On Wed, Feb 14, 2007 at 02:23:30PM +0200, Harry Lachanas
wrote:> Hi all ...
>
> Happy to be back for a question/suggestion again ....
>
> I came accross this weird situation.
>
It is not weird. Read on.
>
> I take care of a site running shorewall 3.0.5 in the firewall and qmail
> in the DMZ ( mail server ).
>
>
> A remote clients smtp server denies to accept more than one incomming
> smtp connections from my site :-(.
> In my site users are always sending mail to this server ( 50 - 60 per day
).
>
> So when an smtp transfer is on ... the next ones gets stuck in the queue
> and the message I get in the log is
>
"Remote_host_said:_421_#4.4.5_Too_many_connections_from_your_host"
> and finally gets bounced ( 3 hour queue - life limit ) depending on
> the traffic of that particular date.
Hmmm. Perhaps you should get yourself a standards-compliant MTA [0]:
4.3. Bandwidth hogging (violates SHOULD clause in RFC-2821)
qmail unbundles all mail. Common other mail software transfers a mail
for a@same.example.com and b@same.example.com in the same transaction.
qmail makes two separate mail transactions of this, one for
a@same.example.com, one for b@same.example.com. This consumes your
bandwidth, you pay twice with qmail.
RFC-2821, section "4.5.4.1 Sending Strategy", recommends that
multi-RCPT be sent when possible: "When a mail message is to be
delivered to multiple recipients, and the SMTP server to which a copy
of the message is to be sent is the same for multiple recipients, then
only one copy of the message SHOULD be transmitted. That is, the SMTP
client SHOULD use the command sequence: MAIL, RCPT, RCPT,... RCPT,
DATA instead of the sequence: MAIL, RCPT, DATA, ..., MAIL, RCPT, DATA.
However, if there are very many addresses, a limit on the number of
RCPT commands per MAIL command MAY be imposed. Implementation of this
efficiency feature is strongly encouraged."
Technically, unbundling is only required for VERP mail which is
exclusively used by mailing list manager software.
>
> I ''ve searched all qmail documentation but I was not able to find
a way
> to limit the number of connections to remote smtp server.
>
Because, in this respect, qmail is broken.
>
> Is there a safe way to do this in shorewall ( One active smtp connection
> to a specific remote site only ) ??? With out mails getting bounced back
> to my users ???
>
How will qmail know what is going on? Its connections will still get
delayed and given long enough will bounce.
Regards,
-Roberto
[0] http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html
--
Roberto C. Sanchez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and you''ll get the chance
to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV