Postfix Anvil Rate Limiting: Troubleshooting SMTP Connection Issues and Cache Size Problems


2 views

When examining Postfix logs with entries like:

Aug 30 16:25:14 westc01-01-01 postfix/anvil[14400]: statistics: max connection rate 1/60s for (submission:203.43.xxx.2xx) at Aug 30 16:21:50
Aug 30 16:25:14 westc01-01-01 postfix/anvil[14400]: statistics: max connection count 1 for (submission:203.43.xxx.2xx) at Aug 30 16:21:50
Aug 30 16:25:14 westc01-01-01 postfix/anvil[14400]: statistics: max cache size 1 at Aug 30 16:21:50

This doesn't indicate a blocking situation but rather shows the peak statistics recorded by Anvil (Postfix's connection rate limiting daemon). The key metrics are:

  • Max connection rate: 1 connection per 60 seconds
  • Max connection count: 1 simultaneous connection
  • Max cache size: 1 client tracked

The default rate limiting settings in main.cf are quite permissive:

# Default connection limits
smtpd_client_connection_rate_limit = 50
anvil_rate_time_unit = 60s
smtpd_client_message_rate_limit = 100

Your logs show activity well below these thresholds. The issue likely lies elsewhere since Anvil would log explicit rejection messages if rate limiting was triggered.

First verify your current Postfix configuration with:

postconf -n | grep -E 'rate_limit|anvil|connection'

For a more detailed Anvil status check:

postqueue -p  # Check mail queue
postsuper -d ALL  # Remove all queued messages (caution)
systemctl status postfix-anvil  # Check daemon status

Since Anvil isn't blocking connections, consider these possibilities:

  1. Check network connectivity to port 587/465
  2. Verify SASL authentication is working
  3. Inspect firewall rules (iptables/nftables)
  4. Review DNS resolution for your mail server

Basic telnet test for SMTP submission:

telnet your.mail.server 587
EHLO client.example.com
AUTH PLAIN [base64-encoded-credentials]
MAIL FROM: <sender@example.com>
RCPT TO: <recipient@example.com>
DATA
Subject: Test
Test message
.

Enable verbose logging in main.cf:

debug_peer_level = 2
debug_peer_list = 203.43.xxx.xxx
smtpd_verbose = yes

Then monitor logs in real-time:

tail -f /var/log/mail.log | grep -E 'anvil|smtpd'

If you do want to adjust rate limiting, modify these parameters:

smtpd_client_connection_rate_limit = 100
smtpd_client_connection_count_limit = 10
anvil_status_update_time = 120s

Remember to reload Postfix after changes:

systemctl reload postfix

The log entries you're seeing indicate Postfix's anvil service is tracking connection statistics, but these particular messages don't represent actual rate limiting at work. Let's break down what each line means:

Aug 30 16:25:14 westc01-01-01 postfix/anvil[14400]: statistics: max connection rate 1/60s for (submission:203.43.xxx.2xx) at Aug 30 16:21:50
Aug 30 16:25:14 westc01-01-01 postfix/anvil[14400]: statistics: max connection count 1 for (submission:203.43.xxx.2xx) at Aug 30 16:21:50
Aug 30 16:25:14 westc01-01-01 postfix/anvil[14400]: statistics: max cache size 1 at Aug 30 16:21:50

Anvil is Postfix's connection rate limiting daemon that:

  • Tracks connection rates per client
  • Enforces configured limits
  • Provides statistics (what you're seeing)

To verify if rate limiting is causing your issue, check your Postfix configuration for these parameters in main.cf:

# Default values:
smtpd_client_connection_rate_limit = 0 (disabled)
smtpd_client_connection_count_limit = 50
smtpd_client_message_rate_limit = 0 (disabled)
anvil_rate_time_unit = 60s

Since your emails are stuck in Outlook and the logs show minimal activity, consider these possibilities:

  1. Network connectivity issues - Test basic SMTP connectivity:
    2. telnet your.server.com 25
telnet your.server.com 587
  2. Authentication problems - Check auth logs:
    3. grep "authentication failed" /var/log/mail.log
  3. DNS resolution issues
  4. Firewall blocking

1. Increase logging verbosity in main.cf:

debug_peer_level = 2
debug_peer_list = 203.43.xxx.xxx

2. Verify service status:

postfix status
systemctl status postfix

3. Check for resource limits:

ulimit -a
grep "postfix" /etc/security/limits.conf

To get real-time anvil statistics, use:

postfix -c /etc/postfix anvil

This will show current connection counts and rates per client.

Here's a sample configuration for controlled rate limiting:

# Rate limit configuration
smtpd_client_connection_rate_limit = 20
smtpd_client_connection_count_limit = 100
smtpd_client_message_rate_limit = 100
smtpd_client_event_limit_exceptions = $mynetworks

Remember to reload Postfix after changes:

postfix reload