Sandy Drobic wrote:
David C. Rankin wrote:
Listmates (Sandy),
I have built a fresh 10.3 server, but smtp performance seems slow. Are there any tips or tricks to improve the mail sending performance. Here
The problem starts here: dig bonza.rbpllc.com
; <<>> DiG 9.4.1-P1 <<>> bonza.rbpllc.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42966 ^^^^^^^^ postconf -d smtp_helo_name smtp_helo_name = $myhostname
So you are using an invalid helo name.
Glad to be with you Sandy! Ok, this one is fixed! root@nemesis:/home/samba/egw3111/backup # dig bonza.rbpllc.com ; <<>> DiG 9.3.2 <<>> bonza.rbpllc.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27035 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;bonza.rbpllc.com. IN A ;; ANSWER SECTION: bonza.rbpllc.com. 2300 IN A 66.76.63.60 ;; AUTHORITY SECTION: rbpllc.com. 4372 IN NS ns1.domaindiscover.com. rbpllc.com. 4372 IN NS ns2.domaindiscover.com. ;; ADDITIONAL SECTION: ns1.domaindiscover.com. 24393 IN A 216.104.162.3 ns2.domaindiscover.com. 47438 IN A 216.104.163.3 ;; Query time: 3 msec ;; SERVER: 192.168.6.16#53(192.168.6.16) ;; WHEN: Wed Jan 9 00:32:34 2008 ;; MSG SIZE rcvd: 133
mynetworks_style = subnet
Better set this manually. If the Server has an official ip address you will invite your neighbor servers to use you as relay.
OK, I'm not sure I understand the response. I have it set, are you telling me I should set it to something else??
smtpd_client_restrictions = check_client_access cidr:/etc/postfix/client_check.cidr, reject_rbl_client relays.ordb.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client list.dsbl.org
Several problems: You don't exclude authenticated clients or clients in mynetworks. You are using a dead RBL (relays.ordb.org has gone the way of the dinosaurs).
Ok, I removed relays.ordb.org
Do you use /etc/postfix/access? If not, drop it from your config. In this case it would be a check_sender_access because it is placed in sender_restrictions.
Removed from main.cf
Pet peeve #1: don't use short cuts, always use the complete form. If you decide one day to move the check to smtpd_recipient_restrictions, it would suddenly become a check_recipient_access instead of a check_sender_access.
Better to set up all checks in one class and disable the rest, it's much more transparent that way.
smtpd_client_restrictions = smtpd_sender_restrictions = smtpd_sender_restrictions = smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unlisted_recipient # check_client_access hash:/etc/postfix/client_whitelist cidr:/etc/postfix/client_check.cidr check_recipient_access pcre:/etc/postfix/recipient_check.pcre reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, # consider using zen.spamhaus.org! reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client list.dsbl.org
OK, just using smtpd_recipient_restrictions now.
Pet peeve #2: cidr:/etc/postfix/client_check.cidr check_recipient_access pcre:/etc/postfix/recipient_check.pcre
Can you tell me what kind of checks are in these files? Will you be able to tell me in half a year as well?
Yes, I Blacklist APNIC addresses with client_check.cidr and I Blacklist normally abused accounts (sales, accounting, etc..) with recipient_check.pcre
Let's say, you only use it for blacklisting now, but some day you decide to whitelist someone and say "OK", and suddenly you enable him to use your server as relay, because you might have put the check before reject_unauth_destination. As long as you were only using it to reject clients it wouldn't matter, but whitelist a client and suddenly he can use you as relay. Whitelist a client before you check for valid recipients, and you risk to turn into a backscatter source.
Consider using telling names for the checks:
I see your point, good idea. Thanks.
cidr:/etc/postfix/client_blacklist.cidr pcre:/etc/postfix/recipient_greylisting_enabled.pcre pcre:/etc/postfix/recipient_internal_only.pcre
If necessary split the checks and create separate files for separate purposes (blacklisting/rejecting, whitelisting, filtering etc.), then you can easily place them at the correct place in the order of checks. The policy of your mail system is much more maintainable that way.
smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_client_reject_code = 550 unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual
Which of these would affect or help smtp response time? Any tips would be appreciated.
After you have fixed your dns settings,
Wow, the mail seems much much faster Sandy! I'll do a little more testing tomorrow. Like I said earlier, good to be with you! -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org