advertisement
Attribute
DoSFilter IP Addresses
Whitelist
zmprov mcf zimbraHttpThrottleSafeIPs
[x.x.x.x,192.168.x.x]
Monitoring ZCS Servers
Description
IP addresses to ignore when applying the
DosFilter. This attribute does not have a default value, however the following loopback
IPs are whitelisted by default.
•
127.0.0.1
•
::1
The IP addresses should be comma separated.
Enter as zmprov mcf zimbraHttpThrottleSafeIPs
[addresses]
A mailbox server restart is required after modifying these attributes. Type zmmailboxdctl restart
Tuning Considerations for ZCS 8.0.3 and later
ZCS Member Servers
: ZCS servers under the control of a single master
LDAP server are automatically whitelisted by IP address. These hosts are discovered using a
GetAllServersRequest
. Type as zmprov gas
.
External Provisioning Hosts/SOAP API
: External provisioning hosts can be added to the IP whitelist to ensure that the DoSFilter does not block some requests. For example, a mailbox reindex might make several calls per second that can trigger the DoSFilter.
Note: For ZCS servers at 8.0.0 to 8.0.2, see the Denial of Service workaround located at http://www.zimbra.com/forums/announcements/
60397-zcs-dosfilter-workaround-zcs-8-0-1-8-0-2-a.html.
Working with Mail Queues
When the Zimbra MTA receives mail, it routes the mail through a series of queues to manage delivery; incoming, active, deferred, held, and corrupt.
The
incoming
message queue holds the new mail that has been received.
Each message is identified with a unique file name. Messages are moved to the active queue when there is room. If there are no problems, message move through this queue very quickly.
The
active
message queue holds messages that are ready to be sent. The
MTA sets a limit to the number of messages that can be in the active queue at any one time. From here, messages are moved to and from the anti-virus and anti-spam filters before being delivered to another queue.
Zimbra Collaboration Network Edition 233
Administrator Guide
Messages that cannot be delivered are placed in the
deferred
queue. The reasons for the delivery failures are documented in a file in the deferred queue. This queue is scanned frequently to resend the message. If the message cannot be sent after the set number of delivery attempts, the message fails. The message is bounced back to the original sender. The default for the bounce queue lifetime is five days.
The
held
message queue keeps mail that could not be processed. Messages stay in this queue until the administrator moves them. No periodic delivery attempts are made for messages in the held queue.
T
he
corrupt
queue stores damaged unreadable messages.
Change the Bounce Queue Lifetime
The MTA server’s bounce queue lifetime is set for five days. To change the default queue lifetime setting zmlocalconfig -e bounce_queue_lifetime=[#]
To permanently have messages bounced back to the sender, instead of being sent to the deferred queue first zmlocalconfig -e zimbraLmtpPermanentFailureWhenOverQuota=TRUE
Notifying Senders of Bounced Messages
Before the bounce queue lifetime sends the message back to the sender, senders can be notified that the message they sent is in the deferred queue and has not been delivered.
Configure the following attributes to send a warning message to the sender.
Configure the time after which the sender receives the message headers of email that is still queued.
zmlocalconfig -c postfix_delay_warning_time=0h
Configure the recipient of postmaster notifications with the message headers of mail that the MTA did not deliver.
zmlocalconfig -c postfix_bounce_notice_recipient=postmaster
Configure the list of error classes that are reported to the postmaster.
zmlocalconfig -c postfix_notify_classes=resource,software
Note: See Postfix documentation for details on the impact of changes to these Postfix attributes.
You can monitor the mail queues for delivery problems from the Administration
Console.
234 Network Edition Zimbra Collaboration
advertisement
advertisement