Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to handle smtpd_end_of_data_restrictions for multiple recipients?

294 views
Skip to first unread message

Pascal Volk

unread,
Mar 3, 2011, 8:21:22 AM3/3/11
to
Hello,

I'm trying reject messages for recipients which are over quota or will
be over quota when the current message would be accepted and delivered.
That works fine as long as there is only one recipient.

Now I have the following idea:
smtpd_recipient_restrictions =

reject_unauth_destination
check_policy_service inet:127.0.0.1:12345

smtpd_end_of_data_restrictions =
check_policy_service inet:127.0.0.1:12345

In the "RCPT TO" stage the policy_service will create a list with all
recipients of the current message.

Then in the "END-OF-MESSAGE" stage the policy_service will return:
if recipient_count == 1 && recipient_has_quota_reached:
action=552 5.2.2 Quota exceeded (mailbox for recipient is full)
if recipient_count > 1 && any_recipient_has_quota_reached:
(do not deliver to recipients which are still under quota)
action=552 5.2.2 Quota … (mailbox for one or recipients is full)
else:
action=dunno

Would this be correct? Are there any other/better (recommended) procedures?


Regards,
Pascal
--
The trapper recommends today: cafefeed...@localdomain.org

Reindl Harald

unread,
Mar 3, 2011, 8:55:14 AM3/3/11
to
we do quotas this with dbmail-lmtp on the mda-side

in this case postfix delivers every message via lmtp
and if the mailbox is full dbmail-lmtp is giving
a error back for this unique rcpt

another point is that quoats on the mta is the wrong place
because the mta do not know anything about via imap-append
copied messages, the mda knows what really happens

signature.asc

Noel Jones

unread,
Mar 3, 2011, 9:27:41 AM3/3/11
to
On 3/3/2011 7:21 AM, Pascal Volk wrote:
> Hello,
>
> I'm trying reject messages for recipients which are over quota or will
> be over quota when the current message would be accepted and delivered.
> That works fine as long as there is only one recipient.
>
> Now I have the following idea:
> smtpd_recipient_restrictions =
> …
> reject_unauth_destination
> check_policy_service inet:127.0.0.1:12345
>
> smtpd_end_of_data_restrictions =
> check_policy_service inet:127.0.0.1:12345
>
> In the "RCPT TO" stage the policy_service will create a list with all
> recipients of the current message.
>
> Then in the "END-OF-MESSAGE" stage the policy_service will return:
> if recipient_count == 1&& recipient_has_quota_reached:

> action=552 5.2.2 Quota exceeded (mailbox for recipient is full)

OK.

> if recipient_count> 1&& any_recipient_has_quota_reached:


> (do not deliver to recipients which are still under quota)
> action=552 5.2.2 Quota … (mailbox for one or recipients is full)

This will reject mail for everyone on the message if anyone is
over quota. Seems like poor service for the clients.


> else:
> action=dunno

OK.

>
> Would this be correct? Are there any other/better (recommended) procedures?


Better to find some way to reject over quota recipients during
smtpd_recipient_restrictions. Maybe have the IMAP system
update a table that postfix can query.


-- Noel Jones

Pascal Volk

unread,
Mar 3, 2011, 9:33:58 AM3/3/11
to
On 03/03/2011 02:55 PM Reindl Harald wrote:
> we do quotas this with dbmail-lmtp on the mda-side
>
> in this case postfix delivers every message via lmtp
> and if the mailbox is full dbmail-lmtp is giving
> a error back for this unique rcpt

What exactly does that mean? Posfix accepts the message addressed to
a.u...@exmaple.com and b.u...@example.com. Then the delivering client
disconnects from the Postfix SMTP server.
After that the Postfix LMTP client delivers the message via dbmail-lmtp?

And when a.u...@exmaple.com is over quota the message will be bounced?

> another point is that quoats on the mta is the wrong place
> because the mta do not know anything about via imap-append
> copied messages, the mda knows what really happens

I'm writing my policy_service because Postfix doesn't know anything of
the quota stuff. But my policy_service will know the quota stuff.


Regards,
Pascal
--
The trapper recommends today: defaced...@localdomain.org

Pascal Volk

unread,
Mar 3, 2011, 9:45:11 AM3/3/11
to
On 03/03/2011 03:27 PM Noel Jones wrote:
> On 3/3/2011 7:21 AM, Pascal Volk wrote:
>> …
>> if recipient_count> 1&& any_recipient_has_quota_reached:
>> (do not deliver to recipients which are still under quota)
>> action=552 5.2.2 Quota … (mailbox for one or recipients is full)
>
> This will reject mail for everyone on the message if anyone is
> over quota. Seems like poor service for the clients.
> …

>>
>> Would this be correct? Are there any other/better (recommended) procedures?
>
> Better to find some way to reject over quota recipients during
> smtpd_recipient_restrictions. Maybe have the IMAP system
> update a table that postfix can query.

There is one problem: The real message size is only known in the
"END-OF-MESSAGE" stage. But not in the "RCPT TO" stage, when
smtpd_recipient_restrictions are evaluated.

My idea would 'emulate' Postfix' behavior, when the
virtual_alias_expansion_limit is exceeded.
When virtual_alias_expansion_limit has it's default value (1000) the
message to alia...@example.com, which expands into 1001 recipients,
will not be delivered to any of the 1001 recipients. (Do I remember wrong?)

Reindl Harald

unread,
Mar 3, 2011, 9:47:20 AM3/3/11
to

Am 03.03.2011 15:33, schrieb Pascal Volk:
> On 03/03/2011 02:55 PM Reindl Harald wrote:
>> we do quotas this with dbmail-lmtp on the mda-side
>>
>> in this case postfix delivers every message via lmtp
>> and if the mailbox is full dbmail-lmtp is giving
>> a error back for this unique rcpt
>
> What exactly does that mean? Posfix accepts the message addressed to
> a.u...@exmaple.com and b.u...@example.com. Then the delivering client
> disconnects from the Postfix SMTP server.
> After that the Postfix LMTP client delivers the message via dbmail-lmtp?
>
> And when a.u...@exmaple.com is over quota the message will be bounced?

Here a example on my homeserver with set quota down to 10 MB
while 50 MB are in the inbox for this test-case. You see
the same message-id so i sent one message to two rcpt while
one of them was over quota

rcpt 1: all ok, message accepted
rcpt 2: over qutoa -> bounced

Mar 3 15:37:54 srv-rhsoft postfix/smtpd[7106]: connect from rh.thelounge.net[91.118.73.99]
Mar 3 15:37:54 srv-rhsoft postfix/smtpd[7106]: Anonymous TLS connection established from
rh.thelounge.net[91.118.73.99]: TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)
Mar 3 15:37:55 srv-rhsoft dovecot: auth: mysql: Connected to /var/lib/mysql/mysql.sock (dbmail)
Mar 3 15:37:55 srv-rhsoft postfix/smtpd[7106]: 3B868332: client=rh.thelounge.net[91.118.73.99],
sasl_method=CRAM-MD5, sasl_username=rhs...@test.rh
Mar 3 15:37:55 srv-rhsoft postfix/cleanup[7122]: 3B868332: message-id=<4D6FA7C2...@test.rh>
Mar 3 15:37:55 srv-rhsoft postfix/qmgr[4688]: 3B868332: from=<rhs...@test.rh>, size=721, nrcpt=2 (queue active)
Mar 3 15:37:55 srv-rhsoft postfix/smtpd[7106]: disconnect from rh.thelounge.net[91.118.73.99]
Mar 3 15:37:55 srv-rhsoft postfix/lmtp[7125]: 3B868332: to=<fl...@test.rh>, relay=127.0.0.1[127.0.0.1]:24,
delay=0.15, delays=0.09/0.01/0/0.05, dsn=2.0.0, status=sent (215 Recipient <fl...@test.rh> OK)
Mar 3 15:37:55 srv-rhsoft postfix/lmtp[7125]: 3B868332: to=<rhs...@test.rh>, relay=127.0.0.1[127.0.0.1]:24,
delay=0.18, delays=0.09/0.01/0/0.09, dsn=5.0.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 522 Recipient
<rhs...@test.rh> Permanent Failure Mailbox Status Mailbox full (in reply to end of DATA command))
_______________________

this is the bounce message where you see only the one address with the
exceeded qutoa and this is what i would expect from a mailserver

Mar 3 15:42:55 srv-rhsoft postfix/cleanup[7205]: 7CDCE335: message-id=<20110303144...@srv-rhsoft.rhsoft.net>
Mar 3 15:42:55 srv-rhsoft postfix/bounce[7204]: 3B868332: sender non-delivery notification: 7CDCE335
Mar 3 15:42:55 srv-rhsoft postfix/qmgr[4688]: 7CDCE335: from=<>, size=2975, nrcpt=1 (queue active)
Mar 3 15:42:55 srv-rhsoft postfix/qmgr[4688]: 3B868332: removed
Mar 3 15:42:55 srv-rhsoft postfix/lmtp[7125]: 7CDCE335: to=<rhs...@test.rh>, relay=127.0.0.1[127.0.0.1]:24,
delay=0.13, delays=0.05/0.01/0/0.07, dsn=2.0.0, status=sent (215 Recipient <rhs...@test.rh> OK)

<rhs...@test.rh>: host 127.0.0.1[127.0.0.1] said: 522 Recipient
<rhs...@test.rh> Permanent Failure Mailbox Status Mailbox full
(in reply to end of DATA command)

Reporting-MTA: dns; srv-rhsoft.rhsoft.net
X-Postfix-Queue-ID: 3B868332
X-Postfix-Sender: rfc822; rhs...@test.rh
Arrival-Date: Thu, 3 Mar 2011 15:37:55 +0100 (CET)
Final-Recipient: rfc822; rhs...@test.rh
Original-Recipient: rfc822;rhs...@test.rh
Action: failed
Status: 5.0.0
Remote-MTA: dns; 127.0.0.1
Diagnostic-Code: smtp; 522 Recipient <rhs...@test.rh> Permanent Failure Mailbox
Status Mailbox full

> I'm writing my policy_service because Postfix doesn't know anything of
> the quota stuff. But my policy_service will know the quota stuff.

yes but the MDA is a straighter way because so no component of postfix
must know anything about quota

signature.asc

Pascal Volk

unread,
Mar 3, 2011, 10:11:20 AM3/3/11
to
On 03/03/2011 03:47 PM Reindl Harald wrote:
> Here a example on my homeserver with set quota down to 10 MB
> while 50 MB are in the inbox for this test-case. You see
> the same message-id so i sent one message to two rcpt while
> one of them was over quota
>
> rcpt 1: all ok, message accepted
> rcpt 2: over qutoa -> bounced

Why do you bounce messages, to the often faked, sender, when there are
ways to reject the message early?


Regards,
Pascal
--
The trapper recommends today: cafebabe...@localdomain.org

Reindl Harald

unread,
Mar 3, 2011, 10:23:08 AM3/3/11
to
Am 03.03.2011 16:11, schrieb Pascal Volk:
> On 03/03/2011 03:47 PM Reindl Harald wrote:
>> Here a example on my homeserver with set quota down to 10 MB
>> while 50 MB are in the inbox for this test-case. You see
>> the same message-id so i sent one message to two rcpt while
>> one of them was over quota
>>
>> rcpt 1: all ok, message accepted
>> rcpt 2: over qutoa -> bounced
>
> Why do you bounce messages, to the often faked, sender, when there are
> ways to reject the message early?

Because there are not always full inboxes as long the admin
is not sleeping and with this way i have not the problems
you have

dbmail/mysql as backend, dovecot for auth/proxy and postfix as mta
is a well working system and better a single bounce to the
wrong address than rejecting valid messages


signature.asc

Michael Tokarev

unread,
Mar 3, 2011, 10:24:16 AM3/3/11
to
On 03.03.2011 18:11, Pascal Volk wrote:
> On 03/03/2011 03:47 PM Reindl Harald wrote:
>> Here a example on my homeserver with set quota down to 10 MB
>> while 50 MB are in the inbox for this test-case. You see
>> the same message-id so i sent one message to two rcpt while
>> one of them was over quota
>>
>> rcpt 1: all ok, message accepted
>> rcpt 2: over qutoa -> bounced
>
> Why do you bounce messages, to the often faked, sender, when there are
> ways to reject the message early?

It isn't - usually - frequent to have lots of mailboxes
over-quota.

For the OP, I found a combination of recipient reject (when
over-quota already) and an occasional bounce (when the mailbox
is going over-quota) to be quite acceptable. Yes it will
bounce from time to time, -- the message that triggers the
over-quota condition, -- but the rest of the time it will
either be accepted and delivered or rejected. That to say,
updating recipient blacklists does the trick.

/mjt

0 new messages