From: Roberto C. S. <ro...@co...> - 2007-02-14 15:04:20
|
On Wed, Feb 14, 2007 at 02:23:30PM +0200, Harry Lachanas wrote: > Hi all ... >=20 > Happy to be back for a question/suggestion again .... >=20 > I came accross this weird situation. >=20 It is not weird. Read on. >=20 > I take care of a site running shorewall 3.0.5 in the firewall and qmail= =20 > in the DMZ ( mail server ). >=20 >=20 > A remote clients smtp server denies to accept more than one incomming=20 > smtp connections from my site :-(. > In my site users are always sending mail to this server ( 50 - 60 per day= ). >=20 > So when an smtp transfer is on ... the next ones gets stuck in the queue= =20 > and the message I get in the log is > "Remote_host_said:_421_#4.4.5_Too_many_connections_from_your_host" =20 > and finally gets bounced ( 3 hour queue - life limit ) depending on=20 > the traffic of that particular date. Hmmm. Perhaps you should get yourself a standards-compliant MTA [0]: 4.3. Bandwidth hogging (violates SHOULD clause in RFC-2821) =20 qmail unbundles all mail. Common other mail software transfers a mail for a...@sa... and b...@sa... in the same transaction. qmail makes two separate mail transactions of this, one for a...@sa..., one for b...@sa.... This consumes your bandwidth, you pay twice with qmail. =20 RFC-2821, section "4.5.4.1 Sending Strategy", recommends that multi-RCPT be sent when possible: "When a mail message is to be delivered to multiple recipients, and the SMTP server to which a copy of the message is to be sent is the same for multiple recipients, then only one copy of the message SHOULD be transmitted. That is, the SMTP client SHOULD use the command sequence: MAIL, RCPT, RCPT,... RCPT, DATA instead of the sequence: MAIL, RCPT, DATA, ..., MAIL, RCPT, DATA. However, if there are very many addresses, a limit on the number of RCPT commands per MAIL command MAY be imposed. Implementation of this efficiency feature is strongly encouraged." =20 Technically, unbundling is only required for VERP mail which is exclusively used by mailing list manager software. >=20 > I 've searched all qmail documentation but I was not able to find a way= =20 > to limit the number of connections to remote smtp server. >=20 Because, in this respect, qmail is broken. >=20 > Is there a safe way to do this in shorewall ( One active smtp connection= =20 > to a specific remote site only ) ??? With out mails getting bounced back= =20 > to my users ??? >=20 How will qmail know what is going on? Its connections will still get delayed and given long enough will bounce. Regards, -Roberto [0] http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html --=20 Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com |