On 01/02/2013 11:49, Simon Hobson wrote:
I've observed a bit of a problem using quotas to restrict message rate. We've got a customer who sends mailshots to many thousands of recipients, and I have them throttled to 600 messages/3600s (600 messages/hour) via message count policy keyed from SASL username.However, I'm seeing a problem where the policy sits at 600 "plus a bit" all the time and postfix just keeps rejecting recipients due to policy rejections. So far so good. However, after a few recipients, Postfix then responds with "too many errors after RCPT from ..." and closes the connection. The result is that any recipients it didn't reject due to policy don't get processed but have still been counted - so hardly anything at all gets through. I'm currently experimenting by increasing the smtpd_[soft|hard]_error_limit to large values (100 at the moment, smtpd_recipient_limit is set at 50) but this is far from ideal. This simply allows 1 recipient through every so often which of course also increases the load on the AV scanner which now gets to scan a mail for each recipient rather than one mail for a batch of recipients. In any case, the error limits are there for a good reason and setting them to high values isn't really acceptable. Of course, the clients server (Exchange) has a shed load of mails queued up, so even if it backs off on one mail, there's several more waiting in the queue - and by the time all of them may have been held, the first ones are ready to retry. Of course, if I manually turn the message count limit up and down I can let the mail through in bursts, but that's not very practical ! At the moment I've got a combination of too high a hard error limit, a low soft error limit, an increased soft error sleep time, and a quota limit that's several times higher than I'd like. That seems to allow a few recipients per message and so things are flowing. As each message hits the soft error limit, Postfix then starts delaying responses and that gives the quota tracking level time to drop a little. Any suggestions of a way round this ? As I see it, it's not possible to "uncount" the messages that were added to the quota tracking but which have now been rejected as Postfix hits the hard error limit. I think an (admin configured) hysteresis (ie high & low water marks) could work - but then that means a significant change to the way Policyd works. And I assume there's no way to have Postfix not count deferrals due to policy server against the error count ?
You're very right in your analysis, the delegation protocol doesn't really give us enough information to only count successful deliveries.
The mail counter is increased during the RCPT stage, so if 100 recipients are received, and the 99th one fails in such a way that Postfix terminates delivery the counter is already increased.
Deferring the counter update to the DATA stage may not be sufficient either, what happens if 100 connections are made for 100 recipients each, the counters are deferred to DATA and all are updated at the same time.
I'm not sure if one can get around this. What about changing the destination concurrency limit?
-N
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
