Since I had to figure out how to limit outbound traffic by domain today I thought I would post the procedure for everyone to enjoy. Listed below are the configuration changes that I made to our main postfix gateway server.
Add the following lines to /etc/postfix/master.cf. You could also copy the smtp line and rename it to something else. I use the term slow in this example.
# Outbound rate limiting
slow unix - - n - 1 smtp
-o syslog_name=postfix-slow
Now add the following line to /etc/postfix/transport. You can rate limit as many individual domains as you wish using the transport file. Don’t forget to postmap transport when you are finished. You should also have transport_maps set in /etc/postfix/main.cf.
domain.com slow:
The last step is to add the following block of code to /etc/postfix/main.cf:
# Outbound rate limiting
slow_destination_rate_delay = 120
slow_destination_concurrency_limit = 5
slow_destination_recipient_limit = 100
slow_connection_cache_time_limit = 0
slow_never_send_ehlo = yes
slow_connect_timeout = 5
This code forces a delay of 120 seconds between connection attempts. It also forces five concurrent connections at any one time. The current postfix default is 10. I’m not sure I would go lower than three for an organization of our size. It also limits recipients to 100 per connection attempt. Don’t forget to restart the postfix daemon after making these changes!
