Re: destination_concurrency_limit after while moving from Postfix 3.1.15 to Postfix 3.5.6

2021-12-03 Thread Emmanuel Fusté 

Le 03/12/2021 à 14:48, Yves-Marie Le Pors Chauvel a écrit :

Hi folks,

I moved from Postfix 3.1.15 to 3.5.6... It was mandatory to upgrade it 
in order to remove any legacy version (OS and Postfix) !


Before that everything was perfect : respecting the limit of 
connections for a specific route per IP with connection reuse without 
TLS ! Since moving from 3.1.15 to 3.5.6, we are receiving a lot of 
‘too many connections’ deferred : 421 mwinf5c42 ME Trop de connexions, 
veuillez verifier votre configuration. Too many connections, slow 
down. OFR004_104 [104]


Here is my transport map :
#ORANGE orange.fr  orange: csp-audit.com 
 orange: franceadhesif.fr 
 orange: rgr-avocats.com 
 orange: fermedevilliers.fr 
 orange: abex-ec.fr  
orange: pyrcarto.fr  orange: agencecharles.fr 
 orange: emballagedigest.eu 
 orange: da-conseil.com 
 orange: somaris.com  
orange: auto3000sa.fr  orange: batee.fr 
 orange: dynamelec.fr  orange: 
a4architectes.com  orange: 
transports-fronton.fr  orange: 
fruitaliance.com  orange: exp-automoto.com 
 orange: aaformation.com 
 orange: aer-sa.fr  orange: 
atalentec.com  orange: bst.fr  
orange: cabinetec.fr  orange: cabinetsecom.com 
 orange: dhalluin-peny.fr 
 orange: gescomm-fr.com 
 orange: gsf-am.com  orange: 
kalyseo.fr  orange: mattholding.fr 
 orange: mktool.com  orange: 
quilico-archi.com  orange: tea-cefi.com 
 orange: tramobus.com  
orange: #WANADOO wanadoo.fr  wanadoo:

Here is part of my main.cf  :
smtp_tls_connection_reuse = yes smtp_connection_reuse_time_limit = 
100s smtp_connection_cache_time_limit = 1s
# Orange policy orange_initial_destination_concurrency =1 
orange_destination_concurrency_limit = 1 orange_destination_rate_delay 
= 0 orange_destination_recipient_limit = 10 # Wanadoo policy 
wanadoo_initial_destination_concurrency = 1 
wanadoo_destination_concurrency_limit = 1 
wanadoo_destination_rate_delay = 0 wanadoo_destination_recipient_limit 
= 10

Here is part of my master.cf  :

# 
== 
# service type private unpriv chroot wakeup maxproc command + args # 
(yes) (yes) (yes) (never) (100) # 
== 
orange unix - - y - 2 smtp wanadoo unix - - y - 1 smtp


/As you can notice maxproc = 2 for orange route, but as you know (I 
won’t learn you anything) Orange + Wanadoo is a 3 connection limit 
(recommended 2 for Orange and 1 for Wanadoo)./


I’ve asked the MBP and he confirmed that we have more than 3 
connexions at the exact same time... Does anyone know if Postfix 
changed the way it is managing connections (something like moving from 
connection limit to active connection limit ? that could be an 
explanation ==> active + idles > 3) ? For information, adding TLS or 
not, does not change this issue...


Does anyone have any advice to tune my conf in order to avoid such 
issues ? If you need more elements, feel free to ask !


Regards,


Hello,

Orange/Wanadoo setup is a mess for SMTP servers.
Take in mind that all their rate limiting is implemented at the IP/TCP 
level, not SMTP level.
Orange and Wanadoo are behind the same IPs so do not use two transport 
but only one or you will trigger the simultaneous max TCP session quota.
Use aggressive SMTP session reuse for SMTP  AND for SMTP TLS or you will 
trigger the max session per hour.


So relevant part of my config is:
main.cf : (no need to touch other default values)
slow_destination_concurrency_limit=1
smtp_tls_connection_reuse = yes

master.cf:(yes 30s is insane, but their setup too)
slow  unix  -   -   n   -   -   smtp
    -o { smtp_connection_cache_destinations = wanadoo.fr, orange.fr }
    -o smtp_connection_cache_time_limit=30

Fix your transport table :
Many entries are no longer hosted on "Orange" system.
All entries but  wanadoo.fr and orange.fr are on a different MX : 
smtppromx.orange.fr for which the rate limiting is less problematic.
So limiting your transport table with only an entry for wanadoo.fr and 
and entry for orange.fr poining to the "slow" transport should be 
sufficient.
Postfix will not exactly honor the max simultaneous connection

destination_concurrency_limit after while moving from Postfix 3.1.15 to Postfix 3.5.6

2021-12-03 Thread Yves-Marie Le Pors Chauvel 
Hi folks,

I moved from Postfix 3.1.15 to 3.5.6... It was mandatory to upgrade it in
order to remove any legacy version (OS and Postfix) !

Before that everything was perfect : respecting the limit of connections
for a specific route per IP with connection reuse without TLS ! Since
moving from 3.1.15 to 3.5.6, we are receiving a lot of ‘too many
connections’ deferred : 421 mwinf5c42 ME Trop de connexions, veuillez
verifier votre configuration. Too many connections, slow down. OFR004_104
[104]

Here is my transport map :

#ORANGE orange.fr orange:csp-audit.com orange:franceadhesif.fr
orange:rgr-avocats.com orange:fermedevilliers.fr orange:abex-ec.fr
orange:pyrcarto.fr orange:agencecharles.fr orange:emballagedigest.eu
orange:da-conseil.com orange:somaris.com orange:auto3000sa.fr
orange:batee.fr orange:dynamelec.fr orange:a4architectes.com
orange:transports-fronton.fr orange:fruitaliance.com
orange:exp-automoto.com orange:aaformation.com orange:aer-sa.fr
orange:atalentec.com orange:bst.fr orange:cabinetec.fr
orange:cabinetsecom.com orange:dhalluin-peny.fr orange:gescomm-fr.com
orange:gsf-am.com orange:kalyseo.fr orange:mattholding.fr
orange:mktool.com orange:quilico-archi.com orange:tea-cefi.com
orange:tramobus.com orange:
#WANADOOwanadoo.fr wanadoo:

Here is part of my main.cf :

smtp_tls_connection_reuse = yes
smtp_connection_reuse_time_limit = 100s
smtp_connection_cache_time_limit = 1s

# Orange policy
orange_initial_destination_concurrency =1
orange_destination_concurrency_limit = 1
orange_destination_rate_delay = 0
orange_destination_recipient_limit = 10

# Wanadoo policy
wanadoo_initial_destination_concurrency = 1
wanadoo_destination_concurrency_limit = 1
wanadoo_destination_rate_delay = 0
wanadoo_destination_recipient_limit = 10

Here is part of my master.cf :

# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
orange  unix  -   -   y   -   2   smtp
wanadoo  unix  -   -   y   -   1   smtp


*As you can notice maxproc = 2 for orange route, but as you know (I won’t
learn you anything) Orange + Wanadoo is a 3 connection limit (recommended 2
for Orange and 1 for Wanadoo).*

I’ve asked the MBP and he confirmed that we have more than 3 connexions at
the exact same time... Does anyone know if Postfix changed the way it is
managing connections (something like moving from connection limit to active
connection limit ? that could be an explanation ==> active + idles > 3) ?
For information, adding TLS or not, does not change this issue...

Does anyone have any advice to tune my conf in order to avoid such issues ?
If you need more elements, feel free to ask !

Regards,

-- 
Yves-Marie LE PORS-CHAUVEL
Email Product Manager
*T: +33 2 23 45 57 99* (3043)
23, rue du Bignon - 35 135 Chantepie
www.ccmbenchmark.com