David C. Rankin wrote:
Listmates (Sandy),
I have built a fresh 10.3 server, but smtp performance seems slow. Are there any tips or tricks to improve the mail sending performance. Here
There are two sides to performant smtp delivery: - make sure to configure the server to utilize available hardware and bandwidth as best as possible + avoid network saturation, that will hinder answer packages to get through, if necessary, use traffic shaping + avoid smtp process exhaustion for internal and incoming transports - make sure to accomodate the expectations of the receiving servers as best as possible + squeaky clean dns records: matching forward and reverse dns + helo matches existing dns records + spf entry if you send a lot to microsoft accounts + domainkeys/dkim + register as postmaster to high-level destinations, most big providers have such a procedure to whitelist your server and for you to receive trouble tickets etc. + monitor bounces/rejects carefully, some destinations blacklist you temporarily if you cause too many rejections. Your database of addresses will be outdated faster than you can watch. + don't saturate the receiving servers, set appropriate limits for simultaneous parallel delivery. Configure a slow transport that only uses a few smtp processes for small sites. Most of the usual suggestions are the reversal of antispam settings. Using your own dns server or at least caching slave server has also been suggested. For high level mailservers a local dns server could speed up dns resolution a lot. The rest is your task to figure out for your local circomstances. Do you send newsletters (many mails occuring during a short time) or do you need to send continuously at a high level? Lots of big mails, varying sizes or only lots of small mail? Look at your log to find out if your server doesn't send as fast as possible of if the receiving servers delay delivery.
are the current settings:
root@bonza:/home/david # postconf -n alias_maps = hash:/etc/aliases biff = no canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = /usr/bin/procmail -a "$EXTENSION" mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 10240000 mydestination = $myhostname, localhost.$mydomain, $mydomain, guillorylaw.com, rankinlawfirm.com, drrankin.com, txuovercharges.com, bertinlawoffice.com, darrenbertin.com, tannergarth.com myhostname = bonza.rbpllc.com
The problem starts here: dig bonza.rbpllc.com ; <<>> DiG 9.4.1-P1 <<>> bonza.rbpllc.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42966 ^^^^^^^^ postconf -d smtp_helo_name smtp_helo_name = $myhostname So you are using an invalid helo name.
mynetworks_style = subnet
Better set this manually. If the Server has an official ip address you will invite your neighbor servers to use you as relay. If you don't have correct dns records, receiving servers may reject you, place additional restrictions like greylisting or in best case waste time on additional dns queries for blacklists, helo etc.
myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = no smtp_use_tls = no smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Rankin Law Firm, PLLC) smtpd_client_restrictions = check_client_access cidr:/etc/postfix/client_check.cidr, reject_rbl_client relays.ordb.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client list.dsbl.org
Several problems: You don't exclude authenticated clients or clients in mynetworks. You are using a dead RBL (relays.ordb.org has gone the way of the dinosaurs).
smtpd_hard_error_limit = 3 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_recipient_access pcre:/etc/postfix/recipient_check.pcre smtpd_sasl_auth_enable = no smtpd_sender_restrictions = hash:/etc/postfix/access
Do you use /etc/postfix/access? If not, drop it from your config. In this case it would be a check_sender_access because it is placed in sender_restrictions. Pet peeve #1: don't use short cuts, always use the complete form. If you decide one day to move the check to smtpd_recipient_restrictions, it would suddenly become a check_recipient_access instead of a check_sender_access. Better to set up all checks in one class and disable the rest, it's much more transparent that way. smtpd_client_restrictions = smtpd_sender_restrictions = smtpd_sender_restrictions = smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unlisted_recipient # check_client_access hash:/etc/postfix/client_whitelist cidr:/etc/postfix/client_check.cidr check_recipient_access pcre:/etc/postfix/recipient_check.pcre reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, # consider using zen.spamhaus.org! reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client list.dsbl.org Pet peeve #2: cidr:/etc/postfix/client_check.cidr check_recipient_access pcre:/etc/postfix/recipient_check.pcre Can you tell me what kind of checks are in these files? Will you be able to tell me in half a year as well? Let's say, you only use it for blacklisting now, but some day you decide to whitelist someone and say "OK", and suddenly you enable him to use your server as relay, because you might have put the check before reject_unauth_destination. As long as you were only using it to reject clients it wouldn't matter, but whitelist a client and suddenly he can use you as relay. Whitelist a client before you check for valid recipients, and you risk to turn into a backscatter source. Consider using telling names for the checks: cidr:/etc/postfix/client_blacklist.cidr pcre:/etc/postfix/recipient_greylisting_enabled.pcre pcre:/etc/postfix/recipient_internal_only.pcre If necessary split the checks and create separate files for separate purposes (blacklisting/rejecting, whitelisting, filtering etc.), then you can easily place them at the correct place in the order of checks. The policy of your mail system is much more maintainable that way.
smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_client_reject_code = 550 unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual
Which of these would affect or help smtp response time? Any tips would be appreciated.
After you have fixed your dns settings, -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org