<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#333333">
Thanks for the reply guys .. I have scheduled postfix / mailscanner
update for today ..<br>
Should be able to get the graph by tomorrow.<br>
<br>
If it was the receiving ends, the queue will build up in the active /
deferred queue and not in the incoming queue.<br>
We have a couple of server on the receiving end running qmail and has
no filter whatsoever.<br>
They are load balanced using alteon and mailbox storage is mounted from
HP storagework 8100 SAN via 2 Gb Fiber.<br>
The receiving end capable of accepting a total of ~10,000 mails per
minute. ( thats the highest i've seen) .<br>
<br>
--- More details on the Antispam servers ---<br>
<br>
We have 8 Antispam server, and for each server we receive around 400
email per minutes and rejecting 300 at SMTP level.<br>
<br>
RRD Graph :<br>
SMTP connect vs Reject :
<a class="moz-txt-link-freetext" href="http://img139.imageshack.us/img139/5412/vscan4smtpwu4.png">http://img139.imageshack.us/img139/5412/vscan4smtpwu4.png</a><br>
Rejected message at SMTP level :
<a class="moz-txt-link-freetext" href="http://img150.imageshack.us/img150/309/vscan4blockedru9.png">http://img150.imageshack.us/img150/309/vscan4blockedru9.png</a><br>
Accepted Message :
<a class="moz-txt-link-freetext" href="http://img145.imageshack.us/img145/7687/vscan4acceptedji0.png">http://img145.imageshack.us/img145/7687/vscan4acceptedji0.png</a><br>
Postfix Queue Level :
<a class="moz-txt-link-freetext" href="http://img134.imageshack.us/img134/5902/vscan4queuepb1.png">http://img134.imageshack.us/img134/5902/vscan4queuepb1.png</a><br>
<br>
<br>
2 filter on header check on postfix :<br>
/^content-(type|disposition):.*name*=.*\.(pif|scr|vbs|com|cmd)"?[[:space:]]*(;|$)/
REJECT We cannot accept file with .$2 attachments<br>
/^Received:/ HOLD<br>
<br>
Queue Manger process ID is stable and has been the same for longer than
24 hours.<br>
-- Nov 5 12:21:58 vscan4 postfix/qmgr[13055]: 7A3D760869A: removed<br>
-- Nov 6 10:37:03 vscan4 postfix/qmgr[13055]: A750B608734: removed<br>
<br>
======== postconf -n ===========<br>
alias_database = hash:/etc/aliases<br>
alias_maps = hash:/etc/aliases<br>
anvil_rate_time_unit = 15m<br>
bounce_size_limit = 1024<br>
command_directory = /usr/sbin<br>
config_directory = /etc/postfix<br>
daemon_directory = /usr/libexec/postfix<br>
debug_peer_level = 1<br>
disable_vrfy_command = no<br>
header_checks = regexp:/etc/postfix/maps /header_checks<br>
html_directory = /usr/share/doc/postfix- 2.3.2-documentation/html<br>
in_flow_delay = 0<br>
inet_interfaces = all<br>
local_recipient_maps =<br>
local_transport = error:local mail delivery is disabled<br>
mail_owner = postfix<br>
mailq_path = /usr/bin/mailq.postfix<br>
manpage_directory = /usr/share/man<br>
message_size_limit = 41457280<br>
mydestination =<br>
mydomain =<br>
myhostname = vscan4<br>
mynetworks = xxxxxxxxxxxxxxxxxx<br>
myorigin = $mydomain<br>
newaliases_path = /usr/bin/newaliases.postfix<br>
queue_directory = /var/spool/postfix<br>
readme_directory = /usr/share/doc/postfix-2.3.2-documentation/readme<br>
receive_override_options = no_address_mappings<br>
relay_domains = mysql:/etc/postfix/relay_domains.cf<br>
relay_recipient_maps = proxy:mysql:/etc/postfix/recipients-
verification.cf<br>
sample_directory = /usr/share/doc/postfix- 2.2.10/samples<br>
sendmail_path = /usr/sbin/sendmail.postfix<br>
setgid_group = postdrop<br>
smtpd_banner = $myhostname [vscan v0.1]<br>
smtpd_client_connection_count_limit = 1<br>
smtpd_client_connection_rate_limit = 15<br>
smtpd_client_event_limit_exceptions = someip<br>
smtpd_client_recipient_rate _limit = 50<br>
smtpd_error_sleep_time = 12<br>
smtpd_hard_error_limit = 6<br>
smtpd_helo_required = yes<br>
smtpd_helo_restrictions = permit_mynetworks,
reject_invalid_hostname, reject_non_fqdn_hostname,<br>
smtpd_recipient_limit = 50<br>
smtpd_recipient_overshoot_limit = 1<br>
smtpd_recipient_restrictions = permit_mynetworks, <br>
reject_unauth_pipelining, <br>
reject_unauth_destination, <br>
reject_multi_recipient_bounce, <br>
reject_unlisted_recipient, <br>
check_client_access cidr:/etc/postfix/maps/exceptions_clients,<br>
reject_rbl_client hotkey.rbl,<br>
reject_rbl_client zen.spamhaus.org, <br>
check_policy_service inet: 127.0.0.1:10031<br>
smtpd_sender_restrictions = permit_mynetworks, check_client_access
hash:/etc/postfix/maps/sender _blacklist, check_sender_access
hash:/etc/postfix/maps/from_blacklist,
reject_non_fqdn_sender, reject_unknown_sender_domain<br>
smtpd_soft_error_limit = 1<br>
smtpd_timeout = 20s<br>
soft_bounce = no<br>
transport_maps = hash:/etc/postfix/maps/transport<br>
unknown_local_recipient_reject _code = 550<br>
<br>
<br>
QSHAPE :<br>
<br>
incoming :<br>
T 5 10 20 40 80 160 320 640
1280 1280+<br>
TOTAL 150 150 0 0 0 0 0 0
0 0 0<br>
<br>
Active :<br>
T 5 10 20 40 80 160 320 640
1280 1280+<br>
TOTAL 0 0 0<br>
<br>
<br>
<br>
EXAMPLE LOG FILE :<br>
<br>
Nov 8 09:36:59 vscan4 postfix/smtpd[24127]: C953660802E:
client=mail.creativefactory.com.au[203.89.197.34]<br>
Nov 8 09:37:00 vscan4 postfix/cleanup[25817]: C953660802E: hold:
header Received: from mail.creativefactory.com.au
(mail.creativefactory.com.au [203.89.197.34])??by vscan4.hotkey.net.au
(Postfix) with ESMTP id C953660802E??for <a class="moz-txt-link-rfc2396E" href="mailto:xxxxx@xxxxxxx.com"><xxxxx@xxxxxxx.com></a>;
Thu, 8 Nov 2007 0 from mail.creativefactory.com.au[203.89.197.34];
from=<a class="moz-txt-link-rfc2396E" href="mailto:news@discountnewcars.com.au"><news@discountnewcars.com.au></a> to=<a class="moz-txt-link-rfc2396E" href="mailto:xxx@xxxxxx.com"><xxx@xxxxxx.com></a>
proto=ESMTP helo=<mail.xxxxxxxx.com.au><br>
Nov 8 09:37:00 vscan4 postfix/cleanup[25817]: C953660802E:
message-id=<13290289.1194474906537.JavaMail.SYSTEM@dnc01><br>
Nov 8 09:37:03 vscan4 MailScanner[14160]: Message C953660802E.EFA0E
from 203.89.197.34 (<a class="moz-txt-link-abbreviated" href="mailto:news@discountnewcars.com.au">news@discountnewcars.com.au</a>) to xxxxx.com is too
big for spamchecks (118081 > 80000 bytes)<br>
Nov 8 09:37:07 vscan4 MailScanner[14160]: Requeue: C953660802E.EFA0E
to 4141C608637<br>
Nov 8 09:37:07 vscan4 MailScanner[14160]: Logging message
C953660802E.EFA0E to SQL<br>
Nov 8 09:37:07 vscan4 MailScanner[14438]: C953660802E.EFA0E: Logged to
MailWatch SQL<br>
[root@vscan4 src]# grep 4141C608637 /var/log/maillog<br>
Nov 8 09:37:07 vscan4 MailScanner[14160]: Requeue: C953660802E.EFA0E
to 4141C608637<br>
Nov 8 09:44:58 vscan4 postfix/qmgr[13055]: 4141C608637:
from=<a class="moz-txt-link-rfc2396E" href="mailto:news@discountnewcars.com.au"><news@discountnewcars.com.au></a>, size=117724, nrcpt=1 (queue
active)<br>
Nov 8 09:44:58 vscan4 postfix/smtp[29892]: 4141C608637:
to=<a class="moz-txt-link-rfc2396E" href="mailto:xxxx@xxxxxxx.com"><xxxx@xxxxxxx.com></a>,
relay=mailroute.xxxxx.net.au[xxx.xx.7.8]:25, delay=479,
delays=298/0.01/0.01/0.11, dsn=2.0.0, status=sent (250 ok 1194475318 qp
7468)<br>
Nov 8 09:51:58 vscan4 postfix/qmgr[13055]: 4141C608637: removed<br>
<br>
As you can see .. there are long delay after mailscanner requeue the
mail.<br>
This is just one example and i've seen queue sitting longer that 10
mins ..<br>
<br>
<br>
Lets see if postfix+mailscanner update fix this issue.<br>
<br>
Regards,<br>
Rianto Wahyudi<br>
</body>
</html>