From: mouss (mlist.onlyfree.fr)
Date: Mon Dec 03 2007 - 05:38:09 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rocco Scappatura wrote:
>> Rocco Scappatura wrote:
>>> I read README.postfix and The book of Postfix. The number
>> is a limit
>>> on the number of content filter that runs simultaneously.
>> But I really
>>> don't understand why is set in the configuration of the appliance.
>>>
>>> Indeed I don't know why the trendmicro ha set this limit on the
>>> content filter. If I change it from 70 to '-' (ie: disabling the
>>> limit), could I risk that the appliance is too loaded (or go in
>>> chrisis or something else of catastrophic)?
>>>
>> don't disable the limit. content filtering is an expensive
>> process, and you don't want to overload your system with too
>> much simultaneous filtering.
>
> OK
>
>> you'll need to find the bottleneck by inspecting the message
>> flow and seeing where it slows down. That will tell you if
>> you are passing too many messages to the filter.
>
> It seems the connection responds quicky..
>
> From the log I have taken a sample of an incoming message:
>
> Dec 3 12:30:57 av6 postfix/smtpd[14283]: F01C4157574:
> client=mrqout1-sorbs.tiscali.it[195.130.225.22]
> Dec 3 12:30:58 av6 postfix/cleanup[13496]: F01C4157574:
> message-id=<24110141.1196681078240.JavaMail.rootps18>
> Dec 3 12:30:58 av6 postfix/qmgr[2731]: F01C4157574:
> from=<rocscatiscali.it>, size=1177, nrcpt=1 (queue active)
> Dec 3 12:30:58 av6 postfix/smtp[13157]: F01C4157574:
> to=<ciccionomesito.it>, relay=localhost[127.0.0.1], delay=1,
> status=sent (250 Ok: queued as 0EE6C157592)
> Dec 3 12:30:58 av6 postfix/qmgr[2731]: F01C4157574: removed
> Dec 3 12:30:58 av6 postfix/smtpd[13343]: 0EE6C157592:
> client=localhost.localdomain[127.0.0.1]
> Dec 3 12:30:58 av6 postfix/cleanup[11249]: 0EE6C157592:
> message-id=<24110141.1196681078240.JavaMail.rootps18>
> Dec 3 12:30:58 av6 postfix/qmgr[2731]: 0EE6C157592:
> from=<rocscatiscali.it>, size=1479, nrcpt=1 (queue active)
> Dec 3 12:30:58 av6 postfix/smtp[13157]: F01C4157574:
> to=<ciccionomesito.it>, relay=localhost[127.0.0.1], delay=1,
> status=sent (250 Ok: queued as 0EE6C157592)
> Dec 3 12:30:58 av6 postfix/smtp[13344]: 0EE6C157592:
> to=<ciccionomesito.it>, relay=10.166.231.245[10.166.231.245], delay=0,
> status=sent (250 Ok: queued as DC69F448C)
> Dec 3 12:30:58 av6 postfix/qmgr[2731]: 0EE6C157592: removed
>
> So reception+delivery appears to be quite quickly. for incoming message.
>
> But for outgoing message I have:
>
> Dec 3 11:33:17 av6 postfix/smtpd[18812]: NOQUEUE: reject: RCPT from
> unknown[10.2.2.3]: 554 <michele.rabbidomain.tld>: Relay access denied;
> from=<michele.rabbidomain.tld> to=<michele.rabbiotherdomain.tld>
> proto=SMTP helo=<host>
>
> Could the modication on postfix config files have impacted on outgoing
> mail? (Please note that mynetworks = 127.0.0.1,10.0.0.0/8, ...)
>

the answer is in smtpd_mumble_restrictions. it seems permit_nyetworks
isn't listed where it should.

> #IMSA: content filter smtp transport imss for
> imss unix - - n - 70 smtp
> -o smtp_use_tls=no
> -o disable_dns_lookups=yes
> -o smtp_connect_timeout=$imss_connect_timeout
> -o smtp_data_done_timeout=$imss_timeout
>
> #IMSA: content filter loop back smtpd
> localhost:10026 inet n - n - 70 smtpd
> -o smtpd_use_tls=no
> -o content_filter=
> -o smtpd_timeout=$imss_timeout
> -o local_recipient_maps=

why did you put this back?

> -o myhostname=IMSA
> -o smtpd_client_restrictions=
> -o smtpd_sender_restrictions=
>

note that you are then using the default smtpd_recipient_restrictions
even in port 10026. you'd better add
        -o mynetworks=127.0.0.1
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
see Viktor mail.

>
>>> Or should I conclude that the appliance is unable to manage
>> a traffic
>>> such that currently I have?
>> not necessarily. while there is a limit that depends on the
>> system capacity, you need to tune your system to reach
>> (approach) this limit.
>
> OK,
>
> thanks,
>
> rocsca
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]