Postfix rate limit to domain

Most of the renowned ESPs such as gmail or hotmail or yahoo do not like to mailed to from the same address multiple times in a short span. If they detect (and they will) that a server's IP is sending out bursts of emails in short span of time or over a single connection, they will most certainly block your IP.

Here is how we can negate this block by rate limiting on the server side so that the server IP(s) remain clean and unblocked. We can configure postfix to rate limit the mails based on their recipient domains. Suppose we need to rate limit mails to gmail to 1000 per hour, this can be achieved using the following steps.

We will use custom transports in postfix configuration to achieve this rate limiting. Custom transports are supported in postfix > v2.5. Check your postfix version using the following command:

    [root@smtp01 ~]# postconf mail_version
    mail_version = 2.8.5


If postfix is older than 2.5, upgrade it.

Now, define required additional transport in postfix master.cf file:

    smtp-gmail unix -    -    n    -    1    smtp
       -o syslog_name=smtp-gmail



syslog_name will specify the name by which messages related with this transport will be logged in maillog. This will help us to identify if the custom transport is working or not.

Define the required throttling (rate limits) settings in postfix main.cf

    smtp-gmail_destination_rate_delay = 12s
    smtp-gmail_destination_concurrency_limit = 1
    smtp-gmail_destination_recipient_limit = 2
    smtp-gmail_initial_destination_concurrency=1


The syntax is as follows: trasntport-name_variable-name=value

Here the transport name I am using is smtp-gmail. You can use anything of you own choice.

destination_rate_delay: This defines the delay between individual deliveries to the destination using this transport. Set this as per required. Suppose you want 10 deliveries per minute to gmail, then you can set it up like 60/10 = 6s.

destination_concurrency_limit: This decides the number of parallel deliveries to the destination using this transport. Setting it one means only one mail will be delivered once.

destination_recipient_limit: This decides the number of recipients per mail delivery. Setting this parameter to a value of 1 changes the meaning of the corresponding per-destination concurrency limit from concurrency per domain into concurrency per recipient. So set this to 2. This will take care of the domain. If you set it to 1, throttling will work only if you send mails to the same recipient and not for the same recipient domain.

initial_destination_concurrency: This decides the initial number of parallel deliveries. Default is 5, you don't want that probably, so set it as 1.

You can get more information about the parameters here: http://www.postfix.org/postconf.5.html

Create a transport map file, so that mails to gmail.com are directed to our new transport (smtp-gmail). Add the following to /etc/postfix/transport

    /\@gmail\.com$/       smtp-gmail:


The format of the above file is regexp. Lookups to regexp tables are fast so probably you should use those. For regexp to work you should have regexp support built into postfix. Find out using this command

    postconf -m


You should get the following result, showing all supported lookup tables

    [root@smtp01 ~]# postconf -m
    btree
    cidr
    environ
    hash
    internal
    ldap
    nis
    pcre
    proxy
    regexp
    static
    tcp
    texthash
    unix


Once the transport file is created, make sure to create the corresponding db, which will be actually used by postfix. Use postmap command.

    postmap  /etc/postfix/transport


Make postfix use this transport table. Edit main.cf and add the following:

    transport_maps = regexp:/etc/postfix/transport


Make sure you use regexp prefix.

Reload postfix.

Test the configuration.

Create a file containing two or more different gmail addresses. Then you can use a loop to send mails to them using the command line.

    for i in `cat recpts`; do echo "hello" | mail -s "testing throttling" $i; done


recpts is the file containing recipients' addresses.

Tail the maillog and grep for the transport name. You should get the following messages:

    Oct 5 10:33:26 smtp01 smtp-gmail/smtp[31905]: A8AB21EE201: to=, relay=gmail-smtp-in.l.google.com[209.85.143.27]:25, delay=1466, delays=0.09/1465/0.25/0.84, dsn=2.0.0, status=sent (250 2.0.0 OK 1317825206 ge19si1398564wbb.49)
    Oct 5 10:38:28 smtp01 smtp-gmail/smtp[31945]: AFF7B1EE206: to=, relay=gmail-smtp-in.l.google.com[209.85.143.26]:25, delay=1768, delays=0.09/1766/0.24/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1317825508 s63si1405914weq.73)
    Oct 5 10:43:29 smtp01 smtp-gmail/smtp[31985]: B18DC1EE208: to=, relay=gmail-smtp-in.l.google.com[209.85.143.27]:25, delay=2069, delays=0.09/2068/0.25/0.75, dsn=2.0.0, status=sent (250 2.0.0 OK 1317825809 fn12si1423894wbb.51)
    Oct 5 10:48:30 smtp01 smtp-gmail/smtp[32021]: B136C1EE207: to=, relay=gmail-smtp-in.l.google.com[209.85.143.27]:25, delay=2370, delays=0.09/2369/0.25/0.48, dsn=2.0.0, status=sent (250 2.0.0 OK 1317826110 fi7si1433546wbb.71)


You can see that the transport 'smtp-gmail' is being called every five minutes ( as set in postfix main.cf).