[Maia-users] lost connection after CONNECT (solved?)

[Greg Woods]

On Thu, 2007-08-09 at 13:57 -0700, Robert LeBlanc wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>   Going overboard with the Postfix listeners,
> though, will eventually have a resource impact without further benefit,
> so don't take it farther than your traffic volume requires.

I ended up running a lot of listener processes because we would
occasionally have a problem with connections being refused. Since I
never know when this is going to happen (could be a deliberate DDoS or
just a DDoS caused by a major spam run somewhere), I upped the number of
listeners to a ridiculous level so that this wouldn't happen. As Blake
pointed out, Postfix has to go through the effort of queueing actual
received messages anyway, and we haven't seen any negative resource
impact from using a high number of listener processes. But if your
hardware isn't as beefy as ours, I suppose that could be an issue.

On a related note, our stats show that 20-30 times as many messages are
rejected by DNSBL's and other SMTP-time checks (unknown recipient,
unresolvable sender IP, etc.) than are caught by
Maia/amavisd/spamassassin/ClamAV. Also, sadly, the total number of
rejected messages is more than double the number of delivered messages,
and we also greylist more messages than we deliver (it's unknown how
many of those are eventually retried and delivered, and how many are
spam, but I'll bet the vast majority of them are spam). Add this up, and
about 3/4 of the mail we get is rejected. It's even worse than that
sounds, because this also counts a lot of our internal mail (both sender
and recipient located on our internal network), almost none of which is
rejected.

--Greg