Re: Local network MX for newsletters and high volume mailing questions
OK, nobody has anything to say on this? On Fri, Apr 11, 2014 at 1:13 AM, Thijssen jul...@gmail.com wrote: We decided to create a special MX for just the bulk mailings within our IP-block, the datacentre network we maintain. Here's where my questions arise: The setup is as follows: - We have many servers within the same range, 10.20.30.x (I'll use IPv4 only for ease now), some of them have websites and/or are shared hosting servers that are using a SaaS home-made mailing-GUI for their newsletters and similar high volume recipient list mails. - Our primary MX that needs to send out the bulk for them all is 10.20.30.7 - Is there a way to NOT have to tell postfix to allow the sending domain names, but just the server's IP-addresses that hold those who'd like to send out those mails via 10.20.30.7 ? I would basically like them to use any (valid domain's) from-field they want, and postfix would have to allow it because the source is one of our own servers. How do I configure that? The postfix config mentions 'relay domains', an IP address is not a domain. Below is my config, it does not want to relay mail from those local servers and I'm not sure why. Do I really have to note down all from-field domains as allowed or what is the best way to accomplish this? I have commented out a lot in this config, because I'm working on getting it as perfect as possible for our purpose. Thanks in advance for any and all feedback on this config, feel free to add improvements: [root@somemailer~]# cat /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP $mail_name #relay_domains = $mydestination, somemailer.net #relay_recipient_maps = #relayhost = #transport_maps = hash:/etc/postfix/transport debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id sleep 5 alias_maps = hash:/etc/aliases sendmail_path = /usr/sbin/sendmail.postfix #newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man readme_directory = /usr/share/doc/postfix-2.8.14/README_FILES inet_protocols = ipv4 # :-/ inet_protocols = all inet_interfaces = 10.20.30.7, 127.0.0.1 smtp_bind_address = mynetworks = 127.0.0.0/8 [::1]/128 192.168.2.0/24, 10.20.30.0/24 smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128 192.168.2.0/24 10.20.30.0/24 smtp_send_xforward_command = yes mydomain = somemailer.net myhostname = bulk.somemailer.net myorigin = $myhostname mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mailer.$mydomain recipient_delimiter = + # tempfailed adapted to 3 minutes: queue_run_delay = 180s minimal_backoff_time = 180s maximal_backoff_time = 3601s disable_vrfy_command = yes biff = no default_process_limit = 1000 trigger_timeout = 1 # ? in_flow_delay = 1s smtpd_delay_reject = yes smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/sender_access, permit smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining, permit smtpd_client_restrictions = permit_mynetworks smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated smtpd_recipient_restrictions = reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_client_access hash:/etc/postfix/whitelist, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client hosts.rbl.zonnet.net, reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client bl.shlink.de, reject_rbl_client bl.blocklist.de, reject_rbl_client spamguard.leadmon.net, reject_rbl_client mail-abuse.blacklist.jippg.org, permit default_destination_concurrency_limit = 0 smtp_destination_concurrency_limit = 0 slow_destination_concurrency_failed_cohort_limit = 100 smtp_destination_rate_delay = 1s slow_destination_rate_delay = 1 smtp_extra_recipient_limit = 10 smtp_connect_timeout = 30 smtp_extra_recipient_limit = 10 smtpd_timeout = 3600s smtpd_proxy_timeout = 3600s smtpd_error_sleep_time = 2s smtpd_soft_error_limit = 8 smtpd_hard_error_limit = 18 smtpd_recipient_limit = 120 smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes smtpd_reject_footer = For assistance, contact us at hostmas...@somemailer.nl, and please provide the following information in your problem report: time ($localtime), client ($client_address) and server ($server_name). smtpd_client_message_rate_limit = 48 smtpd_client_recipient_rate_limit = 30 queue_minfree = 12288 qmgr_message_active_limit = 12000 qmgr_message_recipient_limit = 12000 qmgr_site_hog_factor = 100 bounce_size_limit = 15 mailman_destination_recipient_limit = 1 mailbox_size_limit = 0
Re: Local network MX for newsletters and high volume mailing questions
On Sun, Apr 13, 2014 at 03:26:43PM +0200, Thijssen wrote: OK, nobody has anything to say on this? The post contained a lot of misunderstanding, and it is difficult to know where to begin, but I'll make at least an initial try. On Fri, Apr 11, 2014 at 1:13 AM, Thijssen jul...@gmail.com wrote: We decided to create a special MX for just the bulk mailings This is unclear. MX is about receiving mail, but it sounds like you are talking about sending bulk mail? within our IP-block, the datacentre network we maintain. Here's where my questions arise: The setup is as follows: - We have many servers within the same range, 10.20.30.x (I'll use IPv4 only for ease now), some of them have websites and/or are shared hosting servers that are using a SaaS home-made mailing-GUI for their newsletters and similar high volume recipient list mails. You are an ESP? Or is this all in-house? - Our primary MX that needs to send out the bulk for them all is 10.20.30.7 I guess you mean MTA, not MX. - Is there a way to NOT have to tell postfix to allow the sending domain names, but just the server's IP-addresses that hold those who'd like to send out those mails via 10.20.30.7 ? Where did you get the idea that Postfix is checking sender domain names? By default this is not so. I would basically like them to use any (valid domain's) from-field they want, and postfix would have to allow it because the source is one of our own servers. How do I configure that? Perhaps you want to look up postconf.5.html#mynetworks ... linked from the Basic readme: http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from The postfix config mentions 'relay domains', an IP address is not a domain. Right, and relay_domains is about receiving mail, not sending. Below is my config, it does not want to relay mail from those local servers and I'm not sure why. You did not show logs. Do I really have to note down all from-field domains as allowed Of course not. or what is the best way to accomplish this? I have commented out a lot in this config, because I'm working on getting it as perfect as possible for our purpose. Thanks in advance for any and all feedback on this config, feel free to add improvements: [root@somemailer~]# cat /etc/postfix/main.cf The list welcome message and DEBUG_README.html#mail both tell you *NOT* to do this. Send postconf -n, and include logs which show the problem you are having. General advice: hire a good ESP to handle your bulk mail sending needs. Three [mostly-]well-regarded ESPs I can recommend, in no particular order: Mailchimp, Sendgrid, Constant Contact. They know mail, and they have relationships with large receivers. If revenue depends on your bulk mail, their fees will be money well spent. (Perhaps they have reseller arrangements, if that is what's appropriate in your case.) Anyway, mynetworks (and the permit_mynetworks restriction) is the answer to the question as posed, so I'll stop here. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
Re: Local network MX for newsletters and high volume mailing questions
Thijssen: OK, nobody has anything to say on this? On Fri, Apr 11, 2014 at 1:13 AM, Thijssen jul...@gmail.com wrote: We decided to create a special MX for just the bulk mailings within our IP-block, the datacentre network we maintain. Here's where my questions arise: The setup is as follows: - We have many servers within the same range, 10.20.30.x (I'll use ... - Our primary MX that needs to send out the bulk for them all is 10.20.30.7 - Is there a way to NOT have to tell postfix to allow the sending domain names, but just the server's IP-addresses that hold those who'd like to send out those mails via 10.20.30.7 ? Postfix relay control is set up as follows: mynetworks = 10.20.30.0/24 127.0.0.0/8 smtpd_relay_restrictions = permit_mynetworks reject_unauth_destination Look Ma! No domain names! Some Postfix versions do the above in smtpd_recipient_restrictions instead of the newer smtpd_relay_restrictions. Wietse
Local network MX for newsletters and high volume mailing questions
Believe me, this is everything but spam-related. It's mostly .org and .edu/.gov kind of mailings (non-profit), but quite a lot of them at one time. I've seen postfix moments like this quite a lot recently: Incoming: 6991 Active: 2 Deferred: 7897 Bounced: 2319 Hold: 0 Corrupt: 0 I had to employ special output limits for delivery to the hotmail/live mail-addresses, since we suffered bounces due to hotmail/live servers not tolerating the rate at which my postfix was sending them mail. smtp_destination_concurrency_limit = 4 smtp_destination_rate_delay = 1s smtp_extra_recipient_limit = 10 seemed to solve that problem. Microsoft's servers stopped bouncing mail, accepted the rate at which it got mail from our server. But this created a new problem: Other normal local user's mail got delayed by ~30 minutes whenever postfix had to deal with sending out such newsletters. This is not something they're happy with. We decided to create a special MX for just the bulk mailings within our IP-block, the datacentre network we maintain. Here's where my questions arise: The setup is as follows: - We have many servers within the same range, 10.20.30.x (I'll use IPv4 only for ease now), some of them have websites and/or are shared hosting servers that are using a SaaS home-made mailing-GUI for their newsletters and similar high volume recipient list mails. - Our primary MX that needs to send out the bulk for them all is 10.20.30.7 - Is there a way to NOT have to tell postfix to allow the sending domain names, but just the server's IP-addresses that hold those who'd like to send out those mails via 10.20.30.7 ? I would basically like them to use any (valid domain's) from-field they want, and postfix would have to allow it because the source is one of our own servers. Below is my config, it does not want to relay mail from those local servers and I'm not sure why. Do I really have to note down all from-field domains as allowed or what is the best way to accomplish this? I have commented out a lot in this config, because I'm working on getting it as perfect as possible for our purpose. Thanks in advance for any and all feedback on this config, feel free to add improvements: [root@somemailer~]# cat /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP $mail_name #relay_domains = $mydestination, somemailer.net #relay_recipient_maps = #relayhost = #transport_maps = hash:/etc/postfix/transport debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id sleep 5 alias_maps = hash:/etc/aliases sendmail_path = /usr/sbin/sendmail.postfix #newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man readme_directory = /usr/share/doc/postfix-2.8.14/README_FILES inet_protocols = ipv4 # :-/ inet_protocols = all inet_interfaces = 10.20.30.7, 127.0.0.1 smtp_bind_address = mynetworks = 127.0.0.0/8 [::1]/128 192.168.2.0/24, 10.20.30.0/24 smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128 192.168.2.0/24 10.20.30.0/24 smtp_send_xforward_command = yes mydomain = somemailer.net myhostname = bulk.somemailer.net myorigin = $myhostname mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mailer.$mydomain recipient_delimiter = + # tempfailed adapted to 3 minutes: queue_run_delay = 180s minimal_backoff_time = 180s maximal_backoff_time = 3601s disable_vrfy_command = yes biff = no default_process_limit = 1000 trigger_timeout = 1 # ? in_flow_delay = 1s smtpd_delay_reject = yes smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/sender_access, permit smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining, permit smtpd_client_restrictions = permit_mynetworks smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated smtpd_recipient_restrictions = reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_client_access hash:/etc/postfix/whitelist, reject_unauth_pipelining, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_rbl_client bl.spamcop.net, reject_rbl_client hosts.rbl.zonnet.net, reject_rbl_client virbl.dnsbl.bit.nl, reject_rbl_client bl.shlink.de, reject_rbl_client bl.blocklist.de, reject_rbl_client spamguard.leadmon.net, reject_rbl_client mail-abuse.blacklist.jippg.org, permit default_destination_concurrency_limit = 0 smtp_connect_timeout = 30 smtp_destination_rate_delay = 1s smtp_extra_recipient_limit = 10 smtpd_timeout = 3600s smtpd_proxy_timeout = 3600s smtpd_error_sleep_time = 2s smtpd_soft_error_limit = 8 smtpd_hard_error_limit = 18 smtpd_recipient_limit = 120 smtpd_reject_unlisted_recipient = yes smtpd_reject_unlisted_sender = yes smtpd_reject_footer = For assistance, contact us at
