msmilter connect timeouts.

Shawn Iverson iversons at rushville.k12.in.us
Fri Nov 9 03:12:59 UTC 2018 

Mark,

I wonder if it makes sense for me to refactor the milter to scale within a
defined range.


It would be possible, for example to have the following
Milter Min Children
Milter Max Children

In this configuration, I could default the Min to 10 under normal
conditions, but set Max to 100.

The key is that the miltier must always have a child available to serve a
connection, so it must theoretically be able to scale to whatever postfix
can handle concurrently.

On Thu, Nov 8, 2018 at 9:23 PM Mark Sapiro <mark at msapiro.net> wrote:

> To recap, with
>
> Milter Max Children = 1
>
> I was seeing messages like:
>
> Nov  8 04:21:32 sbh16 postfix/smtpd[5059]: warning: milter
> inet:127.0.0.1:33333: can't read SMFIC_OPTNEG reply packet header:
> Connection reset by peer
> Nov  8 04:21:32 sbh16 postfix/smtpd[5059]: warning: milter
> inet:127.0.0.1:33333: read error in initial handshake
>
> and
>
> Nov  8 04:21:51 sbh16 postfix/smtpd[5064]: warning: milter
> inet:127.0.0.1:33333: can't read SMFIC_OPTNEG reply packet header:
> Connection timed out
> Nov  8 04:21:51 sbh16 postfix/smtpd[5064]: warning: milter
> inet:127.0.0.1:33333: read error in initial handshake
>
> in my mail.log. I increased the setting to
>
> Milter Max Children = 10
>
> and that seemed to eliminate the problem.
>
> However, this morning I was hit by a mass spam attack resulting in 73 of
> these connects
>
> Nov  8 04:21:26 sbh16 postfix/smtpd[5028]: connect from
> unknown[46.229.220.205]
>
> within 14 seconds and 3 of these produced the "Connection reset by peer"
> message and 39 produced the "Connection timed out" message for a total
> of 42 "read errors".
>
> I wonder if setting smtpd_client_connection_count_limit in Postfix to a
> smaller value, maybe even 10, would avoid this.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>

-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 option 7
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20181108/87002f3a/attachment.html>

More information about the MailScanner mailing list