logs archiveIRC Archive / Freenode / #exim / 2015 / July / 23 / 1
unnu
hey, how do i restrict the accounts that can send mail?
like if i only want accounts created through cpanel to be able to send mail. . . to stop a php script from sending mail from "spam@mydomain.co" because there is no "spam" account setup through cpanel
notkoos
unnu: ACLs ;) probably both of acl_not_smtp (assuming pipe-style deliveries are happening) and acl_smtp_mail ... look what cpanel is doing to get some idea of what lookups you need in these ... http://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html
LitoII
how can I block a specific IP for incoming emails?
henk
acl
oozbooz
couple days ago I've asked about a way to control number of concurrent SMTP connection during remote delivery. Is < remote_max_parallel > designed to do that?
henk
concurrent connections to the same host? no.
hs12
concurrent deliveries to several hosts (for the same message)? yes
oozbooz
1st, "... concurrent connections to the same host... "
".. Otherwise, if a single message has to be delivered to more than one remote host, or if several copies have to be sent to the same remote host, up to remote_max_parallel deliveries are done simultaneously. ..."
hs12
Yes, ... you're right. This indicates that concurrency may even occur to the same destination host, if the message the queue runner processes has >1 recipients at the same host.
Another level of concurrency is the number of queue runners you may have at a time. Plus the deliveries that are triggered immediatly after accepting the message.
         

oozbooz
I am delivering a single message with 10K recipients to a client. As of now EXIM established 20+ connections to the remote SMTP
I want to cap them at 40 (per client limitation)
hs12
The 20+ connections are not established at once, are they?
oozbooz
yes, at once
hs12
With the default of 2 for remote_max_parallel?
henk
oozbooz: How are you delivering this message to exim?
oozbooz
henk, mailman that runs on the same machine
hs12, here is my iptables rule that triggers ...
iptables -I OUTPUT -s EXIM_UP -d CLIENT_SMTP -p tcp --syn --dport 25 -m connlimit --connlimit-above 19 -j LOG --log-prefix "[SMTP-CLIENT]: " --log-level 7
s/EXIM_UP/EXIM_IP
maybe iptables counts connection within 60 sec
hs12
ok, what is remote_max_parallel on your system? And, to you see really 1 message (with one exim spool id) with 10k recipients in your mailqueue?
oozbooz
we split 10K into 100 messages with 100 names
today, exim delivered 9K as soon as it got messages from mailman... and left 1K in the queue
hs12
Ok, so mailman pipes 100 messages to exim, that triggers 100 deliveries immediatly after exim received the message. Because Exim, by design, starts a delivery attempt\
immediatly.
oozbooz
correct
hs12
You may use queue_only and then you may control the deliveries via queue_run_max and remote_max_parallel
henk
oozbooz: AFAICT you may want to queue_only and then limit the number of queue & yes
hs12
And start a sufficient number of queue runners.
oozbooz
well, as of now... QR kicks in every hour, our client is sensitive to timely delivery
meaning, I have to kicks QR more often
hs12
Yes. The daemon has to start the QR, otherwise queue_run_max is without effect.
oozbooz
which will impact my other deliveries... it is an option, but I have to look into this carefully
henk
goood, Im so curious to know more about this setup and/or client & This is still the 1200 Baud connection story, right?
oozbooz
;-)
hs12
The queue runners still obey the retry times, so starting the QRs more often should not have too much impact.
oozbooz
I might have over-dramatized the setup/client
our business has a peculiar cycle of email delivery, it is one big wave cluster around 30 mins
some emails get queued which results in couple hours tail with 10% of total messages
clients tolerate this schedule and business side as well
so I am very cautious about drastic changes ...
but couple clients impose rules... for instance, no more than 40 concurrent connections per 60sec
I've tried serialize but it leads to painfully slow and unnecessary conservative delivery
If I start queuing messages and rely on QR, that means that publishing time and delivery time will have a gap .. on average
         

henk
Is "client" basically the same as "target host", or "recipient domain", or something like that?
oozbooz
sorry, in what context?
hs12
(I guess client is roughly a customer, owning a target host for the recipient domain :))
(context: your lines at 23:46:43 and before)
henk
oozbooz: exim. Can each client be identified by a set of recipient domains or a set of target hosts or so?
(might seem like a strange question, but I already assumed too many wrong things regarding this setup, so I thought Id ask &)
« prev