4

I'm having trouble limiting the number of concurrent connections from the same client to my Postfix server. Limiting the maximal number of concurrent processes, from the same or different clients, is done easily.

Here are the two parameters that I'm using on main.cf to do so:

default_process_limit = 50
smtpd_client_connection_count_limit = 25

When testing, I run 100 concurrent connections (threads) from the same client, but it limits at 50 smtpd processes instead of just 25. Here is how I'm counting the smtpd processes at the server:

ps -C smtpd | wc -l

Does anyone know why this happens?

MadHatter
  • 78,442
  • 20
  • 178
  • 229
Jay
  • 141
  • 1
  • 1
  • 2

1 Answers1

2

If you want to change the maximal number of smtpd running you should make your changes in /etc/postfix/master.cf. You change - to 50 in the 7th column then restart postfix with postfix restart (or a distro specific substitute).

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd

change this to

smtp      inet  n       -       -       -       50      smtpd

smtpd_client_connection_count_limit limits how many connections an smtp client can make.

It does not say how many smtpd servers will run by default. (smtpd_client_connection_count_limit is by default half of the default process limit.)

cstamas
  • 6,607
  • 24
  • 42
  • That is the same as changing `default_process_limit`. What I want is `smtpd_client_connection_count_limit` – Jay Jan 08 '15 at 16:49
  • @Jay That is not correct. I also made some changes to clarify. In fact when you specify '-' it takes `default_process_limit`. You can override this per service by replace it with a number. – cstamas Jan 08 '15 at 16:57
  • Yes. But you are still overriding `default_process_limit` and this is for the "global" number of concurrent processes. I want to limit the number of processes per client to avoid having the same client use all the processes defined in `default_process_limit` (maxproc) – Jay Jan 08 '15 at 17:04
  • This is a per service override and it will only affect smtpd. smtpd_client_connection_count_limit is only a safeguard maybe what you want is a policy daemon with rate limiting capabilities. – cstamas Jan 08 '15 at 17:08
  • ok. So, are you telling me that if I change the `-` to 50 as you mentioned, I can have 2 different clients running 50 processes against the server (50 + 50 = 100 max processes)? Considering that `default_process_limit` is set to 100. – Jay Jan 08 '15 at 17:10
  • i realized that your question has the right settings in the first place. Have you reloaded it with `postfix reload` after making the changes? – cstamas Jan 08 '15 at 17:15
  • Yes I did. reload and restart. – Jay Jan 08 '15 at 17:18
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/20087/discussion-between-cstamas-and-jay). – cstamas Jan 08 '15 at 17:19