Postfix Connection Cache

Introduction

This document describes the Postfix connection cache implementation, which is available with Postfix version 2.2 and later.

Topics covered in this document:

With SMTP connection caching, Postfix can deliver multiple messages over the same SMTP connection. By default, Postfix 2.2 reuses an SMTP connection automatically when a destination has high volume of mail in the .

SMTP Connection caching is a performance feature. Whether or not it actually improves performance depends on the conditions:

• SMTP Connection caching can greatly improve performance when delivering mail to a destination with multiple mail servers, because it can help Postfix to skip over a non-responding server.

• Otherwise, the benefits of SMTP connection caching are minor: it eliminates the latency of the TCP handshake (SYN, SYN+ACK, ACK), plus the latency of the SMTP initial handshake (220 greeting, EHLO command, EHLO response).

• SMTP Connection caching gives no gains with respect to SMTP session tear-down. The Postfix client normally does not wait for the server's reply to the QUIT command, and it never waits for the TCP final handshake to complete.

• SMTP Connection caching introduces some overhead: the client needs to send an RSET command to find out if a connection is still usable, before it can send the next MAIL FROM command.

For other potential issues with SMTP connection caching, see the discussion of at the end of this document.

For an overview of how Postfix delivers mail, see the Postfix architecture document.

The Postfix connection cache is shared among Postfix mail delivering processes. This maximizes the opportunity to reuse an open connection. Other MTAs such as Sendmail or exim have a non-shared connection cache. Here, a connection can be reused only by the mail delivering process that creates the connection. To get the same performance improvement as with a shared connection cache, non-shared connections need to be kept open for a longer time.

Internet <--

<->

<->

--> Internet

The server, introduced with Postfix version 2.2, maintains the shared connection cache. With Postfix version 2.2, only the client has support to access this cache.

When SMTP connection caching is enabled (see next section), the client does not disconnect after a mail transaction, but gives the connection to the server which keeps the connection open for a limited amount of time.

After handing over the open connection to the server, the client continues with some other mail delivery request. Meanwhile, any client process can ask the server for that cached connection and reuse it for mail delivery.

The connection cache can be searched by destination domain name (the right-hand side of the recipient address) and by the IP address of the host at the other end of the connection. This allows Postfix to reuse a connection even when the remote host is mail server for domains with different names.

The Postfix client supports two connection caching strategies:

• On-demand connection caching. This is enabled by default, and is controlled with the configuration parameter. When this feature is enabled, the Postfix client automatically saves a connection to the connection cache when a destination has a high volume of mail in the .

  Example:

  /etc/postfix/main.cf:
       = yes
  

• Per-destination connection caching. This is enabled by explicitly listing specific destinations with the configuration parameter. After completing delivery to a selected destination, the Postfix client always saves the connection to the connection cache.

  Specify a comma or white space separated list of destinations or pseudo-destinations:

  • if mail is sent without a : a domain name (the right-hand side of an email address, without the [] around a numeric IP address),

  • if mail is sent via a : a name (without the [] or non-default TCP port), as specified in main.cf or in the transport map,

  • a /file/name with domain names and/or names as defined above,

  • a "" with domain names and/or names on the left-hand side. The right-hand side result from "" lookups is ignored.

  Examples:

  /etc/postfix/main.cf:
       = $
       = hotmail.com, ...
       = static:all (not recommended)
  

Connection caching must be used wisely. It is anti-social to keep an unused SMTP connection open for a significant amount of time, and it is unwise to send huge numbers of messages through the same connection. In order to avoid problems with SMTP connection caching, Postfix implements the following safety mechanisms:

• The Postfix server keeps a connection open for only a limited time. The time limit is specified with the and with the configuration parameters. This prevents anti-social behavior.

• The Postfix client reuses a session for only a limited number of times. This avoids triggering bugs in implementations that do not correctly handle multiple deliveries per session.

  With Postfix 2.2 the use count is limited with the configuration parameter. With Postfix 2.3 this is replaced by a time limit which is specified with the parameter. In addition, Postfix 2.3 logs the use count of multiply-used connections, as shown in the following example:

  Nov  3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE:
  to=, orig_to=,
  relay=mail.example.com[1.2.3.4], conn_use=2, delay=0.22,
  delays=0.04/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok)
  

• The connection cache explicitly labels each cached connection with destination domain and IP address information. A connection cache lookup succeeds only when the correct information is specified. This prevents mis-delivery of mail.

Postfix SMTP connection caching conflicts with certain applications:

• The Postfix shared connection cache cannot be used with TLS, because saved TLS session information can be used only when a new connection is created (this limitation does not exist in connection caching implementations that reuse a connection only in the process that creates it). For this reason, the Postfix client always closes the connection after completing an attempt to deliver mail over TLS.

• Postfix connection caching currently does not support multiple SASL accounts per mail server. Specifically, Postfix connection caching assumes that a SASL credential is valid for all hostnames or domain names that deliver via the same mail server IP address and TCP port, and assume that the SASL credential does not depend on the message originator.

The connection cache server logs statistics about the peak cache size and the cache hit rates. This information is logged every seconds, when the process terminates after the maximal idle time is exceeded, or when Postfix is reloaded.

• Hit rates for connection cache lookups by domain will tell you how useful connection caching is.

• Connection cache lookups by network address will always fail, unless you're sending mail to different domains that share the same MX hosts.

• No statistics are logged when no attempts are made to access the connection cache.