We have as the subject states a postfix mail server running with a barracuda spam/virus firewall as it's relayhost.

This specific barracuda firewall is just for outbound mail.

What we encountered upon our first tests was that everything we planned for seemed to work fine. Most mail was being handled properly, the barracuda was doing as it should, etc.

However, a day later, we noticed the tremendous amount of rate blocking barracuda was having to do for us. Ok, that's understandable, there were some legitimate automated email going out that was in fact kicking in the rate limiting feature of barracuda.

The problem we encountered with this was that the barracuda device was deferring rate limit blocked messages back to our postfix mail server.

Ok, that's fine, except after so many deferrals were received, postfix started also dropping a ton of lost connection deferred messages into our mailq. Granted, most of them were for the accounts that were being rate blocked by barracuda at the time, but a lot of these accounts were not.

Another note, while some of these accounts were rate blocked and others were just getting lost connections, some messages were making it through perfectly fine. Most in fact.

So, first question, excluding networking issues, does it make sense to anyone for postfix to actually drop the entire connection from it to the relayhost during this kind of situation for any reasons?

As barracuda isn't even receiving the full messages, I assume it has nothing to do with the rate limitation it's putting on some accounts. Even if it was, it should show these messages in it's log, which it does not.


An example message from our postfix log:
Mar  3 00:25:38 servername postfix/smtp[74601]: E140C42C5A: to=<username@domain.com>, relay=barracudaip[barracudaip]:25, delay=11, delays=11/0.03/0/0.12, dsn=4.4.2, status=deferred (lost connection with barracudaip[barracudaip] while sending RCPT TO)

Some were dropped while sending RCPT TO and some while sending DATA.


Thanks for any and all help,
Mythics

I can't say why you are having connection issues, but the Postfix dropping connections sounds like you have hit the hard and soft error limits.  When a connecting host appears to have trouble, Postfix will eventually respond in such a way as to prevent a dos flood.  Off the top of my head, I am not sure what the actual response to these limits is, but I would check their settings and see how they are handled.
 

That's what I don't really understand.

If our outbound firewall was sending deferrals back to the postfix server at an unreasonable rate, what would that have to do with dropping connections from the postfix server TO the firewall?