Maybe I am chasing a bug but I am trying to set up a smtp proxy of sorts. I have a postfix server which receives all the email for a collection of servers/clients. It them uses a smarthost (relayhost=...) to forward it's mail to our corporate MTA. I would like to limit the number of messages an individual server can relay to prevent swamping the corporate MTA. Postfix has a program called "anvil" that is capable of tracking stats about mail to be used for such things but it doesn't seem to be executed. I ran "inotifywait -m /usr/lib/postfix/anvil" while I started postfix and sent a number of messages through it from a remote server. inotifywait indicated anvil was never run. Anyone gotten postfix/anvil rate controls to work?
main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
myhostname = site-server-q9
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost
relayhost = Out outgoing mail relay
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = 10.X.X.X
smtpd_client_message_rate_limit = 1
anvil_rate_time_unit = 1h
master.cf extract
anvil unix - - - - 1 anvil
smtp inet n - - - - smtpd
In the end I used policyd which does just this sort of thing. I configured it to limit a single IP address to no more than 10000 messages an hour and 1 GB. Below is a copy of the doc a wrote up for myself in case anyone finds it helpful.
Configuring postfix and policyd
After the packages have been installed make the following changes to their configurations. In /etc/postfix/main.cf add the following line
In /etc/postfix-policyd.conf
WHITELISTING=1toWHITELISTING=0GREYLISTING=1toGREYLISTING=0SENDERTHROTTLE=0toSENDERTHROTTLE=1QUOTA_EXCEEDED_TEMP_REJECT=1toQUOTA_EXCEEDED_TEMP_REJECT=0SENDER_QUOTA_REJECTION="Quota Exceeded."toSENDER_QUOTA_REJECTION="Quota Exceeded, 10,000 messages/hour max!"SENDER_SIZE_REJECTION="Message size too big."toSENDER_SIZE_REJECTION="Message size too big. 10Mb per message or 1 Gb/hour max!"SENDERMSGLIMIT=512toSENDERMSGLIMIT=10000SENDERRCPTLIMIT=3600toSENDERRCPTLIMIT=10000SENDERQUOTALIMIT=250000000toSENDERQUOTALIMIT=1000000000SENDERMSGSIZE=10240000toSENDERMSGSIZE=50000000SENDER_INACTIVE_EXPIRE=31dtoSENDER_INACTIVE_EXPIRE=1hPossibly interesting for your implementation:
Anvil was really meant to limit incoming message rates, not limit outgoing. Think of it as a crude DoS filter.
You might want to look at the settings that pertain to the qmgr portion of postfix. Specifically, you might want to set your concurrency limits to something very low, and your wait-around-in-the-queue times very high. You'll want to set the rate of delivery to something that has a large(r) delay, and also want to lower the number of delivery processes in master.cf.
Have you looked at using qshape to determine what will be an acceptable rate for your internal MTA?
Anvil does logging for postfix , Ive added below to main.cf and seems to work for me