Part of my main.cf: http://dpaste.com/3HFRR6V Thanks.
relay ip map
Hi there, Is possible to create a hash map file with IPs to allow relay in my outbound server? But I can not use the mynetworks entry to this. I know that in 2.10 exist smtpd_relay_restrictions, but my version is 2.9.6. Is there another way? Thanks.
Decrease the Postfix connection speed
Hi there, Is possible to decrease the postfix connection speed in case of possible spam? Per number of connections or messages per second come from a specific IP? BR, Jr.
Re: Decrease the Postfix connection speed
Thanks, I'll check this setup. Junix Am 08.05.2014 16:09, schrieb Alfredo Saldanha: Is possible to decrease the postfix connection speed in case of possible spam? Per number of connections or messages per second come from a specific IP? anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limit = 50 smtpd_client_recipient_rate_limit = 400 smtpd_recipient_limit = 100
Re: Decrease the Postfix connection speed
When the documentation says: IMPORTANT: These limits must not be used to regulate legitimate traffic: mail will suffer grotesque delays if you do so. The limits are designed to protect the smtpd(8) server against abuse by out-of-control clients. How long is this grotesque delays ? Because the idea is not reject or discard the message. Am 08.05.2014 16:09, schrieb Alfredo Saldanha: Is possible to decrease the postfix connection speed in case of possible spam? Per number of connections or messages per second come from a specific IP? anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limit = 50 smtpd_client_recipient_rate_limit = 400 smtpd_recipient_limit = 100
Re: Decrease the Postfix connection speed
Hi Viktor, Sorry my ignorance, but this is not inbound messages. This configuration is only to my MSAs servers. Our customers are not spammers, in these cases, we block the user and break the contract, of course. But is not dificult to comes another spammer, because of this I'm trying to configurate this actions. Thank you. - Mensagem original - De: Viktor Dukhovni postfix-us...@dukhovni.org Para: postfix-users@postfix.org Enviadas: Quinta-feira, 8 de maio de 2014 13:10:10 Assunto: Re: Decrease the Postfix connection speed On Thu, May 08, 2014 at 12:59:03PM -0300, Alfredo Saldanha wrote: Legitimate email is the normal authenticated users, newsletter, or something else, I suppose. Legitimate mail here means *inbound* mail to your MX hosts, from remote sites, that is not known or strongly suspected to be spam. I'd like to put a delay in internal spammers cases. You can apply whatever rate limits you want to *outbound* mail. Because I have today customers that pay to send 3 thousand spams per day. If your customers are spamming, and you don't terminate their access, then you're spamming. -- Viktor.
Re: Decrease the Postfix connection speed
Sorry my english. But I mean that they try to do this, but we don't allow, of course. Thank you for your information. - Mensagem original - De: li...@rhsoft.net Para: postfix-users@postfix.org Enviadas: Quinta-feira, 8 de maio de 2014 13:11:37 Assunto: Re: Decrease the Postfix connection speed *please* get rid of reply-all on mailing-lists Am 08.05.2014 17:59, schrieb Alfredo Saldanha: Legitimate email is the normal authenticated users, newsletter, or something else, I suppose. I'd like to put a delay in internal spammers cases. Because I have today customers that pay to send 3 thousand spams per day if your customers pay to send 3 thousand spams per day please tell us your IP to blacklist it The idea is let the authenticated user send 300 messages per hour in maximum 3K per 24h. This is in company contract, out of this, I need to increase the delay time to don't punish the regular customers. you can use 'smtpd_client_connection_rate_limit', 'smtpd_client_recipient_rate_limit' and 'smtpd_recipient_limit' with different values for each listeners in master.cf the rest is math When the documentation says: IMPORTANT: These limits must not be used to regulate legitimate traffic: mail will suffer grotesque delays if you do so. The limits are designed to protect the smtpd(8) server against abuse by out-of-control clients. As documented these features must not be used to control the flow of LEGITIMATE email.
Get tags in master.cf
Hi there, I'd like to know if is possible to get the specific tag information in the message using master.cf. For example: bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient I can get the sender, nexthop and recipient. Can I get a specific tag value? For example: X-DSPAM-Signature: 515f115c215766079113825 BR, Junix
Re: Get tags in master.cf
Thank you Wietse. - Mensagem original - De: Wietse Venema wie...@porcupine.org Para: Postfix users postfix-users@postfix.org Enviadas: Segunda-feira, 8 de abril de 2013 12:07:46 Assunto: Re: Get tags in master.cf Alfredo Saldanha: bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient I can get the sender, nexthop and recipient. As described in the pipe(8) manpage the $name macros provide information from the message envelope, and from SMTP protocol commands. They do not provide information from message content. Message content is provided on standard input. Wietse
Transport maps in MySQL
Hi people, Simple question: I s safe use mysql to get the transport maps information? if the connection with database drops ? is there cache? BR, Junix
Re: Transport maps in MySQL
In line... De: Noel Jones njo...@megan.vbhcs.org Para: postfix-users@postfix.org Enviadas: Quinta-feira, 7 de Março de 2013 17:01:45 Assunto: Re: Transport maps in MySQL On 3/7/2013 1:37 PM, Alfredo Saldanha wrote: Hi people, Simple question: Is safe use mysql to get the transport maps information? if the connection with database drops ? is there cache? BR, Junix The transport table is a critical table used by pretty much every part of postfix (by way of the trivial_rewrite service). If the mysql database is unavailable, no mail will flow. If the lookups are slow, all postfix performance will suffer. In case of mysql connection drop, Postfix doesn't use the last transport information ? And another stuffs that use MySQL, like virtual aliases, users, etc. the message will be rejected ? While it is certainly possible to successfully use mysql with transport, it will require some care and feeding -- especially for a high-volume server. OK. Transport tables don't usually change frequently, and it's better to keep that information in a local hash: or cdb: table for both performance and availability. If you want to keep everything in mysql, consider creating a process to periodically dump the data to a local hash: or cdb: table. Thank you Noel. -- Noel Jones
Re: Transport maps in MySQL
Sorry, this was my email client. Thank you for answers. - Mensagem original - De: Reindl Harald h.rei...@thelounge.net Para: postfix-users@postfix.org Enviadas: Quinta-feira, 7 de Março de 2013 17:22:36 Assunto: Re: Transport maps in MySQL DO NOT POST HTML-MESSAGES Am 07.03.2013 21:17, schrieb Alfredo Saldanha: In line... On 3/7/2013 1:37 PM, Alfredo Saldanha wrote: Hi people, Simple question: Is safe use mysql to get the transport maps information? if the connection with database drops ? is there cache? BR, Junix The transport table is a critical table used by pretty much every part of postfix (by way of the trivial_rewrite service). If the mysql database is unavailable, no mail will flow. If the lookups are slow, all postfix performance will suffer. In case of mysql connection drop, Postfix doesn't use the last transport information ? And another stuffs that use MySQL, like virtual aliases, users, etc. the message will be rejected ? While it is certainly possible to successfully use mysql with transport, it will require some care and feeding -- especially for a high-volume server. OK. Transport tables don't usually change frequently, and it's better to keep that information in a local hash: or cdb: table for both performance and availability. If you want to keep everything in mysql, consider creating a process to periodically dump the data to a local hash: or cdb: table. in short: if you use mysql for your config your mysqld MUST NOT be unreachable, ever at all, if your setup is OK this will never happen - i am saying this after 5 years dbmail where ANYTHING is in a innodb-database, not only postfix-config never ever shutdown mysql alone, make sure you always stop any mail-service before, make sure any mailservice is stopped before mysqld at reboot/shutdown, make sure your mysqld is high available with replication and you are fine
Re: always_bcc
Thank you, but how about to disable bounce messages? - Mensagem original - De: Fernando Maior fernando.souto.ma...@gmail.com Para: Alfredo Saldanha asalda...@infolink.com.br Cc: postfix-users postfix-users@postfix.org Enviadas: Quarta-feira, 8 de Agosto de 2012 21:12:59 Assunto: Re: always_bcc Hi Saldanha, As per your config file: * myhostname = labmail.temp.com * allways_bcc = t...@temp.com Maybe I am guessing wrong, but I believe you are trying to deliver the allways_bcc messages to a domain that is hosted by the server labmail.temp.com ; if that is the case, I sugest you should try one of these things: 1. configure allways_bcc to a domain that is hosted at the other server; or 2. configure /etc/postfix/transport to send mail posted to t...@temp.com to the other server. The second sugestion is my first choice of procedure. You may have a look at the transport table doc at http://www.postfix.org/transport.5.html Fernando Maior On Tue, Aug 7, 2012 at 9:54 AM, Alfredo Saldanha asalda...@infolink.com.br wrote: Hi there, I'm trying to implement always_bcc to send a copy of all received messages to another server. My idea is disable any notification messages back in the second server (if something goes wrong) and discard all messages after received. This way is like the clean solution to ensure that the always_bcc destination never bounces or refuses a message. It seems weird, but is only a test that I need to do. 1st problem: aways_bcc is not working. 2nd problem: I have no idea how to disable notification messages. My main.cf : http://dpaste.com/782638/ My master.cf : http://dpaste.com/782639/ Thank you.
Re: always_bcc
Nice, thank you guys.
- Mensagem original -
De: Viktor Dukhovni postfix-us...@dukhovni.org
Para: postfix-users@postfix.org
Enviadas: Terça-feira, 14 de Agosto de 2012 14:18:04
Assunto: Re: always_bcc
On Tue, Aug 14, 2012 at 12:46:46PM -0400, Wietse Venema wrote:
May be you should look at the source for bounce service daemon.
Or look for Victor's description of a mail stream duplicator. The
purpose was to archive all mail. It was implemented (I think with
Net::SMTP) as a content filter that duplicated all input lines to
a secondary stream for archival.
The implementation was in Perl, but I did not use Net::SMTP, I
wanted something cleaner and more robust, so I ultimately wrote
my own SMTP I/O interface for Perl. A trivial example was:
my $s = MS::SMTP::Connect($addr, $port, 30);
eval {
# Wait for 2XX banner or throw 4XX/5XX exception
my $banner = $s-Hear(2);
$s-Timeout(300);
$s-Say(EHLO $hostname\r\n);
my $ehlo_resp = $s-Hear(2);
# Assume pipelining
$s-Say(MAIL FROM:$sender\r\n);
$s-Say(RCPT TO:$rcpt\r\n);
$s-Say(DATA\r\n);
$s-Hear(2); # 2XX
$s-Hear(2); # 2XX
$s-Hear(3); # 3XX
$s-Xfer($msgbody);
$s-Say(.\r\n);
$s-Say(QUIT);
$s-Timeout(600);
$s-Hear(2);
};
if ($@) {
# Handle exception
}
# Delivery is complete
I found this much easier to work with than Net::SMTP, but the idea
is the same.
The trick was to send the final
. to the primary stream only after delivery to the secondary
stream was successful, otherwise it would report a temporary error.
Such a content filter might even be deployed as smtpd_proxy_filter;
it should not be more than a few dozen lines of code.
Indeed an archive-only filter is fairly short. In my case it MIME
encapsulates the archive copy with the original message as an
attachment and the envelope as the body. This is easy since a message
attachment is just:
| Outer-Headers:
| Content-Type: multipart/mixed; boundary = mumble
|
| --mumble
| Content-Type: text/plain; charset=us-ascii
|
| Message envelope here
|
| --mumble
| Content-Type: message/rfc822
|
Original-Message-Headers-Here:
Original Message body here.
|
| --mumble--
.
Thus all that is required is to send the lines marked with a leading
| just before and just after the unmodified message. The envelope
is naturally also different for the archive stream, the recipient
is the archive destination and the sender is either empty or a
special mailbox for processing archive bounces (that should never
happen) since I always ensure archive deliveries soft-bounce.
--
Viktor.
always_bcc
Hi there, I'm trying to implement always_bcc to send a copy of all received messages to another server. My idea is disable any notification messages back in the second server (if something goes wrong) and discard all messages after received. This way is like the clean solution to ensure that the always_bcc destination never bounces or refuses a message. It seems weird , but is only a test that I need to do. 1st problem: aways_bcc is not working. 2nd problem: I have no idea how to disable notification messages. My main.cf: http://dpaste.com/782638/ My master.cf: http://dpaste.com/782639/ Thank you.
Message content in Policy Delegation
Hi there, I'd like to know if is possible to check some itens using postfix policy delegation: - file extensions (I could use mime_header_checks to check it globally, but I need to accept for some groups and reject to another groups of users) - text in subject (I could use header_checks to check it globally, but I need to accept for some groups and reject to another groups of users ) - some specific words (I could use body_checks to check it globally, but I need to accept for some groups and reject to another groups of users ) Thank you in advance.
Re: Message content in Policy Delegation
Ok, I'm asking this, because I need do this checks according the user/group, I can not check globally. I'll read more about Milters. Thank you. - Mensagem original - De: Viktor Dukhovni postfix-us...@dukhovni.org Para: postfix-users@postfix.org Enviadas: Segunda-feira, 23 de Julho de 2012 15:21:02 Assunto: Re: Message content in Policy Delegation On Mon, Jul 23, 2012 at 02:28:33PM -0300, Alfredo Saldanha wrote: I'd like to know if is possible to check some itens using postfix policy delegation: - file extensions No. Message content is not available to policy services. - text in subject No. Message content is not available to policy services. - some specific words No. Message content is not available to policy services. Content inspection is supported via: - Built-in header/body checks - Post-queue content filters - Pre-queue proxy filters - Milters -- Viktor.
Fishing, Virus and Bots RBL
Hi everybody, I've thoght to use a kind of fishing, virus and bots RBL to stop (or almost) spam sending by my users. Any tip? BR, Alfredo
always_bcc to a specific address list
Hi guys, My question is very simple. Is possible configure the Postfix to deliver a BCC message to a list of specifics address (list)? Can I use the feature always_bcc to do this? How? Thank you. Alfredo
Re: always_bcc to a specific address list
Hi guys again, Sorry, I've done using sender_bcc_maps. It is ok now. Thank you. On 02/16/2012 01:51 PM, Alfredo Saldanha wrote: Hi guys, My question is very simple. Is possible configure the Postfix to deliver a BCC message to a list of specifics address (list)? Can I use the feature always_bcc to do this? How? Thank you. Alfredo
transport private/smtp: Connection refused
Hi People, I'm trying to configure a transport map to send emails to another server, but I got this error: postfix-smtp/qmgr[29632]: warning: connect to transport private/smtp: Connection refused in my master.cf: 587 inet n - n - - smtpd in my postconf -n: alias_maps = hash:/etc/aliases allow_percent_hack = yes bounce_queue_lifetime = 3d broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix-smtp/ daemon_directory = /usr/libexec/postfix data_directory = /var/spool/postfix-smtp debug_peer_level = 2 disable_mime_input_processing = yes disable_vrfy_command = yes inet_interfaces = 127.0.0.1, 200.xxx.xxx.xxx mail_owner = postfix mail_spool_directory = /var/mail mailq_path = /usr/bin/mailq maximal_queue_lifetime = 3d message_size_limit = 20971520 mydomain = infolink.com.br myhostname = emailbackup01.infolink.com.br mynetworks = 127.0.0.1, 200.xxx.xxx.0/20, 200.xxx.xxx.xxx myorigin = $mydomain newaliases_path = /usr/bin/newaliases notify_classes = resource,software queue_directory = /var/spool/postfix-smtp queue_run_delay = 300s readme_directory = no relay_domains = permit_mynetworks sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_data_done_timeout = 600s smtp_data_init_timeout = 300s smtp_data_xfer_timeout = 900s smtpd_banner = $myhostname - ESMTP - MAILBKP smtpd_discard_ehlo_keywords = silent-discard, dsn smtpd_error_sleep_time = 60s smtpd_hard_error_limit = 5 smtpd_helo_required = yes smtpd_recipient_limit = 100 smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient,reject_unknown_sender_domain, permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated smtpd_soft_error_limit = 1 smtpd_timeout = 300s strict_rfc821_envelopes = no syslog_name = postfix-smtp transport_maps = hash:/etc/postfix-smtp/transport_sgmail.map unknown_address_reject_code = 550 unknown_client_reject_code = 550 unknown_hostname_reject_code = 550 unknown_local_recipient_reject_code = 550 My transport_sgmail.map standard: domain.com.brsmtp:pop.domain.com.br:25 Thanks, Junix
Re: transport private/smtp: Connection refused [solved]
Hi, I solved this problem! I change the transport map: from: domain.com.brsmtp:pop.domain.com.br:25 to: domain.com.br relay:pop.domain.com.br:25 Now it works well. Thank you. On 12/21/2011 06:15 PM, Ralf Hildebrandt wrote: * Alfredo Saldanhaasalda...@corp.infolink.com.br: Hi People, I'm trying to configure a transport map to send emails to another server, but I got this error: postfix-smtp/qmgr[29632]: warning: connect to transport private/smtp: Connection refused in my master.cf: 587 inet n - n - - smtpd That's smtpd, not smtp.
Re: Switch off Postfix filters
On 11/28/2011 05:45 PM, Noel Jones wrote: On 11/28/2011 1:04 PM, Wietse Venema wrote: Alfredo Saldanha: Dear, I'd like to know if is there some way to disable automatic or manually Postfix filters in case of failure (overload) or something. I'm asking this because I was an incident where, under an overload of messages, I had problems with my mx performance (very high CPU load and memory usage) to deliver messages through filters header and body checks and also a check for a policy server. Somewhere in an overload, some messages were blocked, and would certainly whitelisted the Policy Server, but it was no longer responding to connections due to high load on the server processes. Then ask them, is possible turn off or divert messages from filters like cidr (check_client_access), body (body_checks) and header checks in the event of an overload of messages? First of all, you must configure the system such that Postfix can handle the load for the configured SMTP server process limit. If the default process limit (100) is too high for your system, reduce the number. http://www.postfix.org/postconf.5.html#default_process_limit You can stress test Postfix performance with the smtp-source utility which is included with Postfix source code. http://www.postfix.org/smtp-source.1.html Postfix has an overload-adaptive mechanism, but you should first reduce your process limit until it is small enough that your system can handle the load. http://www.postfix.org/STRESS_README.html Wietse Alfredo, In addition to what Wietse writes, I would encourage you to test your system to see exactly what is failing under high load. The check_client_access cidr table is unlikely to add more than a negligible amount of CPU usage, although a very large table (10's of thousands entries) might use quite a bit of memory. Access table usage will show up in the memory and CPU usage of the smtpd processes. Temporarily disable your access tables to measure the impact on the smtpd processes -- and note that most of the memory used by smtpd is shared between processes. header_checks and body_checks likewise should not use much ram or CPU unless you've configured an unreasonable number of checks. Remove entries that rarely or never match anything; limit the amount of data checked with body_checks by setting body_checks_size_limit to some reasonable number (the default 51200 should be reasonable for most sites). These checks are run by the cleanup processes. Policy servers are a frequent source of performance issues. Make sure yours isn't dying or timing out under heavy load. Finally, if your machine is swapping due to high memory use, either add RAM or reduce the postfix default_process_limit to manage peak memory use. -- Noel Jones Hi, I have 6 instances of postfix here, one of each filter, transport maps, etc. My first instance is default_process_limit = 550, I supose that it was not measured, but anyway, I'll make the stress test using postfix-source to be sure how is the best configuration. I send news. Thank you guys, Alfredo
Switch off Postfix filters
Dear, I'd like to know if is there some way to disable automatic or manually Postfix filters in case of failure (overload) or something. I'm asking this because I was an incident where, under an overload of messages, I had problems with my mx performance (very high CPU load and memory usage) to deliver messages through filters header and body checks and also a check for a policy server. Somewhere in an overload, some messages were blocked, and would certainly whitelisted the Policy Server, but it was no longer responding to connections due to high load on the server processes. Then ask them, is possible turn off or divert messages from filters like cidr (check_client_access), body (body_checks) and header checks in the event of an overload of messages? Thank you, Alfredo
