Hi, my postfix-Mailserver on a SuSE9.1 system ist flooded by backscatter mails which are undeliverable (random addresses). At the moment it is nearly impossible to sent a mail to this system. Yesterday it handled (rejected) about 12.000 of such mails. This seems to be too slow. So i changed my configuration setting: smtpd_error_sleep_time = 0, stopped all RBL usage and increased the number of smtp processes from 2 to 80. Now my system seems to handle about 40.000/day but this is not enough, there is still only a small chance to send a normal mail. Is there any chance to optimize postfix so that it can handle much more mails/connections each day? Or any other idea to solve such backscatter problems? Best Uwe
my postfix-Mailserver on a SuSE9.1 system ist flooded by backscatter mails which are undeliverable (random addresses).
At the moment it is nearly impossible to sent a mail to this system. Yesterday it handled (rejected) about 12.000 of such mails.
This seems to be too slow.
So i changed my configuration setting: smtpd_error_sleep_time = 0, stopped all RBL usage and increased the number of smtp processes from 2 to 80.
Now my system seems to handle about 40.000/day but this is not enough, there is still only a small chance to send a normal mail.
Is there any chance to optimize postfix so that it can handle much more mails/connections each day? Or any other idea to solve such backscatter problems?
Best Uwe
You want to reduce the time Postfix holds mail and tries to deliver it. The default is 5 days which means X messages stuck in the queue will be bouncing around for 5 days,with Postfix attempting delivery every 1000 seconds (16 minutes or so), causing a ton of attempted deliveries. In you main.cf you want to set: maximal_queue_lifetime = 5d to something shorter, like maybe 1 day, or a few hours only. You might also want to increase the queue_run_delay queue_run_delay = 1000s Which will reduce the number of attempts to deliver it. This is all covered in sample-rate.cf. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
Am Mi, den 22.09.2004 schrieb Kurt Seifried um 12:36:
You want to reduce the time Postfix holds mail and tries to deliver it.
no,
the mails come from other servers. My system is only rececting them:
Recipient address rejected: User unknown in local recipient table;
from=<> to=
On Wednesday 22 September 2004 12:53, Uwe Debacher wrote:
Recipient address rejected: User unknown in local recipient table; from=<> to=
It looks like someone spoofed your domainname in a spam run and you're receiving the bounces from the systems where the messages where delivered. Being the victim of domain spoofing before, I have good news and bad news. The bad news is, you probably won't be able to stop the flow. You too now have first hand experience why it is extremely bad to bounce or report spam (and virusses alike) messages back to the apparent sender (MAIL FROM). Conservatively speaking, there will be many thousands of systems who are queuing bounces or warnings for you and unless these messages are either delivered or rejected, they probably will keep on trying to deliver them for a couple of days. The good news is that probably in about a week time the majority of bounces will either have been delivered, rejected or dropped out of the outgoing queues, so if you have some patience, the problem will be solved by then (unless someone seriously hates you and keeps on spoofing your domain). Good luck! Arjen
Am Mi, den 22.09.2004 schrieb Kurt Seifried um 12:36:
You want to reduce the time Postfix holds mail and tries to deliver it.
no, the mails come from other servers. My system is only rececting them:
Recipient address rejected: User unknown in local recipient table; from=<> to=
because there are no local users addressed. All this ist ok. But there may be 100.000 or more of these mails on other systems waiting to be send. And my postfix is only able to handle about 40.000/day.
Misunderstood your problem. WHat you want in this case is: local_recipient_maps = unix:passwd.byname $alias_maps $virtual_maps unknown_local_recipient_reject_code = 450 Thus email for bogus_user@seifried.org simply gets rejected. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/
Uwe Debacher wrote:
At the moment it is nearly impossible to sent a mail to this system. Yesterday it handled (rejected) about 12.000 of such mails.
Sounds much but it isn't really (see below)
This seems to be too slow.
Looks like, yeah.
So i changed my configuration setting: smtpd_error_sleep_time = 0, stopped all RBL usage and increased the number of smtp processes from 2 to 80.
Now my system seems to handle about 40.000/day but this is not enough, there is still only a small chance to send a normal mail.
Is there any chance to optimize postfix so that it can handle much more mails/connections each day?
What Hardware and Setup do you use? Virtual Users? Database Backends? Spamassassin/amavis? Today (which is 12 hours now) we got over 32000 Mailconnects and a tons of rejects, too. While a wave of spam last month we had around 160.000 rejected mails per day without any Problem. So there may be a bottleneck somewhere else. Possible Problems: Database lookups, to much RBL Lists, PCRE/REGEXP header, body or mimechecks etc. or maybe bad hardware. If possible a post of postconf -n would be nice, too. Regards, Sven
Am Mi, den 22.09.2004 schrieb Sven 'Darkman' Michels um 12:50:
What Hardware and Setup do you use? Virtual Users? Database it is a standard SuSE9.1 system only with real (Linux) users.
the hardware memory/processor should be good enough. PC Hardware (500MByte/5000bogomips) and the WAN connectivity is about 5MBit.
Backends? Spamassassin/amavis? Today (which is 12 hours now) i am using amavis/antivir but because there is no mail-body there is no activity of amavis
we got over 32000 Mailconnects and a tons of rejects, too. While a wave of spam last month we had around 160.000 rejected mails per day without any Problem. So there may be a bottleneck this is what i am searching for
somewhere else. Possible Problems: Database lookups, to much RBL Lists, PCRE/REGEXP header, body or mimechecks etc. or one of my first actions was to stop the usage of RBL lists
maybe bad hardware. If possible a post of postconf -n would i attached the output, but i cut the domain/host information
Best Uwe
Hi, Uwe Debacher wrote:
it is a standard SuSE9.1 system only with real (Linux) users.
okay then.
the hardware memory/processor should be good enough. PC Hardware (500MByte/5000bogomips) and the WAN connectivity is about 5MBit.
So around 2,4GHZ CPU, should do well, maybe it's the WAN (using 100MBit here).
Backends? Spamassassin/amavis? Today (which is 12 hours now)
i am using amavis/antivir but because there is no mail-body there is no activity of amavis
okay.
we got over 32000 Mailconnects and a tons of rejects, too. While a wave of spam last month we had around 160.000 rejected mails per day without any Problem. So there may be a bottleneck
this is what i am searching for
I'm pretty sure you can do more if you tweak some things etc..
somewhere else. Possible Problems: Database lookups, to much RBL Lists, PCRE/REGEXP header, body or mimechecks etc. or
one of my first actions was to stop the usage of RBL lists
Well, you need to change the setup a bit, check how many lists you're using, how fast they respond and proably install a local DNS cache to cache the answers of domain lookups etc. (makes it a bit faster)
maybe bad hardware. If possible a post of postconf -n would
i attached the output, but i cut the domain/host information
That should be okay then ;)
strict_rfc821_envelopes = no
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ why? do you use broken software somewhere? if not, change to yes ;)
transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450
huh? thats bad, change / delete it from your main.cf normaly its 550, your setting will tell all mx'es who try to deliver mail to your domains that unknown users are 'temporary', thus they'll try to deliver the mail all x mins instead of dropping the mail. Regards, Sven
Uwe Debacher wrote:
Am Mi, den 22.09.2004 schrieb Sven 'Darkman' Michels um 12:50:
What Hardware and Setup do you use? Virtual Users? Database
it is a standard SuSE9.1 system only with real (Linux) users.
the hardware memory/processor should be good enough. PC Hardware (500MByte/5000bogomips) and the WAN connectivity is about 5MBit.
Backends? Spamassassin/amavis? Today (which is 12 hours now)
i am using amavis/antivir but because there is no mail-body there is no activity of amavis
we got over 32000 Mailconnects and a tons of rejects, too. While a wave of spam last month we had around 160.000 rejected mails per day without any Problem. So there may be a bottleneck
this is what i am searching for
You did read http://www.postfix.org/BACKSCATTER_README.html did you ? It can be easily found by googling for "postfix backscatter" -- C U - -- ---- ----- -----/\/ René Gallati \/\---- ----- --- -- -
participants (5)
-
Arjen de Korte
-
Kurt Seifried
-
Rene Gallati
-
Sven 'Darkman' Michels
-
Uwe Debacher