 PPoossttffiixx ѥեޥ塼˥

-------------------------------------------------------------------------------

PPoossttffiixx ѥեޥ塼˥ŪŪ

ΥɥȤˤҥȤtipsϤǤưƤPostfixƥ
ѥեޥ󥹤夹ΤΩޤʤPostfixƥब᡼
ǤʤΤǤСDEBUG_README ɥȤȤ
Ȥޤ褹ɬפޤ

ƥĥե륿Υѥեޥ󥹤塼˥󥰤ˤϡޤ FILTER_README
 SMTPD_PROXY_README ɥȤξɤǤƥƥ
ե륿ɤΥ쥤ƥ󥷤ʤ褦ˤޤǤٱ䤬礭ä
ٱΥХĥ礭ǡؤ䤤碌򤱤褦ˤ
CPU/Ȥ̤ʤ褦ˡƥĥե륿
餻ޤ쥤ƥ󥷤ȡƥĥե륿Υ롼ץåȤ
줷ळȤˤʤǤ礦̴ĶǤ RBL ʣʥǡ١ʤɤ
򤱤٤Ǥ

᡼Υѥեޥ󥹤˴ؤ:

  * Ūʥ᡼ѥեޥ󥹤tips
  * SMTPХץ¿Ư
  * ̤˥顼ФSMTP饤Ȥ٤
  * ³륯饤ȤФ¬

᡼Υѥեޥ󥹤˴ؤ:

  * Ūʥ᡼ѥեޥ󥹤tips
  * ٱ᡼Ԥ٤Υ塼˥
  * ƱΥ塼˥
  * ȤμԿΥ塼˥

¾Postfixѥեޥ󥹥塼˥󥰤˴ؤ:

  * PostfixץΥ塼˥
  * ե䥽åȤ򥪡ץ󤹤Υ塼˥

ʲΥġϿ͹Ū٤򤫤ƥ᡼륷ƥΥѥեޥ󥹤¬ꤹ
ȤǤޤ̾PostfixȤȤˤϥ󥹥ȡ뤵ޤ

  * smtp-source, SMTP/LMTPåͥ졼
  * smtp-sink, SMTP/LMTPå
  * qmqp-source, QMQPåͥ졼
  * qmqp-sink, QMQPå

ŪŪʥ᡼ѥեޥ ttiippss

  * QSHAPE_README ɥȤ maildrop 塼 incoming 塼
    active 塼εɤ򤷤Ƥ

  * DNSˤ®٤㲼ޤ뤿ᡢ˥͡ॵФ餻
    ʣPostfixƥư硢ήͥåȥ˸
    䤵ʤ褦ˤ뤿ˡ줾Υ͡ॵФ
    ͭžФ˸Ƥ

  * ɥᥤե륿ꤷɬפLDAPʤƤˤ
    ⡼ȥɥᥤΥɥ쥹ʤʤꡢޤʬɥ쥹θ
    ʤʤޤܺ٤ ldap_table(5) 򻲾ȤƤ

SMTP饤ȤФPostfixα٤:

  * DEBUG_README ɥȤ˽񤫤Ƥ餫ʥȥ֥õ
    ޤϤʤƤ

  * header_checks  body_checks ѥ̵ˤơ꤬äɤ
    Ƥ

  * DEBUG_README ɥȤ˽񤫤Ƥ褦 chroot ư̵ˤơ
    ꤬äɤ򸫤Ƥ

  * PostfixSMTP饤Ȥ "unknown" ȥ˵ϿƤ硢͡
    ӥ꤬ޤ: ͡ॵФޤ resolv.conf ե
    ְä󤬤롢ޤ DNS ꥯȤ䤽α֥åѥå
    ե륿ޤ

  * smtpd(8) Υץ master.cf ǻꤵ줿ץ¤ãƤ顢
    SMTP饤ȤϥץѲǽˤʤޤԤʤ
    ޤ󡣥꤬Хץ䤷ޤ"Postfixץ
    塼˥" ˽񤫤줿ؼ⸫Ƥ

SSMMTTPPХץ¿¿ƯƯ

PostfixС2.0Ǥϡsmtpd(8) ФSMTP饤Ȥ˥顼
𤹤˰ߤޤΥǥϥ빳 (tar pitting) 
ƤФޤٱPostfix٤ޤsmtpd(8) Ф
٤ȥå˻֤ꡢη٤򤵤ФΤˤ¿
smtpd(8) ХץɬפȤʤäƤޤޤPostfix smtpd(8) Хץ
¤ãȡ饤ȤϥХץѲǽˤʤޤ
ԤʤФޤ󡣤ϥ饤Ȥ٤ƤΥѥեޥ󥹤ʤ
Ȥ̣ޤ

ٱ̵ˤ뤳Ȥ smtpd(8) ФΥ顼ΰ®뤳Ȥ
Ǥޤ:

    /etc/postfix/main.cf:
        # Postfix 2.1 ǤפǤ
        smtpd_error_sleep_time = 0

ȤȡPostfix 2.0ǤƱSMTPХץǤ¿
SMTP饤Ȥ˥ӥ󶡤ǤޤΥǤϡPostfix
¿Υ顼Ф饤ȤɤˤĤƵҤƤޤ

̤˥顼ФSSMMTTPP饤Ȥ٤

Postfix smtpd(8) Фϥå󤴤ȤΥ顼ȤƤޤ
åžȥ顼ȤϥꥻåȤ졢饤Ȥ׵᤬
ǧǤʤäƤʤäꡢ饤Ȥ׵᤬¤
Ȥ硢¾Υ顼äˤϡ顼Ȥäޤ

å󤴤ȤΥ顼ȤäˤĤ졢smtpd(8) ФϿ񤤤
ѤƱٱϤޤϥ꥽λѤ¤뤿˽
饤Ȥ٤ȤͤǤο񤤤PostfixΥС
¸ޤ

: ٱPostfix٤ޤٱ礭ꤷȡƱ
SMTPåοä smtpd(8) Хץ¤ãSMTP
饤Ȥ smtpd(8) ХץѲǽˤʤޤԤʤ
ޤ

PostfixС2.1ʹ:

  * 顼Ȥ $smtpd_soft_error_limit (ǥե: 10) ãȡ
    Postfix smtpd(8) Ф󥨥顼ӥ顼Τ٤Ƥ
    $smtpd_error_sleep_time  (ǥե: 1) ٤餻ޤ

  * 顼Ȥ $smtpd_hard_error_limit (ǥե: 20) ãȡ
    Postfix smtpd(8) Ф³ڤޤ

PostfixС2.0:

  * 顼Ȥ $smtpd_soft_error_limit (ǥե: 10) ʲΤȤϡ
    Postfix smtpd(8) Фϱ٤Ƥ $smtpd_error_sleep_time
    (Postfix 2.0 Ǥ1áPostfix 1.1 Ǥ5) ٤餻ޤ

  * 顼Ȥ $smtpd_soft_error_limit ãȡPostfix smtpd(8)
    Ф "顼" ä $smtpd_error_sleep_time äĹλ֤
    ٤Ƥα٤餻ޤ

  * 顼Ȥ $smtpd_hard_error_limit (ǥե: 20) ãȡ
    Postfix smtpd(8) Ф³ڤޤ

³³륯饤ȤФ¬¬

: εǽPostfixС 2.1 ˤϴޤޤƤޤ

Postfix smtpd(8) ФƱSMTP饤ȤƱ³ȡ
饤Ȥñ̻³Ǥ³¤뤳ȤǤޤ
׾ anvil(8) Фˤäƴޤ (: anvil(8) Ф
ߤޤ³¤Ưʤʤޤ)

: ¤ϤҤɤѤ smtpd(8) Фݸ뤳Ȥտޤ
ޤ̾ʥȥեå¤ˤϻȤʤǤ:
Ƥޤȥ᡼뤬ޤٱ˶줷뤳Ȥˤʤޤ

  * 1ĤSMTP饤ȤϺ $smtpd_client_connection_count_limit
    ³Ʊĥ뤳ȤǤޤ (ǥե: 50)ϥǥեȤ
    ץ¤ȾʬǤ

  * 1ĤSMTP饤Ȥñ̻֤
    $smtpd_client_message_rate_limit ĤΥå׵Фޤ
    (ǥե: ¤ʤ)

  * 1ĤSMTP饤Ȥñ̻֤
    $smtpd_client_recipient_rate_limit Ĥμԥɥ쥹ޤ
    (ǥե: ¤ʤ)

  * 1ĤSMTP饤Ȥñ̻֤
    $smtpd_client_connection_rate_limit ³ĥ뤳ȤǤޤ
    (ǥե: ¤ʤ)

  * ¤ $smtpd_client_event_limit_exceptions ǻꤵ줿
    SMTP饤ȤˤŬѤޤ (ǥե: $mynetworks 
    饤Ȥ³̵¤ĥޤ)

  * anvil_rate_time_unit ѥ᡼ˤϥ饤Ȥ³®٤¬ꤵ
    ñ̤ꤷޤ (ǥե: 60s)

ŪŪʥ᡼ѥեޥ ttiippss

  * QSHAPE_README ɥȤ maildrop 塼 incoming 塼
    active 塼deferred 塼εɤ򤷤Ƥ

  * ٤ˤϡQSHAPE_README ɥȤ˽񤫤Ƥ qshape ġ
    餻Ƥ

  * ԤʤåȡΤǤϤʤåȤʣμԤ
    ĥ᡼ȡƤ

  * /usr/sbin/sendmail SMTPǥ᡼ȡƤ
    smtpd_recipient_limit ѥ᡼Ĵɬפ뤫⤷ޤ

  * ᡼ȡǥǥ򿩤Ĥ֤ʤǤƱȡ塼˥
    Postfix in_flow_delay ѥ᡼塼˥󥰤ơ᡼
    ȡ®٤ŬƤ

  * DNS ˤ®٤㲼ޤ뤿ᡢ˥͡ॵФ餻
    ʣPostfixƥư硢ήͥåȥ˸
    䤵ʤ褦ˤ뤿ˡ줾Υ͡ॵФ
    ͭžФ˸Ƥ

  * smtp_connect_timeout  smtp_helo_timeout ͤ򸺤餷Postfix
    ʤ⡼SMTPФФ³֤Ĺ̵̤ˤʤ褦
    ޤ

  * ꤬¿ФơॢȤ򸺤餷ĴѤ
    ᡼ transport ȤäƤʲ "ƱΥ塼˥" 
    ȤƤ

  * ǽλԤǤʤ᡼Ф fallback_relay ۥȤȤä
     "" ޥã񤷤ؤκƻԻ֤û
    Τ˻Ȥޤʲ "ٱ᡼Ԥ٤Υ塼˥" 
    ȤƤ

  * ³Ū饤ȥå礭 (64MB) ơǥι®ޤ
    ˤꥷƥ९å˥ե륷ƥδŶˡ
    ԡɤŬ褦ǥ¤ؤ뤳ȤǤޤ

  * åɥơȥǥ (³Ū RAM ǥ) ȤޤSMTP
    ॢȤûꡢΤ谸Υ᡼
    fallback_relay "" ޥȤ߹碌ƻȤʥ塼Ǥ

ٱ᡼Ԥ٤Υ塼˥

PostfixƱ 1000 SMTP饤ȥץư褦ꤹ뤳Ȥ
ǤޤƱ⡼ȥƥƱ 1000 ³ĥ뤳ȤϤޤ
˾ޤȤǤϤޤ󡣤äͳǡPostfixˤϤΤ "緲"
򤱤뵡ޤ

Postfix塼ޥ͡ TCP ȥեάƱͤʤΤ
Ƥޤ: 륵ȤݡϤϾΥåꡢ
ޤäƤ֤䤷Ƥޤ; Ƥ򸺤餷ޤ

  * initial_destination_concurrency ѥ᡼ (ǥե: 5) 
    ŬѤˡƱåνͤ椷ޤ
    ϡץ¤ȡΥ᡼ transport ͥФ
    ¤ĶʤϰϤǤΤͭǤ

  * default_destination_concurrency_limit ѥ᡼ (ǥե: 20) 
    ƱƱ뤳ȤǤå¤ޤmaster.cf
    ȥ̾ "_destination_concurrency_limit" դѥ᡼
    ȤȡΥå transport ФƤ񤭤Ǥޤ

transport ͭ¤:

  * local_destination_concurrency_limit ѥ᡼ (ǥե:2 ) Ʊ
    ԤФƱå椷ޤƱ᡼
    ܥåФ༡ŪǤʤФʤ餺̤ϼŪǤ
    ʤᡢ㤤¤侩ޤƱԤФ¤Τ
    褤⤦Ĥͳ: Ԥ .forward ե٤ι⤤륳ޥɤ
    äꡢμԤ᡼󥰥ꥹȥޥ͡ǤȡΥץ
    󥹥󥹤Ʊ˲ưʤǤ礦

  * 20 Ȥ smtp_destination_concurrency_limit ΥǥեȤǤ⥷ƥ
    ǤΤ᤹Ȥʤ٤ͿȻפޤä礭ͤ
    ѤˤդƤ

¤ΥǥեͤϹϰϤʾ̤ǤޤưޤȤä
ȿŪˤΥѥ᡼ѹȡºݤˤ򰭲뤳Ȥ
ʤ꤫ͤޤäˡؤΥǥեȤ礭٤ǤϤޤ
絬Ϥʥɥᥤ˥᡼ transport Τߤ˸ꤹ٤Ǥ

礭뤳Ȥ׵ᤵŪʾ̤ϡ󥿡ͥåȤȥȥͥå
᡼Ķδ֤̤Υ᡼Ѥ륲ȥǤ褽ȾʬΥ᡼
(ԤȳԤƱ̤ꤷޤ) Υ᡼ϥְǤ᡼ϥ֤
᡼򤹤٤ƥȥΤ߼뤿ᡢȥSMTP
Ф̤Ф׵礭褦ꤹΤǤ

Ԥ¤Υ塼˥󥰤ˤϻԺפǤä˥ȥʣ
MX ۥȤФžƤΤǤС̤˼᡼ϥ֤
ñ (ǥեȤ 20 礭) 50  100 Ʊ³򰷤ϤǤ
MX ۥȤ٤ưƤƥ꡼ˡ³ƤΤǤС
롼ץåȤϹ⤤Ǥ礦ɤ MX ۥȤƤƴ˱ʤС
N Ĥ MX ۥȤȡ³쥤ƥ󥷤ʿѤϾʤȤ
1/N * $smtp_connection_timeout ޤǾ夬ޤϥ롼ץåȤ
 * N / $smtp_connection_timeout ¤ޤ

㤨 100 2Ĥ MX ۥȤȤȡ줾ΥۥȤ
 50 Ʊ³ޤ MX ۥȤ󤷡ǥեȤSMTP
³ॢȤ 30s ȡ롼ץå¤1ä 100 * 2 / 30 ~= 6
åȤʤޤ³褯ʣ MX ۥȤ̤
Ǥ³ॢȤ㤯 5s 餤͡⤷Ϥ٤ƤǤϤʤ1İʾ
MX ۥȤ󤷤ݤԤɤΤ 1s ˤƤ褤ȤȤ򼨺
ޤ

ɬפʤСrelay transport ̤Ѥ transport Ф
transport_destination_concurrency_limit  (ϥ塼ޥ͡
ѥ᡼ʤΤ main.cf ) ⤤ͤꤷsmtp_connection_timeout 
(Υѥ᡼ transport Ȥ̾ǤϤʤΤ master.cf  "-o" դ
񤭤) 㤤ͤꤷƤ

ƱƱΥ塼˥

default_destination_recipient_limit ѥ᡼ (ǥե: 50) Postfix
Ȥ줾E᡼ΥԡԿ椷ޤ
PostfixȤФƤ񤭤뤳ȤǤޤ
㤨 "uucp_destination_recipient_limit = 100" Ȥȡ줾 UUCP
ȤμԿ100¤ޤ

E᡼åФ¤ĶȡPostfix塼
ޥ͡ϼԥꥹȤ򾮤ꥹȤʬ䤷ޤPostfixϥå
ʣΥԡȤޤ

: åȤμԿ䤹ݤˤդƤ; smtpd(8) 
Ȥ̤ϡɼ¤ã³Ūڤ뤳Ȥ
ꡢΥåʤʤäƤޤޤ

smtpd_recipient_limit ѥ᡼ (ǥե: 1000) Postfix smtpd(8) Ф
Ȥ˼Կ椷ޤǥեȤ¤SMTP饤Ȥ
ʤΤ礭ͤǤ¤˽饤Ȥ
᡼륷ƥݸ뤿¸ߤƤޤ

ȤμԿΥ塼˥

Postfix (smtp(8), local(8) ʤ) åǤʤ
硢åȤ񤹤뤫ȿ񤹤뤫⤷ޤ

  * Ȥå񤹤硢塼ޥ͡ϥ塼
    ե̤ΥॹפͿƤФ餯ʤ褦ˤޤ
    ǥեȤǤϡѴ֤ϥåãƤвᤷ֤ĹǤ
    ϤؿŪ٤餻դޤˤʤޤ

  * Ȥȿ (㤨Х桼⡼ȥۥ) 
    񤹤硢塼ޥ͡ϥ塼եΥॹפʤ
    Ǥʤȿ "˴" ꥹȤ֤ƤФ餯δФ褦
    ޤ

νϾΥѥ᡼ǻۤޤ

    queue_run_delay (ǥե: 1000 )
        塼ޥ͡㤬ٱ᡼Υ塼򥹥󤹤١
    minimal_backoff_time (ǥե: 1000 )
        å򸫤ʤû֡ "˴" 褫Υû֡
    maximal_backoff_time (ǥե: 4000 )
        μԸå򸫤ʤĹ֡
    maximal_queue_lifetime (ǥե: 5 )
        ǤʤȤ֤ޤǤ˥å塼ںߤ֡
        0ꤹȡǽԤ˼Ԥ餹˥᡼֤ޤ
    bounce_queue_lifetime (ǥե: 5 , PostfixС 2.1 ʹߤ
    Ȥޤ)
        ǤʤȸʤޤǤ MAILER-DAEMON å塼
        Ȥɤޤ֡0 ꤹȥ᡼1Ԥޤ
    qmgr_message_recipient_limit (ǥե: 20000)
        ¿Υ⥭塼ޥ͡ǡ¤ΥäˤΥѥ᡼
        "˴" û֥ꥹȤ¤ޤꥹȤ˹ʤ
        ɲäޤ

: ٱ᡼λ٤夲ꡢٱ᡼륭塼ˤ flush
ȡºݤPostfix᡼Υѥեޥ󥹤ʤäȴ뤫
ޤ󡣰ʲΤ褦Ǥ:

  * ᡼ active 塼äѤˤʤޤ᡼
    Ťåٱ䤵ʤ active 塼ˤޤ󡣤ϤƤ
    1İʾSMTP³ॢȤɬפΤǡ֤Ǥ

  * ѲǽPostfixȤ٤ǤʤȤʤɤФ
    ³ԤΤޤ᡼ȤѲǽˤʤޤ
    ԤʤФޤ󡣤ϤƤ1İʾSMTP³ॢ
    ɬפΤǡ֤Ǥ

᡼뤬ˤٱ䤹硢Ԥ٤夲
ˤ褤ǤԤ٤ǤʤΤǤСΤ
ФѤ fallback_relay "" ޥȤäơ̾Υ᡼
ѥեޥ󥹤þʤ褦ˤ뤳ȤƤƤ

PPoossttffiixx ץΥ塼˥

default_process_limit ѥ᡼Postfix餻ǡץο
ľ椷ޤPostfix 2.0 λǤϡǥեȤ¤ 100 smtp 饤
ץ100 ХץʤɤǤϥ꤬ʤƥХ
ͥåȥΥƥ줷뤫⤷ޤ

ǥեȤǤϤʤ default_process_limit  main.cf ե˻ꤹ뤳Ȥ
ΤΥץ¤Ѥ뤳ȤǤޤ㤨С 10  smtp 饤
ץ10  smtp ХץʤɤȤˤ:

    /etc/postfix/main.cf:
        default_process_limit = 10

ѹͭˤˤ "postfix reload" ¹Ԥɬפޤ¤
main.cf Ƥ⼫ưŪˤɤ߹ޤʤPostfix master(8) ǡ
äƶޤ

PostfixǡФץ¤ϡmaster.cf եԽ
뤳ȤǾ񤭤Ǥޤ㤨СƱ 100 SMTPåϼ
ʤ᡼Υץ¤ѹʤ硢Τ褦˻
Ǥޤ:

    /etc/postfix/master.cf:
        # ====================================================================
        # service type  private unpriv  chroot  wakeup  maxproc command + args
        #               (yes)   (yes)   (yes)   (never) (100)
        # ====================================================================
        . . .
        smtp      inet  n       -       -       -       10      smtpd
        . . .

ե䥽åȤץΥ塼˥

Postfix˥ե䥽åȤ򥪡ץ󤹤ȡץ̿Ū顼
۾ｪλƥ "file table full" 顼˵Ͽ뤫⤷ޤ

  *  "PostfixץΥ塼˥" ˽񤫤줿ץ򸺤餷ޤ
    ץ򾯤ʤȡץ󤹤ɬפե䥽åȤ⾯ʤ
    ʤޤ

  * ե䥽åȤäȳ褦˥ͥꤷޤܺ٤϶ˤ
    ƥ¸Ǥꡢڥ졼󥷥ƥΥСѤޤ
    ʲξɬƥ塼˥󥰥ɤǸڤƤ:

      o FreeBSD kernel ѥ᡼ˤ /boot/loader.conf ǻǤΤ䡢
        sysctl ޥɤѹǤΤޤѹǤΤϥС
        äѤޤ

        kern.ipc.maxsockets="5000"
        kern.ipc.nmbclusters="65536"
        kern.maxproc="2048"
        kern.maxfiles="16384"
        kern.maxfilesperproc="16384"

      o Linux kernel ѥ᡼ /etc/sysctl.conf ǻǤޤ sysctl
        ޥɤǤѹǤޤ:

        fs.file-max=16384
        kernel.threads-max=2048

      o Solaris kernel ѥ᡼ Solaris FAQ  "ɤХץ
        ե롦ǥץ䤻ޤ (How can I increase the
        number of file descriptors per process?)" Ȥȥ˽񤫤Ƥ
        褦ˡ/etc/system ǻǤޤ

        * set hard limit on file descriptors
        set rlim_fd_max = 4096
        * set soft limit on file descriptors
        set rlim_fd_cur = 1024

