Re: message_size_limit causes postfix to stop delivering messages

[Nick Bright]

On 2/4/2012 12:20 PM, Ralf Hildebrandt wrote:

* Nick Bright<nick.bri...@valnet.net>:

Upon restarting postfix with message_size_limit in place it simply
wouldn't deliver any mail. It accepts the mail in to SMTP just fine,
but it never gets delivered.

Logs?

There are no log entries other than normal entries reflecting that the messages have been accepted for delivery, though per another posters' recommendation; I will enable debug logging and give it another look. I also installed postfix-perl-utils and will examine which queue the messages are piling up in with pfHandle during my next test.

No mail appears to be lost, and no errors appear in the maillog while
message_size_limit is in effect, but the message doesn't pass to my
anti-spam daemon via content_filter.

It could be that the anti-spam daemon announces a LOWER size limit in
the EHLO greeting:
  <SNIP>  
and thus Postfix won't even try to send

Also, the content filter doesn't announce a SIZE:

$ telnet localhost 10025
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mppd
>

Once postfix is restarted with the message_size_limit parameter removed, the mail which was previously accepted and queued by postfix is delivered. Ergo, the content filter wouldn't be blocking the file, because the content filter configuration doesn't change.

When I remove the message_size_limit parameter from main.cf and
reload postfix, all mail that was not delivered does get delivered -
including messages with attachments larger than 10MB.

That makes no sense, since the limit is

I suspect that the test message which is >10MB gets accepted into the first queue in the stack, then whatever the problem is causes the message to stay there. Subsequently, when postfix is restarted with the message_size_limit parameter removed from main.cf, the problem causing the messages not to flow any further through the queues is removed - thus allowing the test message >10MB to continue through the mail flow (since the message was already waiting in a queue past the point that the 250-SIZE in the SMTP conversation would block the message).

$ postconf -d message_size_limit
message_size_limit = 10240000

Show postconf -n output and your master.cf

Attached as text.

Thanks for taking the time to reply.

 - Nick Bright

smtp    inet    n       -       n       -       200     smtpd
        -o content_filter=
submission inet n       -       n       -       200     smtpd
        -o content_filter=
smtps     inet  n       -       n       -       200       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o milter_macro_daemon_name=ORIGINATING
  -o content_filter=
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
localhost:10026 inet    n       -       n       -       50      smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o myhostname=localhost.domain.tld
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o smtpd_data_restrictions=
        -o smtpd_end_of_data_restrictions=
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

mppscan unix    -       -       n       -       50      lmtp
        -o lmtp_send_xforward_command=yes
        -o lmtp_cache_connection=no
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = mppscan:[127.0.0.1]:10025
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
local_recipient_maps = $virtual_mailbox_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8, 64.254.48.40/29
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
relay_domains = hash:/etc/postfix/mpp_relay_domains
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_protocols = !SSLv2
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks,  reject_rbl_client 
bl.spamcop.net,       reject_rbl_client sbl-xbl.spamhaus.org,         
reject_rbl_client cbl.abuseat.org,  reject_rbl_client zombie.dnsbl.sorbs.net,   
    reject_rbl_client http.dnsbl.sorbs.net, reject_rbl_client 
misc.dnsbl.sorbs.net,     reject_rbl_client socks.dnsbl.sorbs.net,        
reject_rbl_client web.dnsbl.sorbs.net,  reject_rbl_client 
ddnsbl.internetdefensesystems.com,        reject_rbl_client multi.surbl.org,    
  reject_rbl_client noptr.spamrats.com,       permit_sasl_authenticated,      
reject_rbl_client dyna.spamrats.com,    reject_rbl_client pbl.spamhaus.org,     
reject_rbl_client dul.dnsbl.sorbs.net,      check_policy_service 
inet:127.0.0.1:9998
smtpd_data_restrictions = permit_sasl_authenticated, check_policy_service 
inet:127.0.0.1:9998
smtpd_recipient_restrictions = permit_mynetworks,        
permit_sasl_authenticated,        reject_unauth_destination,        
check_policy_service inet:127.0.0.1:9998
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /path/to/cert.pem
smtpd_tls_key_file = /path/to/cert.key
smtpd_tls_protocols = !SSLv2
smtpd_tls_security_level = may
transport_maps = 
hash:/etc/postfix/mpp_transport_maps,hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, 
ldap:/etc/postfix/ldap-forwards.cf
virtual_gid_maps = static:400
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_domains = mydomain.com
virtual_mailbox_maps = ldap:/etc/postfix/ldap-mailboxmaps.cf
virtual_minimum_uid = 400
virtual_uid_maps = static:400
message_size_limit = 209715200

smime.p7s
Description: S/MIME Cryptographic Signature