implementing per recipient size limit

mailing lists Wed, 18 Jun 2014 02:38:28 -0700

Hello all

I'm trying to limit big mails to local lists using postfix+postfwd but I must 
be missing something because it seems too complex to me.


Mail size is available in END-OF-MESSAGE (E-O-M) so I do size checks in this 
phase of the protocol. With single recipient mails all works as expected, 
postfix policy information shows size and recipient info and I can reject them, 
whilst multiple recipient mails lacks the recipient info, 
this field is empty in E-O-M, so there is no easy way to do this check because 
not sufficient info is present at E-O-M. 

any ideas for how to implement this?


my configuracion and tests:

main.cf:
===========
smtpd_recipient_restrictions = ....,check_policy_service 
inet:127.0.0.1:10040,.....
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040


postfwd.cf:
===========
id=Rule_is_a_list
   recipient_localpart !~ ^lists-.*
   action=jump(Rule_final)

id=Rule_lists_040
   protocol_state==END-OF-MESSAGE
   size>=1048576
   action=REJECT max size reached ($$size)

id=Rule_lists_050
   protocol_state==RCPT
   days=Mon-Fri
   time=08:00:00-18:00:00
   action=HOLD mail from $$sender on hold queue

id=Rule_final
   action=dunno

 
test with single recipient:
 
vm-test:~/tests/postfwd-1.35 # netcat localhost 25 < ./oversize_mail.txt 
220 antispam.example.com ESMTP myhome
250 antispam.example.com
250 2.1.0 Ok
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
554 5.7.1 <END-OF-MESSAGE>: End-of-data rejected: max size reached (1559814)


first [POLICY_DATA] block is smtpd_recipient_restrictions check and second 
block is smtpd_end_of_data_restrictions check:

postfix/smtpd[13184]: connect from localhost[127.0.0.1]
postfix/smtpd[13184]: improper command pipelining after HELO from 
localhost[127.0.0.1]
postfwd2/policy[13164]: [POLICY_DATA] ccert_fingerprint=
postfwd2/policy[13164]: [POLICY_DATA] ccert_issuer=
postfwd2/policy[13164]: [POLICY_DATA] ccert_subject=
postfwd2/policy[13164]: [POLICY_DATA] client_address=127.0.0.1
postfwd2/policy[13164]: [POLICY_DATA] client_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] encryption_cipher=
postfwd2/policy[13164]: [POLICY_DATA] encryption_keysize=0
postfwd2/policy[13164]: [POLICY_DATA] encryption_protocol=
postfwd2/policy[13164]: [POLICY_DATA] etrn_domain=
postfwd2/policy[13164]: [POLICY_DATA] helo_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] instance=3380.53a145df.7433c.0
postfwd2/policy[13164]: [POLICY_DATA] 
orig=///ccert_fingerprint=///sasl_method=///sasl_sender=///size=///helo_name=localhost///reverse_client_name=localhost///queue_id=///encryption_cipher=///encryption_protocol=///etrn_domain=///ccert_subject=///request=smtpd_access_policy///protocol_state=RCPT///stress=///recipient=list-users-h...@example.com///sasl_username=///instance=3380.53a145df.7433c.0///protocol_name=SMTP///encryption_keysize=///recipient_count=///ccert_issuer=///sender=user...@example.com///client_name=localhost///client_address=127.0.0.1
postfwd2/policy[13164]: [POLICY_DATA] protocol_name=SMTP
postfwd2/policy[13164]: [POLICY_DATA] protocol_state=RCPT
postfwd2/policy[13164]: [POLICY_DATA] queue_id=
postfwd2/policy[13164]: [POLICY_DATA] recipient=list-users-h...@example.com
postfwd2/policy[13164]: [POLICY_DATA] recipient_count=0
postfwd2/policy[13164]: [POLICY_DATA] recipient_domain=example.com
postfwd2/policy[13164]: [POLICY_DATA] recipient_localpart=list-users-home
postfwd2/policy[13164]: [POLICY_DATA] request=smtpd_access_policy
postfwd2/policy[13164]: [POLICY_DATA] reverse_address=1.0.0.127
postfwd2/policy[13164]: [POLICY_DATA] reverse_client_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] sasl_method=
postfwd2/policy[13164]: [POLICY_DATA] sasl_sender=
postfwd2/policy[13164]: [POLICY_DATA] sasl_username=
postfwd2/policy[13164]: [POLICY_DATA] sender=user...@example.com
postfwd2/policy[13164]: [POLICY_DATA] sender_domain=example.com
postfwd2/policy[13164]: [POLICY_DATA] sender_localpart=user012
postfwd2/policy[13164]: [POLICY_DATA] size=0
postfwd2/policy[13164]: [POLICY_DATA] stress=
postfwd2/policy[13164]: [POLICY_DATA] version=postfwd2 1.35
postfwd2/policy[13164]: [RULES] rule=2, id=Rule_lists_050, 
client=localhost[127.0.0.1], sender=<user...@example.com>, 
recipient=<list-users-h...@example.com>, helo=<localhost>, proto=SMTP, 
state=RCPT, delay=0.01s, hits=Rule_lists_050, action=HOLD mail from 
user...@example.com on hold queue
postfix/smtpd[13184]: NOQUEUE: hold: RCPT from localhost[127.0.0.1]: 
<list-users-h...@example.com>: Recipient address mail from user...@example.com 
on hold queue; from=<user...@example.com> to=<list-users-h...@example.com> 
proto=SMTP helo=<localhost>
postfix/smtpd[13184]: 82EFEA057: client=localhost[127.0.0.1]
postfix/cleanup[13188]: 82EFEA057: 
message-id=<20140618075511.82efea...@antispam.example.com>
postfwd2/policy[13164]: [POLICY_DATA] ccert_fingerprint=
postfwd2/policy[13164]: [POLICY_DATA] ccert_issuer=
postfwd2/policy[13164]: [POLICY_DATA] ccert_subject=
postfwd2/policy[13164]: [POLICY_DATA] client_address=127.0.0.1
postfwd2/policy[13164]: [POLICY_DATA] client_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] encryption_cipher=
postfwd2/policy[13164]: [POLICY_DATA] encryption_keysize=0
postfwd2/policy[13164]: [POLICY_DATA] encryption_protocol=
postfwd2/policy[13164]: [POLICY_DATA] etrn_domain=
postfwd2/policy[13164]: [POLICY_DATA] helo_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] instance=3380.53a145df.7433c.0
postfwd2/policy[13164]: [POLICY_DATA] 
orig=///ccert_fingerprint=///sasl_method=///sasl_sender=///size=1559814///helo_name=localhost///reverse_client_name=localhost///queue_id=82EFEA057///encryption_cipher=///encryption_protocol=///etrn_domain=///ccert_subject=///stress=///protocol_state=END-OF-MESSAGE///request=smtpd_access_policy///recipient=list-users-h...@example.com///sasl_username=///instance=3380.53a145df.7433c.0///protocol_name=SMTP///recipient_count=1///encryption_keysize=///ccert_issuer=///sender=user...@example.com///client_name=localhost///client_address=127.0.0.1
postfwd2/policy[13164]: [POLICY_DATA] protocol_name=SMTP
postfwd2/policy[13164]: [POLICY_DATA] protocol_state=END-OF-MESSAGE
postfwd2/policy[13164]: [POLICY_DATA] queue_id=82EFEA057
postfwd2/policy[13164]: [POLICY_DATA] recipient=list-users-h...@example.com
postfwd2/policy[13164]: [POLICY_DATA] recipient_count=1
postfwd2/policy[13164]: [POLICY_DATA] recipient_domain=example.com
postfwd2/policy[13164]: [POLICY_DATA] recipient_localpart=list-users-home
postfwd2/policy[13164]: [POLICY_DATA] request=smtpd_access_policy
postfwd2/policy[13164]: [POLICY_DATA] reverse_address=1.0.0.127
postfwd2/policy[13164]: [POLICY_DATA] reverse_client_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] sasl_method=
postfwd2/policy[13164]: [POLICY_DATA] sasl_sender=
postfwd2/policy[13164]: [POLICY_DATA] sasl_username=
postfwd2/policy[13164]: [POLICY_DATA] sender=user...@example.com
postfwd2/policy[13164]: [POLICY_DATA] sender_domain=example.com
postfwd2/policy[13164]: [POLICY_DATA] sender_localpart=user012
postfwd2/policy[13164]: [POLICY_DATA] size=1559814
postfwd2/policy[13164]: [POLICY_DATA] stress=
postfwd2/policy[13164]: [POLICY_DATA] version=postfwd2 1.35
postfwd2/policy[13164]: [RULES] rule=1, id=Rule_lists_040, queue=82EFEA057, 
client=localhost[127.0.0.1], sender=<user...@example.com>, 
recipient=<list-users-h...@example.com>, helo=<localhost>, proto=SMTP, 
state=END-OF-MESSAGE, delay=0.01s, hits=Rule_lists_040, action=REJECT max size 
reached (1559814)
postfix/smtpd[13184]: 82EFEA057: reject: END-OF-MESSAGE from 
localhost[127.0.0.1]: 554 5.7.1 <END-OF-MESSAGE>: End-of-data rejected: max 
size reached (1559814); from=<user...@example.com> 
to=<list-users-h...@example.com> proto=SMTP helo=<localhost>
postfix/smtpd[13184]: disconnect from localhost[127.0.0.1]



test with two recipients:

vm-test:~/tests/postfwd-1.35 # netcat localhost 25 < ./oversize_mail.txt 
220 antispam.example.com ESMTP myhome
250 antispam.example.com
250 2.1.0 Ok
250 2.1.5 Ok
250 2.1.5 Ok
354 End data with <CR><LF>.<CR><LF>
250 2.0.0 Ok: queued as 6FE61A057
vm-test:~/tests/postfwd-1.35 # 


first and second [POLICY_DATA] blocks are smtpd_recipient_restrictions checks 
(mail with two recipients) and third block is smtpd_end_of_data_restrictions 
check:

postfix/smtpd[13184]: connect from localhost[127.0.0.1]
postfix/smtpd[13184]: improper command pipelining after HELO from 
localhost[127.0.0.1]
postfwd2/policy[13164]: [POLICY_DATA] ccert_fingerprint=
postfwd2/policy[13164]: [POLICY_DATA] ccert_issuer=
postfwd2/policy[13164]: [POLICY_DATA] ccert_subject=
postfwd2/policy[13164]: [POLICY_DATA] client_address=127.0.0.1
postfwd2/policy[13164]: [POLICY_DATA] client_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] encryption_cipher=
postfwd2/policy[13164]: [POLICY_DATA] encryption_keysize=0
postfwd2/policy[13164]: [POLICY_DATA] encryption_protocol=
postfwd2/policy[13164]: [POLICY_DATA] etrn_domain=
postfwd2/policy[13164]: [POLICY_DATA] helo_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] instance=3380.53a145f6.6927a.0
postfwd2/policy[13164]: [POLICY_DATA] 
orig=///ccert_fingerprint=///sasl_method=///sasl_sender=///size=///helo_name=localhost///reverse_client_name=localhost///queue_id=///encryption_cipher=///encryption_protocol=///etrn_domain=///ccert_subject=///stress=///protocol_state=RCPT///request=smtpd_access_policy///recipient=list-users-h...@example.com///sasl_username=///instance=3380.53a145f6.6927a.0///protocol_name=SMTP///recipient_count=///encryption_keysize=///ccert_issuer=///sender=user...@example.com///client_name=localhost///client_address=127.0.0.1
postfwd2/policy[13164]: [POLICY_DATA] protocol_name=SMTP
postfwd2/policy[13164]: [POLICY_DATA] protocol_state=RCPT
postfwd2/policy[13164]: [POLICY_DATA] queue_id=
postfwd2/policy[13164]: [POLICY_DATA] recipient=list-users-h...@example.com
postfwd2/policy[13164]: [POLICY_DATA] recipient_count=0
postfwd2/policy[13164]: [POLICY_DATA] recipient_domain=example.com
postfwd2/policy[13164]: [POLICY_DATA] recipient_localpart=list-users-home
postfwd2/policy[13164]: [POLICY_DATA] request=smtpd_access_policy
postfwd2/policy[13164]: [POLICY_DATA] reverse_address=1.0.0.127
postfwd2/policy[13164]: [POLICY_DATA] reverse_client_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] sasl_method=
postfwd2/policy[13164]: [POLICY_DATA] sasl_sender=
postfwd2/policy[13164]: [POLICY_DATA] sasl_username=
postfwd2/policy[13164]: [POLICY_DATA] sender=user...@example.com
postfwd2/policy[13164]: [POLICY_DATA] sender_domain=example.com
postfwd2/policy[13164]: [POLICY_DATA] sender_localpart=user012
postfwd2/policy[13164]: [POLICY_DATA] size=0
postfwd2/policy[13164]: [POLICY_DATA] stress=
postfwd2/policy[13164]: [POLICY_DATA] version=postfwd2 1.35
postfwd2/policy[13164]: [CACHE] rule=2, id=Rule_lists_050, 
client=localhost[127.0.0.1], sender=<user...@example.com>, 
recipient=<list-users-h...@example.com>, helo=<localhost>, proto=SMTP, 
state=RCPT, delay=0.01s, hits=Rule_lists_050, action=HOLD mail from 
user...@example.com on hold queue
postfix/smtpd[13184]: NOQUEUE: hold: RCPT from localhost[127.0.0.1]: 
<list-users-h...@example.com>: Recipient address mail from user...@example.com 
on hold queue; from=<user...@example.com> to=<list-users-h...@example.com> 
proto=SMTP helo=<localhost>
postfix/smtpd[13184]: 6FE61A057: client=localhost[127.0.0.1]
postfwd2/policy[13164]: [POLICY_DATA] ccert_fingerprint=
postfwd2/policy[13164]: [POLICY_DATA] ccert_issuer=
postfwd2/policy[13164]: [POLICY_DATA] ccert_subject=
postfwd2/policy[13164]: [POLICY_DATA] client_address=127.0.0.1
postfwd2/policy[13164]: [POLICY_DATA] client_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] encryption_cipher=
postfwd2/policy[13164]: [POLICY_DATA] encryption_keysize=0
postfwd2/policy[13164]: [POLICY_DATA] encryption_protocol=
postfwd2/policy[13164]: [POLICY_DATA] etrn_domain=
postfwd2/policy[13164]: [POLICY_DATA] helo_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] instance=3380.53a145f6.6927a.0
postfwd2/policy[13164]: [POLICY_DATA] 
orig=///ccert_fingerprint=///sasl_method=///sasl_sender=///size=///helo_name=localhost///reverse_client_name=localhost///queue_id=6FE61A057///encryption_cipher=///encryption_protocol=///etrn_domain=///ccert_subject=///stress=///protocol_state=RCPT///request=smtpd_access_policy///recipient=list-users-ho...@example.com///sasl_username=///instance=3380.53a145f6.6927a.0///protocol_name=SMTP///recipient_count=///encryption_keysize=///ccert_issuer=///sender=user...@example.com///client_name=localhost///client_address=127.0.0.1
postfwd2/policy[13164]: [POLICY_DATA] protocol_name=SMTP
postfwd2/policy[13164]: [POLICY_DATA] protocol_state=RCPT
postfwd2/policy[13164]: [POLICY_DATA] queue_id=6FE61A057
postfwd2/policy[13164]: [POLICY_DATA] recipient=list-users-ho...@example.com
postfwd2/policy[13164]: [POLICY_DATA] recipient_count=0
postfwd2/policy[13164]: [POLICY_DATA] recipient_domain=example.com
postfwd2/policy[13164]: [POLICY_DATA] recipient_localpart=list-users-home2
postfwd2/policy[13164]: [POLICY_DATA] request=smtpd_access_policy
postfwd2/policy[13164]: [POLICY_DATA] reverse_address=1.0.0.127
postfwd2/policy[13164]: [POLICY_DATA] reverse_client_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] sasl_method=
postfwd2/policy[13164]: [POLICY_DATA] sasl_sender=
postfwd2/policy[13164]: [POLICY_DATA] sasl_username=
postfwd2/policy[13164]: [POLICY_DATA] sender=user...@example.com
postfwd2/policy[13164]: [POLICY_DATA] sender_domain=example.com
postfwd2/policy[13164]: [POLICY_DATA] sender_localpart=user012
postfwd2/policy[13164]: [POLICY_DATA] size=0
postfwd2/policy[13164]: [POLICY_DATA] stress=
postfwd2/policy[13164]: [POLICY_DATA] version=postfwd2 1.35
postfwd2/policy[13164]: [CACHE] rule=2, id=Rule_lists_050, queue=6FE61A057, 
client=localhost[127.0.0.1], sender=<user...@example.com>, 
recipient=<list-users-h...@example.com>, helo=<localhost>, proto=SMTP, 
state=RCPT, delay=0.01s, hits=Rule_lists_050, action=HOLD mail from 
user...@example.com on hold queue
postfix/cleanup[13188]: 6FE61A057: 
message-id=<20140618075534.6fe61a...@antispam.example.com>
postfwd2/policy[13164]: [POLICY_DATA] ccert_fingerprint=
postfwd2/policy[13164]: [POLICY_DATA] ccert_issuer=
postfwd2/policy[13164]: [POLICY_DATA] ccert_subject=
postfwd2/policy[13164]: [POLICY_DATA] client_address=127.0.0.1
postfwd2/policy[13164]: [POLICY_DATA] client_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] encryption_cipher=
postfwd2/policy[13164]: [POLICY_DATA] encryption_keysize=0
postfwd2/policy[13164]: [POLICY_DATA] encryption_protocol=
postfwd2/policy[13164]: [POLICY_DATA] etrn_domain=
postfwd2/policy[13164]: [POLICY_DATA] helo_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] instance=3380.53a145f6.6927a.0
postfwd2/policy[13164]: [POLICY_DATA] 
orig=///ccert_fingerprint=///sasl_method=///sasl_sender=///size=1559814///helo_name=localhost///reverse_client_name=localhost///queue_id=6FE61A057///encryption_cipher=///encryption_protocol=///etrn_domain=///ccert_subject=///stress=///protocol_state=END-OF-MESSAGE///request=smtpd_access_policy///recipient=///sasl_username=///instance=3380.53a145f6.6927a.0///protocol_name=SMTP///recipient_count=2///encryption_keysize=///ccert_issuer=///sender=user...@example.com///client_name=localhost///client_address=127.0.0.1
postfwd2/policy[13164]: [POLICY_DATA] protocol_name=SMTP
postfwd2/policy[13164]: [POLICY_DATA] protocol_state=END-OF-MESSAGE
postfwd2/policy[13164]: [POLICY_DATA] queue_id=6FE61A057
postfwd2/policy[13164]: [POLICY_DATA] recipient=
postfwd2/policy[13164]: [POLICY_DATA] recipient_count=2
postfwd2/policy[13164]: [POLICY_DATA] recipient_domain=example.com
postfwd2/policy[13164]: [POLICY_DATA] recipient_localpart=user012
postfwd2/policy[13164]: [POLICY_DATA] request=smtpd_access_policy
postfwd2/policy[13164]: [POLICY_DATA] reverse_address=1.0.0.127
postfwd2/policy[13164]: [POLICY_DATA] reverse_client_name=localhost
postfwd2/policy[13164]: [POLICY_DATA] sasl_method=
postfwd2/policy[13164]: [POLICY_DATA] sasl_sender=
postfwd2/policy[13164]: [POLICY_DATA] sasl_username=
postfwd2/policy[13164]: [POLICY_DATA] sender=user...@example.com
postfwd2/policy[13164]: [POLICY_DATA] sender_domain=example.com
postfwd2/policy[13164]: [POLICY_DATA] sender_localpart=user012
postfwd2/policy[13164]: [POLICY_DATA] size=1559814
postfwd2/policy[13164]: [POLICY_DATA] stress=
postfwd2/policy[13164]: [POLICY_DATA] version=postfwd2 1.35
postfwd2/policy[13164]: [RULES] rule=3, id=Rule_final, queue=6FE61A057, 
client=localhost[127.0.0.1], sender=<user...@example.com>, helo=<localhost>, 
proto=SMTP, state=END-OF-MESSAGE, delay=0.01s, hits=Rule_is_a_list;Rule_final, 
action=dunno
postfix/smtpd[13184]: disconnect from localhost[127.0.0.1]

implementing per recipient size limit

Reply via email to