From: Jan Steinman (JanBytesmiths.com)
Date: Sat Jul 01 2006 - 20:39:38 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I know the drill, but before you start in with "show us the logs,"
consider that this problem is generating some 60MB of logs EACH DAY!

I have changed locations and servers, going from a 350MHz G4 to a
2.5GHz quad G5, from 128kB IDSL to 4MB ADSL. (Both are supposed to be
"commercial quality" connections, which in this case, simply means
more expensive.) "Should be a lot faster," I thought.

But sending from other machines on our network takes increasingly
long times after starting the server. It has been three days since a
restart, and it now takes about 20 seconds pause between hitting
"send" and having the message leave the queue.

There are over a hundred process entries like the following:
   postfix 2272 0.0 -0.0 27524 924 ?? S 4:33PM
0:00.03 smtpd -n smtp -t inet -u

Checking logs, I am getting 10-20 rejects PER MINUTE! All of them
appear to be legit rejects -- generally "User unknown in local
recipient table". Although I have had one or two people tell me their
legit email was bounced, we seem to be getting most (if not all) our
legit email. I suspect the bounces are a result of Inadvertent Denial
of Service from the heavy reject traffic.

I am using "virtual_maps = hash:/etc/postfix/virtual". I have not set
"relay_recipient_maps" nor "local_recipient_maps".

I suspect that spammers are hitting me particularly hard because my
network segment is known to be a residential high-speed subnet,
whereas I rarely got more than a few per minute on my old, slow IDSL
subnet -- they didn't bother.

I am not doing any particular postfix spam prevention -- but neither
was I before, on my IDSL connection.

I suspect that the volume of spam rejected is what is causing the
extremely slow legit relaying through my SMTP server from machines on
my subnet. I have also enabled a few discrete addresses for relaying
(via "mynetworks") for places where I frequent wireless networks.

So I'm thinking of doing one or more of the following:

1) aggressive firewalling to block it BEFORE postfix sees it: CONS: a
lot of work, may block legit email, the spammers keep moving

2) start a second postfix instance on a different port, and use it
exclusively for outbound email: CONS: does nothing to reduce the huge
load on my incoming service

3) switch IAPs: CONS: a pain in the neck, and they're all resellers,
anyway, so I'd probably still end up on the same residential ADSL subnet

4) Tweak main.cf somehow that I don't understand: CONS: if postfix
still has to look at it, it still slows it down, no?

5) Throttle the number of smtpd process instances: CONS: may increase
Inadvertent Denial of Service to legit SMTP traffic.

6) Your Idea Here! Feel free to steer me to a URL, FAQ, or book.

Thanks in advance for any advice offered!

:::: Jan Steinman, Communication Steward, EcoReality: http://
www.EcoReality.org ::::
:::: 160 Sharp Road, Salt Spring Island, BC V8K 2P6, Canada,
250.537.2024 ::::

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]