OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
RE: Recipient validation

From: Rocco Scappatura (Rocco.Scappaturasttspa.it)
Date: Mon Dec 03 2007 - 05:27:50 CST

> Rocco Scappatura wrote:
> >
> > I read README.postfix and The book of Postfix. The number
> is a limit
> > on the number of content filter that runs simultaneously.
> But I really
> > don't understand why is set in the configuration of the appliance.
> >
> > Indeed I don't know why the trendmicro ha set this limit on the
> > content filter. If I change it from 70 to '-' (ie: disabling the
> > limit), could I risk that the appliance is too loaded (or go in
> > chrisis or something else of catastrophic)?
> >
>
> don't disable the limit. content filtering is an expensive
> process, and you don't want to overload your system with too
> much simultaneous filtering.

OK

> you'll need to find the bottleneck by inspecting the message
> flow and seeing where it slows down. That will tell you if
> you are passing too many messages to the filter.

It seems the connection responds quicky..

From the log I have taken a sample of an incoming message:

Dec 3 12:30:57 av6 postfix/smtpd[14283]: F01C4157574:
client=mrqout1-sorbs.tiscali.it[195.130.225.22]
Dec 3 12:30:58 av6 postfix/cleanup[13496]: F01C4157574:
message-id=<24110141.1196681078240.JavaMail.rootps18>
Dec 3 12:30:58 av6 postfix/qmgr[2731]: F01C4157574:
from=<rocscatiscali.it>, size=1177, nrcpt=1 (queue active)
Dec 3 12:30:58 av6 postfix/smtp[13157]: F01C4157574:
to=<ciccionomesito.it>, relay=localhost[127.0.0.1], delay=1,
status=sent (250 Ok: queued as 0EE6C157592)
Dec 3 12:30:58 av6 postfix/qmgr[2731]: F01C4157574: removed
Dec 3 12:30:58 av6 postfix/smtpd[13343]: 0EE6C157592:
client=localhost.localdomain[127.0.0.1]
Dec 3 12:30:58 av6 postfix/cleanup[11249]: 0EE6C157592:
message-id=<24110141.1196681078240.JavaMail.rootps18>
Dec 3 12:30:58 av6 postfix/qmgr[2731]: 0EE6C157592:
from=<rocscatiscali.it>, size=1479, nrcpt=1 (queue active)
Dec 3 12:30:58 av6 postfix/smtp[13157]: F01C4157574:
to=<ciccionomesito.it>, relay=localhost[127.0.0.1], delay=1,
status=sent (250 Ok: queued as 0EE6C157592)
Dec 3 12:30:58 av6 postfix/smtp[13344]: 0EE6C157592:
to=<ciccionomesito.it>, relay=10.166.231.245[10.166.231.245], delay=0,
status=sent (250 Ok: queued as DC69F448C)
Dec 3 12:30:58 av6 postfix/qmgr[2731]: 0EE6C157592: removed

So reception+delivery appears to be quite quickly. for incoming message.

But for outgoing message I have:

Dec 3 11:33:17 av6 postfix/smtpd[18812]: NOQUEUE: reject: RCPT from
unknown[10.2.2.3]: 554 <michele.rabbidomain.tld>: Relay access denied;
from=<michele.rabbidomain.tld> to=<michele.rabbiotherdomain.tld>
proto=SMTP helo=<host>

Could the modication on postfix config files have impacted on outgoing
mail? (Please note that mynetworks = 127.0.0.1,10.0.0.0/8, ...)

#IMSA: content filter smtp transport imss for
imss unix - - n - 70 smtp
        -o smtp_use_tls=no
        -o disable_dns_lookups=yes
        -o smtp_connect_timeout=$imss_connect_timeout
        -o smtp_data_done_timeout=$imss_timeout

#IMSA: content filter loop back smtpd
localhost:10026 inet n - n - 70 smtpd
        -o smtpd_use_tls=no
        -o content_filter=
        -o smtpd_timeout=$imss_timeout
        -o local_recipient_maps=
        -o myhostname=IMSA
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=

> > Or should I conclude that the appliance is unable to manage
> a traffic
> > such that currently I have?
>
> not necessarily. while there is a limit that depends on the
> system capacity, you need to tune your system to reach
> (approach) this limit.

OK,

thanks,

rocsca