«
»

30 Jul

Postfix Rate Limiting

Posted July 30, 2010 by Douglas in Linux, Open Source Software. Tagged: , , , , .

Since I had to figure out how to limit outbound traffic by domain today I thought I would post the procedure for everyone to enjoy. Listed below are the configuration changes that I made to our main postfix gateway server.

Add the following lines to /etc/postfix/master.cf. You could also copy the smtp line and rename it to something else. I use the term slow in this example.

# Outbound rate limiting
slow unix - - n - 1 smtp
-o syslog_name=postfix-slow

Now add the following line to /etc/postfix/transport. You can rate limit as many individual domains as you wish using the transport file. Don’t forget to postmap transport when you are finished. You should also have transport_maps set in /etc/postfix/main.cf.

domain.com slow:

The last step is to add the following block of code to /etc/postfix/main.cf:

# Outbound rate limiting
slow_destination_rate_delay = 120
slow_destination_concurrency_limit = 5
slow_destination_recipient_limit = 100
slow_connection_cache_time_limit = 0
slow_never_send_ehlo = yes
slow_connect_timeout = 5

This code forces a delay of 120 seconds between connection attempts. It also forces five concurrent connections at any one time. The current postfix default is 10. I’m not sure I would go lower than three for an organization of our size. It also limits recipients to 100 per connection attempt. Don’t forget to restart the postfix daemon after making these changes!

4 responses to this post.

  1. Posted by Sam on March 1, 2012 at 6:16 am

    Hey,

    I know this is an older post but I’m running into this problem at the moment. Does this throttle the domain of the recipient of the email or the domain of the relay server?

    I use gmail as our relay using smart host delivery in postfix. I’m using Endian Firewall Community.

    When we send out newsletter email to about 250 recipients google blocks us after about 100. I want postfix to stagger sending the emails to google. Will what you have here help with this?

    Thanks,
    Sam.

    Reply

    • Posted by Douglas on March 14, 2012 at 2:27 pm

      I apologize for the delay in response. My old e-mail box was closed down and this notification went to a dead account. This setting limits delivery for all of the outbound e-mail for a single domain, not a single relay server. I would think that this would help in this scenario.

      Reply

  2. Posted by Bulend Mali on April 17, 2012 at 3:41 pm

    Hello there
    does this code run for an email account instead of a domain too ?

    Reply

    • Posted by Douglas on April 28, 2012 at 11:31 am

      I only set it up for entire domains. Never tested it for individual e-mail addresses. This server is long gone so unfortunately I can’t test it now.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 252 other followers