1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" 2 "http://www.w3.org/TR/html4/loose.dtd"> 3 4<html> 5 6<head> 7 8<title>Postfix Connection Cache </title> 9 10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> 11 12</head> 13 14<body> 15 16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Connection Cache </h1> 17 18<hr> 19 20<h2>Introduction</h2> 21 22<p> This document describes the Postfix connection cache implementation, 23which is available with Postfix version 2.2 and later. </p> 24 25<p> Topics covered in this document: </p> 26 27<ul> 28 29<li><a href="#summary"> What SMTP connection caching can do for you</a> 30 31<li><a href="#implementation"> Connection cache implementation</a> 32 33<li><a href="#configuration"> Connection cache configuration</a> 34 35<li><a href="#safety">Connection cache safety mechanisms </a> 36 37<li><a href="#limitations">Connection cache limitations</a> 38 39<li><a href="#statistics">Connection cache statistics</a> 40 41</ul> 42 43<h2><a name="summary">What SMTP connection caching can do for 44you</a></h2> 45 46<p> With SMTP connection caching, Postfix can deliver multiple 47messages over the same SMTP connection. By default, Postfix 2.2 48reuses an SMTP connection automatically when a destination has 49high volume of mail in the active queue. </p> 50 51<p> SMTP Connection caching is a performance feature. Whether or not 52it actually improves performance depends on the conditions: </p> 53 54<ul> 55 56<li> <p> SMTP Connection caching can greatly improve performance 57when delivering mail to a destination with multiple mail servers, 58because it can help Postfix to skip over a non-responding server. 59</p> 60 61<li> <p> Otherwise, the benefits of SMTP connection caching are 62minor: it eliminates the latency of the TCP handshake (SYN, SYN+ACK, 63ACK), plus the latency of the SMTP initial handshake (220 greeting, 64EHLO command, EHLO response). 65 66<li> <p> SMTP Connection caching gives no gains with respect to 67SMTP session tear-down. The Postfix smtp(8) client normally does 68not wait for the server's reply to the QUIT command, and it never 69waits for the TCP final handshake to complete. </p> 70 71<li> <p> SMTP Connection caching introduces some overhead: the 72client needs to send an RSET command to find out if a connection 73is still usable, before it can send the next MAIL FROM command. 74This introduces one additional round-trip delay. </p> 75 76</ul> 77 78<p> For other potential issues with SMTP connection caching, see 79the discussion of <a href="#limitations">limitations</a> at the end 80of this document. </p> 81 82<h2><a name="implementation">Connection cache implementation</a></h2> 83 84<p> For an overview of how Postfix delivers mail, see the Postfix 85architecture OVERVIEW document. </p> 86 87<p> The Postfix connection cache is shared among Postfix mail 88delivering processes. This maximizes the opportunity to reuse an 89open connection. Other MTAs such as Sendmail or exim have a 90non-shared connection cache. Here, a connection can be reused only 91by the mail delivering process that creates the connection. To get 92the same performance improvement as with a shared connection cache, 93non-shared connections need to be kept open for a longer time. </p> 94 95<p> The scache(8) server, introduced with Postfix version 2.2, 96maintains the shared connection cache. With Postfix version 2.2, 97only the smtp(8) client has support to access this cache. </p> 98 99<blockquote> 100 101<table> 102 103<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center" 104colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt> 105--> </tt> Internet </td> </tr> 106 107<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td> 108<td align="center" rowspan="3"> </td> <td align="center" 109rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> <td> </td> 110</tr> 111 112<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center" 113colspan="2" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left"> <tt> 114--> </tt> Internet </td> </tr> 115 116<tr> <td colspan="3"> </td> <td align="center"><tt>^<br>|</tt></td> 117<td> </td> </tr> 118 119<tr> <td colspan="3"> </td> <td align="center" colspan="3" 120bgcolor="#f0f0ff"> scache(8) </td> </tr> 121 122</table> 123 124</blockquote> 125 126<p> When SMTP connection caching is enabled (see next section), the 127smtp(8) client does not disconnect after a mail transaction, but 128gives the connection to the scache(8) server which keeps the 129connection open for a limited amount of time. </p> 130 131<p> After handing over the open connection to the scache(8) server, 132the smtp(8) client continues with some other mail delivery request. 133Meanwhile, any smtp(8) client process can ask the scache(8) server 134for that cached connection and reuse it for mail delivery. </p> 135 136<p> The connection cache can be searched by destination domain name 137(the right-hand side of the recipient address) and by the IP address 138of the host at the other end of the connection. This allows Postfix 139to reuse a connection even when the remote host is mail server for 140domains with different names. </p> 141 142<h2><a name="configuration">Connection cache configuration </a></h2> 143 144<p> The Postfix smtp(8) client supports two connection caching 145strategies: </p> 146 147<ul> 148 149<li> <p> On-demand connection caching. This is enabled by default, 150and is controlled with the smtp_connection_cache_on_demand configuration 151parameter. When this feature is enabled, the Postfix smtp(8) client 152automatically saves a connection to the connection cache when a 153destination has a high volume of mail in the active queue. </p> 154 155<p> Example: </p> 156 157<blockquote> 158 159<pre> 160/etc/postfix/main.cf: 161 smtp_connection_cache_on_demand = yes 162</pre> 163 164</blockquote> 165 166<li> <p> Per-destination connection caching. This is enabled by 167explicitly listing specific destinations with the 168smtp_connection_cache_destinations configuration parameter. After 169completing delivery to a selected destination, the Postfix smtp(8) 170client <i>always</i> saves the connection to the connection cache. 171</p> 172 173<p> Specify a comma or white space separated list of destinations 174or pseudo-destinations: </p> 175 176<ul> 177 178<li> <p> if mail is sent without a relay host: a domain name (the 179right-hand side of an email address, without the [] around a numeric 180IP address), </p> 181 182<li> <p> if mail is sent via a relay host: a relay host name (without 183the [] or non-default TCP port), as specified in main.cf or in the 184transport map, </p> 185 186<li> <p> a /file/name with domain names and/or relay host names as 187defined above, </p> 188 189<li> <p> a "type:table" with domain names and/or relay host names 190on the left-hand side. The right-hand side result from "type:table" 191lookups is ignored. </p> 192 193</ul> 194 195<p> Examples: </p> 196 197<blockquote> 198 199<pre> 200/etc/postfix/main.cf: 201 smtp_connection_cache_destinations = $relayhost 202 smtp_connection_cache_destinations = hotmail.com, ... 203 smtp_connection_cache_destinations = static:all (<i>not recommended</i>) 204</pre> 205 206</blockquote> 207 208</ul> 209 210<h2><a name="safety">Connection cache safety mechanisms </a></h2> 211 212<p> Connection caching must be used wisely. It is anti-social to 213keep an unused SMTP connection open for a significant amount of 214time, and it is unwise to send huge numbers of messages through 215the same connection. In order to avoid problems with SMTP connection 216caching, Postfix implements the following safety mechanisms: </p> 217 218<ul> 219 220<li> <p> The Postfix scache(8) server keeps a connection open for 221only a limited time. The time limit is specified with the 222smtp_connection_cache_time_limit and with the connection_cache_ttl_limit 223configuration parameters. This prevents anti-social behavior. </p> 224 225<li> <p> The Postfix smtp(8) client reuses a session for only a 226limited number of times. This avoids triggering bugs in implementations 227that do not correctly handle multiple deliveries per session. </p> 228 229<p> As of Postfix 2.3 connection reuse is preferably limited with 230the smtp_connection_reuse_time_limit parameter. In addition, Postfix 2312.11 provides smtp_connection_reuse_count_limit to limit how many 232times a connection may be reused, but this feature is unsafe as it 233introduces a "fatal attractor" failure mode (when a destination has 234multiple inbound MTAs, the slowest inbound MTA will attract most 235connections from Postfix to that destination). </p>. 236 237<p> Postfix 2.3 logs the use count of multiply-used connections, 238as shown in the following example: </p> 239 240<blockquote> 241<pre> 242Nov 3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE: 243to=<wietse@test.example.com>, orig_to=<wietse@test>, 244relay=mail.example.com[1.2.3.4], <b>conn_use=2</b>, delay=0.22, 245delays=0.04/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok) 246</pre> 247</blockquote> 248 249<li> <p> The connection cache explicitly labels each cached connection 250with destination domain and IP address information. A connection 251cache lookup succeeds only when the correct information is specified. 252This prevents mis-delivery of mail. </p> 253 254</ul> 255 256<h2><a name="limitations">Connection cache limitations</a></h2> 257 258<p> Postfix SMTP connection caching conflicts with certain applications: 259</p> 260 261<ul> 262 263<li> <p> The Postfix shared connection cache cannot be used with 264TLS, because saved TLS session information can be used only when a 265new connection is created (this limitation does not exist in 266connection caching implementations that reuse a connection only in 267the process that creates it). For this reason, the Postfix smtp(8) 268client always closes the connection after completing an attempt to 269deliver mail over TLS. </p> 270 271<li> <p> Postfix connection caching currently does not support 272multiple SASL accounts per mail server. Specifically, Postfix 273connection caching assumes that a SASL credential is valid for all 274hostnames or domain names that deliver via the same mail server IP 275address and TCP port, and assumes that the SASL credential does not 276depend on the message originator. </p> 277 278</ul> 279 280 281<h2><a name="statistics">Connection cache statistics </a></h2> 282 283<p> The scache(8) connection cache server logs statistics about the 284peak cache size and the cache hit rates. This information is logged 285every connection_cache_status_update_time seconds, when the process 286terminates after the maximal idle time is exceeded, or when Postfix 287is reloaded. </p> 288 289<ul> 290 291<li> <p> Hit rates for connection cache lookups by domain will tell 292you how useful connection caching is. </p> 293 294<li> <p> Connection cache lookups by network address will always 295fail, unless you're sending mail to different domains that share 296the same MX hosts. </p> 297 298<li> <p> No statistics are logged when no attempts are made to 299access the connection cache. </p> 300 301</ul> 302 303 304</body> 305 306</html> 307
