[postfix-users] Question about smtp_client_connection_count_limit

Mi Dez 2 12:42:22 CET 2009

Zitat von Georg Käfer <gkaefer at backbone.co.at>:

> -----Ursprüngliche Nachricht-----
> Von: postfix-users-bounces+gkaefer=backbone.co.at at de.postfix.org  
> [mailto:postfix-users-bounces+gkaefer=backbone.co.at at de.postfix.org]  
> Im Auftrag von Ralf Hildebrandt
> Gesendet: Mittwoch, 02. Dezember 2009 12:04
> An: postfix-users at de.postfix.org
> Betreff: Re: [postfix-users] Question about  
> smtp_client_connection_count_limit
>
> * Georg Käfer <gkaefer at backbone.co.at>:
>> Sympthom:
>> my postfix/dovecot server stops connection requests on port 25 if the
>> mail reject limit exceeds around 400 per minute. Port 25 is available
>> but no 220 promt is coming. So I assume not enough smtp or amavis
>> deamons on port 10024 10025 are available.
>
> Postfix logs that fact.
> What's in the logs?
>
> --
> Ralf Hildebrandt
>   Geschäftsbereich IT | Abteilung Netzwerk
>   Charité - Universitätsmedizin Berlin
>   Campus Benjamin Franklin
>   Hindenburgdamm 30 | D-12203 Berlin
>   Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
>   ralf.hildebrandt at charite.de | http://www.charite.de
>
> _______________________________________________
> postfix-users mailing list
> postfix-users at de.postfix.org
> http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users
>
>
> Mein log der betreffenden zeit heute:
>
> Dec  2 09:28:00 mail2 postfix/anvil[31780]: statistics: max  
> connection rate 18/60s for (smtp:82.32.162.192) at Dec  2 09:22:20
> Dec  2 09:28:00 mail2 postfix/anvil[31780]: statistics: max  
> connection count 4 for (smtp:213.55.71.242) at Dec  2 09:23:20
> Dec  2 09:28:00 mail2 postfix/anvil[31780]: statistics: max message  
> rate 18/60s for (smtp:82.32.162.192) at Dec  2 09:22:22
> Dec  2 09:28:00 mail2 postfix/anvil[31780]: statistics: max  
> recipient rate 152/60s for (smtp:82.32.162.192) at Dec  2 09:21:18
> Dec  2 09:28:00 mail2 postfix/anvil[31780]: statistics: max cache  
> size 103 at Dec  2 09:27:56
> Dec  2 09:38:00 mail2 postfix/anvil[31780]: statistics: max  
> connection rate 18/60s for (smtp:unknown) at Dec  2 09:33:39
> Dec  2 09:38:00 mail2 postfix/anvil[31780]: statistics: max  
> connection count 4 for (smtp:115.73.106.196) at Dec  2 09:28:19
> Dec  2 09:38:00 mail2 postfix/anvil[31780]: statistics: max message  
> rate 8/60s for (smtp:77.74.14.176) at Dec  2 09:28:41
> Dec  2 09:38:00 mail2 postfix/anvil[31780]: statistics: max  
> recipient rate 38/60s for (smtp:123.50.56.24) at Dec  2 09:29:59
> Dec  2 09:38:00 mail2 postfix/anvil[31780]: statistics: max cache  
> size 102 at Dec  2 09:28:14
> Dec  2 09:48:00 mail2 postfix/anvil[31780]: statistics: max  
> connection rate 18/60s for (smtp:unknown) at Dec  2 09:45:05
> Dec  2 09:48:00 mail2 postfix/anvil[31780]: statistics: max  
> connection count 2 for (smtp:62.227.200.84) at Dec  2 09:39:11
> Dec  2 09:48:00 mail2 postfix/anvil[31780]: statistics: max message  
> rate 8/60s for (smtp:94.41.154.84) at Dec  2 09:41:35
> Dec  2 09:48:00 mail2 postfix/anvil[31780]: statistics: max  
> recipient rate 37/60s for (smtp:41.112.213.24) at Dec  2 09:41:20
> Dec  2 09:48:00 mail2 postfix/anvil[31780]: statistics: max cache  
> size 118 at Dec  2 09:43:22
> Dec  2 09:58:00 mail2 postfix/anvil[31780]: statistics: max  
> connection rate 18/60s for (smtp:unknown) at Dec  2 09:54:55
> Dec  2 09:58:00 mail2 postfix/anvil[31780]: statistics: max  
> connection count 2 for (smtp:117.195.99.27) at Dec  2 09:48:01
> Dec  2 09:58:00 mail2 postfix/anvil[31780]: statistics: max message  
> rate 6/60s for (smtp:117.241.193.40) at Dec  2 09:48:56
> Dec  2 09:58:00 mail2 postfix/anvil[31780]: statistics: max  
> recipient rate 30/60s for (smtp:84.127.188.202) at Dec  2 09:57:07
> Dec  2 09:58:00 mail2 postfix/anvil[31780]: statistics: max cache  
> size 110 at Dec  2 09:51:24
> Dec  2 10:10:38 mail2 postfix/anvil[31784]: statistics: max  
> connection rate 16/60s for (smtp:87.238.209.101) at Dec  2 10:06:41
> Dec  2 10:10:38 mail2 postfix/anvil[31784]: statistics: max  
> connection count 4 for (smtp:59.95.129.85) at Dec  2 10:02:59
> Dec  2 10:10:38 mail2 postfix/anvil[31784]: statistics: max message  
> rate 16/60s for (smtp:87.238.209.101) at Dec  2 10:06:39
> Dec  2 10:10:38 mail2 postfix/anvil[31784]: statistics: max  
> recipient rate 76/60s for (smtp:119.155.71.225) at Dec  2 10:06:24
> Dec  2 10:10:38 mail2 postfix/anvil[31784]: statistics: max cache  
> size 94 at Dec  2 10:02:22
> Dec  2 10:20:38 mail2 postfix/anvil[31784]: statistics: max  
> connection rate 5/60s for (smtp:222.219.138.81) at Dec  2 10:19:19
> Dec  2 10:20:38 mail2 postfix/anvil[31784]: statistics: max  
> connection count 3 for (smtp:84.17.11.114) at Dec  2 10:20:13
> Dec  2 10:20:38 mail2 postfix/anvil[31784]: statistics: max message  
> rate 5/60s for (smtp:117.196.133.238) at Dec  2 10:11:55
> Dec  2 10:20:38 mail2 postfix/anvil[31784]: statistics: max  
> recipient rate 8/60s for (smtp:117.200.74.231) at Dec  2 10:13:42
> Dec  2 10:20:38 mail2 postfix/anvil[31784]: statistics: max cache  
> size 52 at Dec  2 10:19:38
> Dec  2 10:30:38 mail2 postfix/anvil[31784]: statistics: max  
> connection rate 5/60s for (smtp:222.219.138.81) at Dec  2 10:21:35
> Dec  2 10:30:38 mail2 postfix/anvil[31784]: statistics: max  
> connection count 1 for (smtp:212.156.174.232) at Dec  2 10:20:39
> Dec  2 10:30:38 mail2 postfix/anvil[31784]: statistics: max message  
> rate 5/60s for (smtp:222.219.138.81) at Dec  2 10:21:37
> Dec  2 10:30:38 mail2 postfix/anvil[31784]: statistics: max  
> recipient rate 12/60s for (smtp:59.93.55.211) at Dec  2 10:22:32
> Dec  2 10:30:38 mail2 postfix/anvil[31784]: statistics: max cache  
> size 44 at Dec  2 10:27:28
> Dec  2 10:40:38 mail2 postfix/anvil[31784]: statistics: max  
> connection rate 8/60s for (smtp:119.152.95.184) at Dec  2 10:34:33
> Dec  2 10:40:38 mail2 postfix/anvil[31784]: statistics: max  
> connection count 2 for (smtp:119.152.95.184) at Dec  2 10:33:49
> Dec  2 10:40:38 mail2 postfix/anvil[31784]: statistics: max message  
> rate 8/60s for (smtp:119.152.95.184) at Dec  2 10:34:35
> Dec  2 10:40:38 mail2 postfix/anvil[31784]: statistics: max  
> recipient rate 64/60s for (smtp:119.152.95.184) at Dec  2 10:34:35
> Dec  2 10:40:38 mail2 postfix/anvil[31784]: statistics: max cache  
> size 51 at Dec  2 10:39:07
> Dec  2 10:50:38 mail2 postfix/anvil[31784]: statistics: max  
> connection rate 4/60s for (smtp:80.249.81.70) at Dec  2 10:41:15
> Dec  2 10:50:38 mail2 postfix/anvil[31784]: statistics: max  
> connection count 3 for (smtp:117.102.44.141) at Dec  2 10:47:29
> Dec  2 10:50:38 mail2 postfix/anvil[31784]: statistics: max message  
> rate 4/60s for (smtp:80.249.81.70) at Dec  2 10:41:17
> Dec  2 10:50:38 mail2 postfix/anvil[31784]: statistics: max  
> recipient rate 19/60s for (smtp:117.102.44.141) at Dec  2 10:47:35
> Dec  2 10:50:38 mail2 postfix/anvil[31784]: statistics: max cache  
> size 64 at Dec  2 10:50:08
>
>
> So nochmal in die main.cf bez ratelimits geschaut:
>
> anvil_status_update_time = 600s
> anvil_rate_time_unit = 60s
> smtpd_client_connection_rate_limit = 50
> smtpd_client_connection_count_limit = 10
> smtpd_client_message_rate_limit = 50
> smtpd_client_recipient_rate_limit = 10
> smtpd_client_event_limit_exceptions = $mynetworks, "IP of my mailfirewall"
> default_process_limit = 500
>
>
> wenn ich also 20 smtps konfiguriere und im log dann "max connection  
> rate 18/60s" lese, dann scheint es mir naheliegend, dass das 20er  
> limit in Summe überschritten wird.
> d.h. wenn ich mit "-o smtp_client_connection_count_limit=10" das  
> limit auf 10 setze und mehr als 20smtp konfiguriere, dann erhöhe ich  
> die Wahrscheinlichkeit, dass für nutzmails mehr Ressourcen verbleiben.
> Und mit smtpd_client_event_limit_exceptions = $mynetworks, "IP of my  
> mailfirewall" kann ich davon ausnahmen machen?

Nope. 18/60s heißt 18 Verbindungen in 60 Sekunden und bezieht sich auf  
rate limits. Der Wert unter "max connection count" ist der gesuchte,  
der geht allerdings wohl nicht über 4.

Wie bereits vorher erklärt läßt sich das Problem (alle Verbindungen  
belegt + Before-Queue-Filter) nicht so einfach lösen.

Gruß

Andreas
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : smime.p7s
Dateityp    : application/pkcs7-signature
Dateigröße  : 6397 bytes
Beschreibung: S/MIME krytographische Unterschrift
URL         : <http://de.postfix.org/pipermail/postfix-users/attachments/20091202/463ce9f9/attachment.bin>