 |
| Prev-20 | Home | Next-20 |
| Prev-20 | Home | Next-20 |
| Prev-Msg | Prev-Thread | Postfix-users | Aug-2007 | Next-Thread | Next-Msg |
| Subject: | Re: rDNS checks cause delays |
| Group: | Postfix-users |
| From: | Victor Duchovni |
| Date: | 31 Aug 2007 |
> I've used smtpd_timeout = 45s for years, and I don't know of any
> legit hosts ever blocked by that rule. (although I must admit I've
> quit closely following "timeout after..." errors since they are so
> common now from spambots. Which means if any legit hosts are caught,
> I'll never know as long as they are able to send on a subsequent
> try. I would probably notice if that happened frequently).
I still have enough hosts and process limit (and other defenses) that 300s
is not causing significant pain, but there is a definite rise in such
timeouts. Today on one host 11243 timeouts in 16 hours, this translates
to an average of 129 concurrent idle sessions. If I drop the timeout to
45s, the idle session concurrency should drop by a similar factor closer
to 20 concurrent idle sessions.
11243 DATA
7700 MAIL
3601 RCPT
1545 CONNECT
363 END-OF-MESSAGE
215 EHLO
88 HELO
39 RSET
4 UNKNOWN
4 NOOP
Just 10 IP addresses accounted for over 25% of the time-outs:
871 80.195.131.175
651 88.236.119.63
303 122.163.145.128
237 122.163.139.16
236 122.163.139.205
222 148.240.49.251
125 122.163.144.77
115 89.138.218.48
114 122.163.141.240
112 88.243.224.74
The recently posted suggestions for RBL reply templates can also help,
the culrprits are without exception listed on PBL, CBL or both.
175.131.195.80.zen.spamhaus.org. IN A 127.0.0.4
175.131.195.80.zen.spamhaus.org. IN TXT "http://www.spamhaus.org/query/bl?ip=80.195.131.175"
63.119.236.88.zen.spamhaus.org. IN A 127.0.0.11
63.119.236.88.zen.spamhaus.org. IN TXT "http://www.spamhaus.org/query/bl?ip=88.236.119.63"
128.145.163.122.zen.spamhaus.org. IN A 127.0.0.11
128.145.163.122.zen.spamhaus.org. IN TXT "http://www.spamhaus.org/query/bl?ip=122.163.145.128"
16.139.163.122.zen.spamhaus.org. IN A 127.0.0.4
16.139.163.122.zen.spamhaus.org. IN A 127.0.0.11
16.139.163.122.zen.spamhaus.org. IN TXT "http://www.spamhaus.org/query/bl?ip=122.163.139.16"
205.139.163.122.zen.spamhaus.org. IN A 127.0.0.4
205.139.163.122.zen.spamhaus.org. IN A 127.0.0.11
205.139.163.122.zen.spamhaus.org. IN TXT "http://www.spamhaus.org/query/bl?ip=122.163.139.205"
251.49.240.148.zen.spamhaus.org. IN A 127.0.0.11
251.49.240.148.zen.spamhaus.org. IN TXT "http://www.spamhaus.org/query/bl?ip=148.240.49.251"
77.144.163.122.zen.spamhaus.org. IN A 127.0.0.11
77.144.163.122.zen.spamhaus.org. IN TXT "http://www.spamhaus.org/query/bl?ip=122.163.144.77"
48.218.138.89.zen.spamhaus.org. IN A 127.0.0.10
48.218.138.89.zen.spamhaus.org. IN TXT "http://www.spamhaus.org/query/bl?ip=89.138.218.48"
240.141.163.122.zen.spamhaus.org. IN A 127.0.0.11
240.141.163.122.zen.spamhaus.org. IN TXT "http://www.spamhaus.org/query/bl?ip=122.163.141.240"
74.224.243.88.zen.spamhaus.org. IN A 127.0.0.11
74.224.243.88.zen.spamhaus.org. IN TXT "http://www.spamhaus.org/query/bl?ip=88.243.224.74"
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomo?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
| Prev-Msg | Prev-Thread | Postfix-users | Aug-2007 | Next-Thread | Next-Msg |