Postfix's default configuration is tuned for a general-purpose mail server handling modest volumes. When you start pushing hundreds of thousands or millions of messages per day through a dedicated Postfix relay, the defaults become bottlenecks: too few SMTP processes, too little queue manager concurrency, too conservative retry intervals, and DNS lookups that serialize what should be parallel operations. This guide covers the complete tuning stack — from main.cf concurrency parameters through master.cf process configuration, per-ISP rate controls, queue management, and the hardware prerequisites that determine your actual ceiling.
Understanding Postfix Queue Architecture Before Tuning
Before touching any parameters, understanding how Postfix manages message flow prevents configuration mistakes that make throughput worse rather than better.
Postfix uses four queues in sequence:
- Incoming queue: Messages deposited by local applications or SMTP. The cleanup daemon processes incoming messages and moves them to the next stage.
- Active queue: Messages the queue manager (qmgr) has selected for immediate delivery. This is the "working set" — messages currently in-flight or waiting for delivery agent slots. The size is controlled by
qmgr_message_active_limit(default: 20,000). - Deferred queue: Messages waiting for retry after a temporary delivery failure. The queue manager periodically scans the deferred queue (controlled by
queue_run_delay) to move eligible messages back to the active queue. - Hold queue: Messages held manually by operators or by specific policy rules. Not automatically retried.
Critical insight: The active queue is the primary throughput bottleneck at high volume. If the active queue is consistently full (mailq | grep "^[0-9A-F]" | wc -l close to qmgr_message_active_limit), adding concurrency won't help — the queue manager is already capacity-limited. The solution is usually to increase qmgr_message_active_limit and ensure the delivery agents can drain the active queue faster than messages arrive.
Baseline Hardware Requirements
No amount of software tuning overcomes hardware inadequacy. For high-volume Postfix outbound relay:
- CPU: Each SMTP delivery process consumes minimal CPU for message handling but significant CPU for TLS handshakes. At 500+ concurrent TLS connections, CPU can become a bottleneck. Minimum: 4 cores for 100K/day; 8–16 cores for 1M+/day.
- RAM: The queue manager keeps the active queue in memory. At 20,000 active messages with typical metadata, this requires 200–400MB. For the OS filesystem cache (Postfix queues are on disk), 4–8GB minimum. 16–32GB for very high volume.
- Disk (this is often the real bottleneck): Postfix queues are disk-based. Each message involves multiple filesystem operations (create queue file, update directory, move between queues). Mechanical HDDs: typically limited to 150–300 IOPS. NVMe SSDs: 100,000+ IOPS. The difference is enormous for high-volume throughput. At 100,000 messages/day, an HDD is borderline; at 1M/day, NVMe is not optional.
- Network: Each concurrent SMTP connection uses one ephemeral port. At 500 concurrent connections, verify your OS ephemeral port range is sufficient:
sysctl net.ipv4.ip_local_port_range. For high concurrency, set:net.ipv4.ip_local_port_range = 10000 65535
Local DNS resolver: the overlooked bottleneck
Postfix performs DNS MX lookups for every distinct destination domain. At high volume with many unique recipient domains, DNS lookup latency becomes a primary throughput limiter. Each 100ms of additional DNS latency per unique domain translates directly to reduced delivery rate.
| Parameter | Default | Recommended (high volume) | Impact |
|---|---|---|---|
| default_process_limit | 100 | 800 | Max concurrent SMTP client processes |
| smtp_destination_concurrency_limit | 20 | 10–15 per destination | Connections per target domain — ISPs enforce their own |
| smtp_destination_rate_delay | 0s | 0.1s (ISP-specific) | Pacing between deliveries to same domain |
| maximal_queue_lifetime | 5d | 1d for bulk, 3d for transactional | How long undelivered mail stays in queue |
| smtp_connect_timeout | 30s | 10s | Faster failure detection, avoids pileup |
| smtp_helo_timeout | 300s | 60s | HELO handshake timeout — shorter = faster circuit break |
| qmgr_message_recipient_limit | 20000 | 50000 | Max recipients per queue scan cycle |
| inet_protocols | all | ipv4 (unless IPv6 warmed) | Avoid IPv6 delivery if not yet warmed |
# /etc/postfix/main.cf — tuned for 200K+ messages/day default_process_limit = 800 smtp_destination_concurrency_limit = 10 smtp_destination_rate_delay = 0.1s smtp_extra_recipient_limit = 5 # Queue management maximal_queue_lifetime = 1d bounce_queue_lifetime = 6h qmgr_message_recipient_limit = 50000 # Connection tuning smtp_connect_timeout = 10s smtp_helo_timeout = 60s smtp_data_init_timeout = 120s smtp_data_xfer_timeout = 180s # Transport map for per-domain throttling transport_maps = hash:/etc/postfix/transport # /etc/postfix/transport (separate file) gmail.com smtp:[smtp-relay.gmail.com]:587 yahoo.com smtp:[smtp.mail.yahoo.com]:587 rate_delay=0.5s outlook.com smtp:[smtp.office365.com]:587 concurrency_limit=5
# Install and configure a local caching resolver
sudo apt install unbound # Debian/Ubuntu
# or
sudo dnf install unbound # RHEL/CentOS
# Configure Postfix to use it
# In /etc/postfix/main.cf:
smtp_dns_support_level = enabled
smtp_host_lookup = nativeA local caching resolver (Unbound or Bind) eliminates repeated lookups for popular destination domains like gmail.com, outlook.com, and yahoo.com — these MX records are resolved once and cached until TTL expiry, rather than queried on every delivery attempt.
main.cf: Concurrency and Process Parameters
# /etc/postfix/main.cf — High-volume outbound relay tuning
# ===== Process Limits =====
# Total Postfix processes across all services
# Default: 100 — too low for high-volume
# Set based on CPU cores × 10-20 for outbound relay
default_process_limit = 500
# ===== Queue Manager Tuning =====
# Max messages in active queue (working set)
# Default: 20000 — increase for very high volume
qmgr_message_active_limit = 40000
# Max recipients per active queue message
# Default: 300 — fine for most use cases
qmgr_message_recipient_limit = 300
# ===== Outbound Concurrency =====
# Default concurrent connections per destination domain
# Default: 20 — appropriate starting point
# Don't set globally too high; use per-ISP overrides
default_destination_concurrency_limit = 20
# Initial concurrency (TCP slow-start analog)
# Default: 5 — reasonable
initial_destination_concurrency = 5
# Concurrency feedback (how fast to scale up/down)
# Default: 1 — conservative; increase for faster ramp
default_destination_concurrency_positive_feedback = 1
default_destination_concurrency_negative_feedback = 1
# Recipients per SMTP message (RCPT TO per DATA)
# Default: 50 — reasonable for most ISPs
# Some ISPs limit to 10-20; don't set this too high
default_destination_recipient_limit = 50
# ===== Retry Intervals =====
# Minimum time before first retry
# Default: 300s (5 minutes) — appropriate
minimal_backoff_time = 300s
# Maximum retry interval (exponential backoff ceiling)
# Default: 4000s (~67 min) — reasonable
maximal_backoff_time = 4000s
# Time after which undeliverable mail bounces
# Default: 5d — reduce for high-volume to clear queue faster
maximal_queue_lifetime = 3d
# ===== Connection Timeouts =====
# Time to wait for remote SMTP connection
# Default: 30s — too long when many destinations are slow
smtp_connect_timeout = 15s
# Time to wait for SMTP greeting
smtp_helo_timeout = 15s
# Time to wait for MAIL FROM response
smtp_mail_timeout = 30s
# Time to wait for RCPT TO response
smtp_rcpt_timeout = 30s
# ===== Queue Scan Intervals =====
# How often queue manager rescans deferred queue
# Default: 300s — appropriate; don't decrease aggressively
queue_run_delay = 300s
# ===== TLS =====
# Opportunistic TLS for outbound (try, don't require)
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_session_cache_timeout = 3600s
# ===== Input Rate Control =====
# Delay accepting new messages when output falls behind
# Prevents queue from growing faster than delivery
in_flow_delay = 1smaster.cf: Transport Pool Sizing
The master.cf maxproc column controls how many processes each service can run simultaneously. For high-volume outbound relays, the smtp client process count is the primary constraint:
# /etc/postfix/master.cf — increase smtp process limit
# Format: service type private unpriv chroot wakeup maxproc command
# Default smtp entry (maxproc = 100 by default, shown as -)
# Change to explicit high value for high-volume outbound:
smtp unix - - n - 500 smtp
# smtpd (inbound) — don't over-provision if this is outbound-only
# smtps and submission if applicable
smtpd inet n - y - 100 smtpd
Per-ISP Transport Configuration
Different receiving ISPs accept different volumes and speeds. Using Postfix transport maps, you can configure per-ISP delivery policies that maximise throughput while respecting each provider's limits:
# /etc/postfix/transport — map domains to named transports
gmail.com gmail:
googlemail.com gmail:
outlook.com microsoft:
hotmail.com microsoft:
live.com microsoft:
msn.com microsoft:
yahoo.com yahoo:
ymail.com yahoo:
aol.com yahoo:
comcast.net conservative:
# Activate in main.cf:
# transport_maps = hash:/etc/postfix/transport
# Then hash the file:
# sudo postmap /etc/postfix/transport# /etc/postfix/main.cf — per-transport concurrency limits
# Gmail: higher concurrency acceptable, reputation-dependent
gmail_destination_concurrency_limit = 10
gmail_destination_rate_delay = 0
gmail_destination_recipient_limit = 100
# Microsoft: conservative — aggressive sending triggers 421s
microsoft_destination_concurrency_limit = 5
microsoft_destination_rate_delay = 1s
microsoft_destination_recipient_limit = 50
# Yahoo: moderate — watch for TS codes in bounce logs
yahoo_destination_concurrency_limit = 8
yahoo_destination_rate_delay = 0
yahoo_destination_recipient_limit = 50
# Conservative: for ISPs that throttle heavily
conservative_destination_concurrency_limit = 2
conservative_destination_rate_delay = 3s
conservative_destination_recipient_limit = 20# /etc/postfix/master.cf — add named transport entries
gmail unix - - n - 100 smtp
-o smtp_connect_timeout=10
-o smtp_helo_timeout=10
microsoft unix - - n - 50 smtp
-o smtp_connect_timeout=15
yahoo unix - - n - 80 smtp
-o smtp_connect_timeout=10
conservative unix - - n - 20 smtp
-o smtp_connect_timeout=20
-o smtp_destination_rate_delay=3sQueue Monitoring and Diagnostics
Essential queue monitoring commands
# Total queue depth (active + deferred + incoming)
mailq | tail -1
# Active queue depth (messages being delivered right now)
ls /var/spool/postfix/active/ | wc -l
# Deferred queue depth (messages waiting for retry)
ls /var/spool/postfix/deferred/ | wc -l
# Per-domain queue analysis (requires qshape — install if not present)
# Shows queue distribution by destination domain
qshape deferred | head -30
# Real-time SMTP connection count
ps aux | grep "postfix/smtp" | grep -v grep | wc -l
# Messages delivered in the last hour (from mail log)
grep "$(date --date='1 hour ago' '+%b %e %H')" /var/log/mail.log | grep "status=sent" | wc -l
# Bounce rate (last hour)
grep "$(date --date='1 hour ago' '+%b %e %H')" /var/log/mail.log | grep "status=bounced" | wc -lReading the deferred queue intelligently
A growing deferred queue is normal and expected — it means Postfix is retrying previously failed messages. A deferred queue that grows faster than it drains indicates a systemic problem. Use qshape to identify which destination domains have the most deferred messages:
qshape deferred | head -20
# Output format: domain 0-5min 5-10min 10-20min 20-40min 40-80min 80-160min ...
# Large numbers in old time buckets = messages repeatedly failing
# Large numbers in recent buckets = normal retry activityIf one or two domains dominate your deferred queue (Gmail and Outlook are common), those ISPs are throttling or blocking your traffic. The fix is not to adjust Postfix queue parameters — it's to diagnose and resolve the reputation or authentication issue causing the rejections.
Capacity Planning and Throughput Limits
A properly tuned Postfix installation on adequate hardware delivers approximately:
| Hardware | Daily capacity | Peak messages/second |
|---|---|---|
| VPS (2 vCPU, 4GB RAM, SSD) | 50,000–200,000 | 5–20/sec |
| Dedicated (4 core, 16GB, NVMe) | 500,000–1M | 50–100/sec |
| Dedicated (8 core, 32GB, NVMe RAID) | 2M–5M | 200–500/sec |
| Cluster (multiple servers) | 10M+ | 1000+/sec |
These estimates assume a diverse recipient domain mix and clean list quality. Poorly performing lists (high deferred rate) reduce effective throughput significantly because delivery agents spend time managing retries rather than delivering new messages.
The practical ceiling for Postfix on a single server before investing in PowerMTA or KumoMTA is approximately 500,000–1,000,000 messages per day. Above this threshold, the management overhead of Postfix tuning for high-volume outbound (building per-ISP transport pools, managing bounce classification externally, handling FBL processing separately) typically justifies the move to a purpose-built bulk sending MTA with these features built in.
