L.S., I ran into a little something. I have separated my main smtp service (tcp/25) and smtps/submission services (tcp/465, tcp/587). The smtps/submission services have a few extra virtual aliases, but they also (don't ask) add a header:
% cat on2it-header-checks
/^Received:/i PREPEND X-ON2IT-Claimer: This message may contain
confidential or privileged information.
(Since you probably do wonder
anyway, this is how I preemptively struck out
against having to insert
foolish disclaimers into message bodies.)
My message_size_limit is set:
message_size_limit = 10240000
The main smtp as well as the smtps/submission services report that size after
the EHLO:
250-SIZE 10240000
Sane clients respect that size limit and refuse to send messages exceeding it.
But since the message size will grow (by 82 bytes) after prepending a header,
it is entirely possible that this will push a message slightly below the limit
over the edge. Such a message will get sent by the client, only to receive a
"5.3.4 Error: message file too big" (and the cleanup process logs "queue file
size limit exceeded").
This has two disadvantageous consequences:
a) Clients send (large) messages in vain
b) Some clients handle the SMTP error poorly (we've seen this mainly
for Android phones)
This got me thinking. Would it be possible to have
message_size_limit = 10240000
but have my smtps/submission services announce slightly less:
250-SIZE 10239918
?
It's icing on the cake, I know, but is this at all doable?
Regards, Jeroen
---- Snip ----
My config (main/master) is:
% echo "## main.cf ##"; postconf -n; echo "## master.cf ##"; postconf -P
## main.cf ##
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
lmtp_header_checks =
lmtp_mime_header_checks =
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
msa_alias_maps = btree:/usr/local/etc/postfix/on2it-aliases-override
btree:/usr/local/etc/postfix/on2it-aliases-users
btree:/usr/local/etc/postfix/on2it-aliases-public
btree:/usr/local/etc/postfix/on2it-aliases-private
pcre:/usr/local/etc/postfix/on2it-regex-aliases
msa_body_checks =
msa_cleanup_service_name = msa_cleanup
msa_header_checks = pcre://usr/local/etc/postfix/on2it-header-checks
mydomain = on2it.net
mynetworks = localhost,172.18.8.0/24,172.22.8.0/24
mynetworks_style = host
myorigin = on2it.net
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relayhost = smarthost.on2it.net
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_header_checks = $header_checks
smtp_mime_header_checks = $header_checks
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination reject_unknown_recipient_domain
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_service = smtp, lmtp
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/etc/postfix/certs/mail.on2it.net.crt
smtpd_tls_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL
smtpd_tls_key_file = /usr/local/etc/postfix/private/mail.on2it.net.key
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5, DES, ADH, RC4, PSD, SRP,
3DES, eNULL
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache
soft_bounce = no
transport_maps = btree:/usr/local/etc/postfix/on2it-discard
btree:/usr/local/etc/postfix/on2it-transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = btree:/usr/local/etc/postfix/on2it-aliases-override
btree:/usr/local/etc/postfix/on2it-aliases-users
btree:/usr/local/etc/postfix/on2it-aliases-public
pcre:/usr/local/etc/postfix/on2it-regex-aliases
virtual_mailbox_domains = on2it.net, on2it.nl, on2it.be, on2it.de
virtual_mailbox_maps = $virtual_alias_maps
virtual_transport = lmtp:unix:private/dovecot-lmtp
## master.cf ##
msa_cleanup/unix/body_checks = $msa_body_checks
msa_cleanup/unix/header_checks = $msa_header_checks
msa_cleanup/unix/virtual_alias_maps = $msa_alias_maps
submission/inet/cleanup_service_name = $msa_cleanup_service_name
submission/inet/smtpd_recipient_restrictions =
submission/inet/smtpd_reject_unlisted_recipient = no
submission/inet/smtpd_relay_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject
submission/inet/smtpd_sasl_auth_enable = yes
submission/inet/smtpd_tls_security_level = encrypt
submission/inet/syslog_name = postfix/submission
smtps/inet/cleanup_service_name = $msa_cleanup_service_name
smtps/inet/milter_macro_daemon_name = ORIGINATING
smtps/inet/smtpd_recipient_restrictions =
smtps/inet/smtpd_reject_unlisted_recipient = no
smtps/inet/smtpd_relay_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject
smtps/inet/smtpd_sasl_auth_enable = yes
smtps/inet/smtpd_tls_wrappermode = yes
smtps/inet/syslog_name = postfix/smtps
signature.asc
Description: OpenPGP digital signature
