In this post, we’ll show you how doing selective Postfix rate limiting will improve your Zimbra system’s email deliverability.
Various trade press accounts have reported that COVID resulted in email volumes essentially doubling. For large email providers, especially the free email providers like Gmail, Yahoo and Outlook.com, they have had to take steps to maintain their infrastructure. One such step is volume-based grey listing, whereby if you send too many emails too quickly to these providers, you get temporary rejects (421 errors). Send way too many emails too quickly, and your Zimbra server’s IP and/or domain may get block listed. Fortunately or unfortunately, Postfix is really fast. In our benchmarks, a 4-core Zimbra MTA server can process anywhere from 10,000 to more than 25,000 emails per hour, and Zimbra’s default Postfix configurations favor high delivery rates.
Postfix however provides a mechanism to rate-limit outbound emails on a per-destination-domain basis, and what we’ve done is “Zimbra-fy” those changes, so that they survive Zimbra restarts, reboots and even Zimbra Patch updates. I especially want to thank Rick King at Zimbra for his help in the “Zimbra-fication” process!
We deployed these changes more than a month ago at this writing, and have seen virtually all of the typical 421 errors from the major free hosting providers (as reported in the Daily Mail Report) disappear. Our hosting customers have noticed that they no longer experience periodic issues delivering email to their customers who have yahoo.com, hotmail.com and similar addresses.
To put this outbound rate limiting into effect we: (a) add another outbound SMTP delivery method to Postfix; (b) configure a transport table to have this new delivery method apply only to the selected domains we choose, and; (c) configure a set of Postfix rate limits that apply only to this new outbound delivery method. Let’s get started!
First, let’s agree that we will call this new outbound SMTP delivery method “smtp-slow”.
Let’s add this new delivery method to Zimbra’s Postfix. As the Zimbra user, edit /opt/zimbra/common/conf/master.cf.in by adding the following lines (note that this file is read-only, so you’ll need to make the file writeable first, edit the file, and then make it read-only again):
smtp-slow unix - - n - 1 smtp -o syslog_name=smtp-slow
Now we have to specify the rate-limiting attributes for this delivery method. As the Zimbra user, first make a backup of zmconfigd.cf:
cp -p /opt/zimbra/conf/zmconfigd.cf /opt/zimbra/conf/zmconfigd.cf_ORIG
And then edit /opt/zimbra/conf/zmconfigd.cf by adding the lines below right above “RESTART mta” line:
POSTCONF smtp-slow_destination_rate_delay 5s POSTCONF smtp-slow_destination_concurrency_limit 2 POSTCONF smtp-slow_destination_recipient_limit 2 POSTCONF smtp-slow_initial_destination_concurrency 2
We’ll need a list of domains to which we will want to have the rate limiting apply. After you select those domains, create a new file as the Zimbra user: /opt/zimbra/conf/smtp-slow listing those domains, and formatted like so:
/@aol.com$/ smtp-slow: /@gmail.com$/ smtp-slow: /@gmx.com$/ smtp-slow: /@gmx.net$/ smtp-slow: /@hotmail.com$/ smtp-slow: /@icloud.com$/ smtp-slow: /@inbox.com$/ smtp-slow: /@live.com$/ smtp-slow: /@mail.com$/ smtp-slow: /@outlook.com$/ smtp-slow: /@protonmail.com$/ smtp-slow: /@yahoo.com$/ smtp-slow: /@zoho.com$/ smtp-slow:
As the Zimbra user, you have to “postmap” the file, so Postfix can understand the file’s contents:
postmap /opt/zimbra/conf/smtp-slow
Now we are ready to let Zimbra’s Postfix use this new transport map, so as the Zimbra user:
zmprov mcf zimbraMtaTransportMaps "proxy:ldap:/opt/zimbra/conf/ldap-transport.cf lmdb:/opt/zimbra/conf/smtp-slow"
To implement all of these changes, restart the MTA:
zmmtactl restart
Check it to be sure:
zimbra@mail2:~$ postconf smtp-slow_destination_rate_delay smtp-slow_destination_concurrency_limit smtp-slow_destination_recipient_limit smtp-slow_initial_destination_concurrency transport_maps
smtp-slow_destination_rate_delay = 5s
smtp-slow_destination_concurrency_limit = 2
smtp-slow_destination_recipient_limit = 2
smtp-slow_initial_destination_concurrency = 2
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf lmdb:/opt/zimbra/conf/smtp-slow
zimbra@mail2:~$
That should do it! Email sent to the domains listed in /opt/zimbra/conf/smtp-slow will be rate-limited, improving your system’s deliverability to those domains.
If you get stuck and you’d like our help, just fill out this form please:
Hope that helps,
L. Mark Stone
Mission Critical Email LLC
3 June 2021
The information provided in this blog is intended for informational and educational purposes only. The views expressed herein are those of Mr. Stone personally. The contents of this site are not intended as advice for any purpose and are subject to change without notice. Mission Critical Email makes no warranties of any kind regarding the accuracy or completeness of any information on this site, and we make no representations regarding whether such information is up-to-date or applicable to any particular situation. All copyrights are reserved by Mr. Stone. Any portion of the material on this site may be used for personal or educational purposes provided appropriate attribution is given to Mr. Stone and this blog.
