1

Topic: Admin panel Mail size vs Postfix Mail size

==== Required information ====
- iRedMail version:   0.82
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql (iRedAdmin-Pro-MySQL-1.5.0.tar.bz2 )
- Linux/BSD distribution name and version: Debian
- Related log if you're reporting an issue:
====

Postfix specifies 15 mb

MYSQL admin panel, under domain, I have enabled sender throttling
max size of single outgoing email is 30mb

Problem:  The system is using the setting set in Postfix

the quota size of all outgoing emails is 0, is this my mistake, should this be 30 mb?

If some is over the quota, where is it logged?   /var/log/mail  ???

2

Re: Admin panel Mail size vs Postfix Mail size

Could you please paste output of command "postconf -n" to help troubleshoot?

3

Re: Admin panel Mail size vs Postfix Mail size

postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhost                                                                              name
mydomain = abgnetwork.net
myhostname = nm2.abgnetwork.net
mynetworks = 127.0.0.0/8, 10.254.10.0/24
mynetworks_style = subnet
myorigin = /etc/mailname
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $myde                                                                              stination $mynetworks $smtpd_sender_login_maps $recipient_bcc_maps $recipient_ca                                                                              nonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_ma                                                                              ps $sender_canonical_maps $smtp_generic_maps $transport_maps $virtual_alias_doma                                                                              ins $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_se                                                                              nder_restrictions
queue_run_delay = 300s
readme_directory = no
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf,                                                                               proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:                                                                              mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_hel                                                                              o_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_reci                                                                              pient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted                                                                              _recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_                                                                              sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, re                                                                              ject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_footer = For assistance, call Advanced Business Group 847-247-0700.                                                                               Please provide the following information in your problem report: time ($localti                                                                              me), client ($client_address) and server ($server_name).
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, per                                                                              mit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/certs/gd_bundle.crt
smtpd_tls_cert_file = /etc/ssl/certs/nm2.abgnetwork.net.crt
smtpd_tls_key_file = /etc/ssl/private/nm2.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:my                                                                              sql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy                                                                              :mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/c                                                                              atchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains                                                                              .cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = dovecot
virtual_uid_maps = static:1001

4

Re: Admin panel Mail size vs Postfix Mail size

Any Ideas?

5

Re: Admin panel Mail size vs Postfix Mail size

The problem is you didn't enable sender throttling in Postfix and Policyd. Please follow this tutorial:
http://www.iredmail.org/wiki/index.php? … ian.Ubuntu

6

Re: Admin panel Mail size vs Postfix Mail size

ZhangHuangbin wrote:

The problem is you didn't enable sender throttling in Postfix and Policyd. Please follow this tutorial:
http://www.iredmail.org/wiki/index.php? … ian.Ubuntu


Enabled as per document

Problem:   The admin panel is still not overriding the settings in the main.cf & postfix-policyd_throttle.conf

postfix-policyd_throttle.conf
SENDERMSGSIZE=15728640

main.cf
message_size_limit = 15728640

How does the iredadmin-pro mysql admin panel override this setting?
So far it is still limited to 15 mb, I set 30 mb

7

Re: Admin panel Mail size vs Postfix Mail size

Policyd stores per-user/per-domain settings in SQL database. The one in postfix-policyd_throttle.conf is a global setting, it will override the one in Postfix (main.cf) if you have Policyd enabled.

8 (edited by darth_wells 2013-01-17 01:59:26)

Re: Admin panel Mail size vs Postfix Mail size

postfix-policyd.conf

######################################################################
#                    POLICY DAEMON CONFIGURATION                     #
######################################################################
#                          DATABASE CONFIG                           #
######################################################################
#
# ip address or hostname to connect to:
#
#   if you want to connect to a host/ip, enter it here.
#   if you want to via a unix socket, set MYSQLHOST=""
#
MYSQLHOST="127.0.0.1"

#
# database name:
#
#   name of database to connect to
#
MYSQLDBASE="postfixpolicyd"

#
# database username:
#
#   username to connect to database as
#
MYSQLUSER="postfix-policyd"

#
# database password:
#
#   password to for username
#
MYSQLPASS="X************************"

#
# connection options:
#
#   what client side connections policyd will use>
#
#     CLIENT_COMPRESS -> compress connection from policyd -> mysql
#     CLIENT_SSL      ->  encrypt connection from policyd -> mysql
#
MYSQLOPT=""

#
# failsafe/failover mode:                             default: on
#
#   if the database or queries fail, continue accepting mail
#   
#                                                     1=on  0=off
FAILSAFE=1

#
# database keep alive:                                default: off
#
#   if you recieve very little mail, your connection to  the
#   mysql database will time out. enabling this option pings
#   the database to ensure the database connection is alive.
#   if it is not, it reconnects to the database. this option
#   is not needed on mail servers that recieve more than one
#   mail every 60 to 120 seconds. disabling this increases
#   performance a little.
#   
#                                                     1=on  0=off
DATABASE_KEEPALIVE=0





######################################################################
#                           DAEMON  CONFIG                           #
######################################################################
#
# debugging information:                              default: 3
#
#   only use debugging when there are problems
#
#   0 -> off (recommended)
#   1 -> standard debugging
#   2 -> 1+mysql queries+results
#   3 -> 1+2+network debugging
#                                                           0=off
DEBUG=0

#
# daemon/background mode:                             default: off
#
#   detach policyd from terminal. enable when you're happy
#   that things are working as they should.
#
#                                                     1=on  0=off
DAEMON=1

#
# bind to ip address:
#
#   ip address which the policy daemon will listen on
#
BINDHOST="127.0.0.1"

#
# port to bind to:
#
#   port which the policy daemon will listen on
#
BINDPORT="10031"

#
# path to pidfile:
#
#   where policyd will write its current pid to
#
PIDFILE=/var/run/policyd.pid

#
# syslog facility
#
#   what syslog facility to log to
#
SYSLOG_FACILITY="LOG_MAIL|LOG_INFO"




######################################################################
#                              SECURITY                              #
######################################################################
#
# chroot:
#
#   directory to change to before binding
#
CHROOT=/home/policyd

#
# uid:
#
#   userid for the policy daemon to run as
#
UID=1002

#
# gid:
#
#   groupid for the policy daemon to run as
#   
GID=1002

#
# connection acl:
#
#   this is the list of ip addresses or networks (cidr format) that
#   will be allowed to connect to policyd. leaving this blank causes
#   policyd to reject all connection attempts.
#
CONN_ACL="127.0.0.1"


#####################################################################
#                            WHITELISTING              (functional) #
#####################################################################
#
# whitelisting:                                       default: on
#
#   this enables whitelisting of ip/netblocks. this is needed
#   if you want to allow any of the whitelisting features.
#
#                                                     1=on  0=off
WHITELISTING=1

#
# whitelist null sender:                              default: off
#
#   null senders are normally used for bounce messages. many
#   viruses use null senders so its wise to leave this disabled.
#
#                                                     1=on  0=off
WHITELISTNULL=0

#
# whitelist sender address/domain
#
#   this allows you to do whitelisting based on envelope sender
#   address or envelope sender domain. a number of people have
#   been asking for this. please AVOID using this as spammers
#   forge senders and domains a lot.
#
#                                                     1=on  0=off
WHITELISTSENDER=1

#
# whitelist client dns name
#
#   this allows you whitelist clients that have proper resolving
#   records. for example, i could whitelist 'bulk.scd.yahoo.com'.
#   so any connections from n6a.bulk.scd.yahoo.com or
#   n6b.bulk.scd.yahoo.com would be whitelisted. this type of
#   whitelisting gives far greater power when it comes to
#   whitelisting ISPs or big companies which you know do not
#   house spammers. please note. this table must NOT have more
#   than 10 000 -> 15 000 entries.
#
#                                                     1=on  0=off
WHITELISTDNSNAME=0

#
# automatic whitelisting                              default: off
#
#   this allows whitelisting of remote networks who have sent
#   more than AUTO_WHITELIST_NUMBER of authenticated triplets.
#
#                                                     1=on  0=off
AUTO_WHITE_LISTING=1

#
# auto whitelist number:                              default: 500
#
#   how many succesfull triplets does it require before a
#   network is automatically whitelisted
#
AUTO_WHITELIST_NUMBER=10

#
# whitelist netblock/24:                              default: 0
#
#   when hosts get autowhitelisted, should the host be whitelisted
#   or should the entire netblock (class C).
#
#                                                     1=class 0=host
AUTO_WHITELIST_NETBLOCK=0

#
# whitelist expiry                                    default: 7 days
#
#   this allows you to specify for what period of time any
#   host will be whitelisted for when auto whitelisted.
#   a setting of 0 sets a permanent whitelist
#
AUTO_WHITELIST_EXPIRE=7d





#####################################################################
#                            BLACKLISTING              (functional) #
#####################################################################
#
# blacklisting:                                       default: off
#
#   this enables blacklisting of ip/netblocks. this is needed
#   if you want to allow any of the blacklisting features and
#   the spamtrapping module. if blacklisting is disabled,
#   the other modules still run and insert blacklisting records
#   into the table, but it doesn't take effect untill you
#   actually turn blacklisting on. this allows people to look
#   and what hosts get blacklisted and see if any possible
#   problems occured. (false-positive)
#
#                                                     1=on  0=off
BLACKLISTING=1

#
# blacklist client dns name:
#
#   this allows you blacklist clients that have proper resolving
#   records. for example, i could blacklist 'spamtargeting.com'.
#   so any connections from mail1.spamtargeting.com or
#   mail2.spamtargeting.com would be blacklisted. this type of
#   blacklisting gives far greater power when it comes to
#   blacklisting ISPs or big companies which you know do
#   house spammers, or e.g. ADSL home users when their ISPs
#   give an easily identifiable reverse DNS to them like
#   adsl-*.revip.thisisp.com. please note. this table must
#   NOT have more than 10 000 -> 15 000 entries.
#                                                     1=on  0=off
BLACKLISTDNSNAME=0

#
# blacklist temp rejection:                           default: 4xx
#
#   this allows you to either temp reject (4xx) blacklisted
#   hosts or if you're sure that blacklisted hosts are safe
#   to reject, you can hard reject (5xx) blacklisted hosts.
#
#                                                     1=4xx  0=5xx
BLACKLIST_TEMP_REJECT=0

#
# blacklist netblock/24:                              default: host
#
#   when hosts get blacklisted, should the host be blacklisted
#   or should the entire netblock (class C). this applies to
#   both when a host gets blacklisted via the spamtrap module
#   or via the blacklist helo module.
#
#                                                     1=class 0=host
BLACKLIST_NETBLOCK=0

#
# blacklist rejection                                 default: "Abuse. Go Away"
#
#   what error message blacklisted hosts will recieve.
#
BLACKLIST_REJECTION="Abuse. Go away."

#
# automatic blacklisting                              default: off
#
#   this allows blacklisting of remote networks who have sent
#   more than AUTO_BLACKLIST_NUMBER of unauthenticated triplets.
#
#                                                     1=on  0=off
AUTO_BLACK_LISTING=1

#
# auto blacklist number:                              default: 500
#
#   how many succesfull untriplets does it require before a
#   network is automatically blacklisted
#
AUTO_BLACKLIST_NUMBER=500

#
# blacklist expiry                                    default: 7 days
#
#   this allows you to specify for what period of time any
#   host will be blacklisted for when auto blacklisted.
#   a setting of 0 sets a permanent blacklist
#
AUTO_BLACKLIST_EXPIRE=7d





#####################################################################
#                        BLACKLISTING HELO             (functional) #
#####################################################################
#
# blacklisting helo:                                  default: off
#
#   this enables blacklisting of ip/netblocks who attempt to
#   identify themselve as you. no legit MTA should be using
#   your helo identity when connecting to your machines.
#
#                                                     1=on  0=off
BLACKLIST_HELO=0

#
# blacklist helo auto expire:                         default: permanent
#
#   this allows you to specify for what period of time any
#   host will be blacklisted for when it has been caught
#   using your HELO to identify itself. (a setting of 0
#   sets a permanent blacklist)
#
BLACKLIST_HELO_AUTO_EXPIRE=0



#####################################################################
#                        BLACKLIST SENDER              (functional) #
#####################################################################
#
# blacklist sender:                                   default: off
#
#   this allows you to use policyd to block domains and/or   
#   email addresses.
#                                                     1=on  0=off
BLACKLISTSENDER=1



#####################################################################
#                             HELO_CHECK               (functional) #
#####################################################################
#
# helo unique checking                                default: off
#
#   (legit) hosts that connect to your mail servers 99% of
#   the time use static HELO information. spammers randomize
#   their helo. enabling this will cut down the amount of
#   spam entering your network.
#                                                     1=on  0=off
HELO_CHECK=1

#
# helo max number count:
#
#   this allows you to specify how many unique/different
#   helo names a connecting host/ip is allowed to send.
#   spammers randomize their helo information in big
#   numbers. legit MTAs with floating ips also do this,
#   but the number of them is fairly small.
#
#
HELO_MAX_COUNT=10

#
# helo blacklist auto expire:
#
#   this allows you to specify for what period of time any
#   host will be blacklisted for when it has been caught
#   randomizing their helo information. (a setting of 0
#   sets a permanent blacklist)
#
HELO_BLACKLIST_AUTO_EXPIRE=14d

#
# helo auto expire:
#
#   this allows you to specify for what period of time any
#   HELO identity will remain in the database for before it
#   gets expired. (a setting of 0 ensures that all HELO
#   information stays stored and is never expired).
#
HELO_AUTO_EXPIRE=7d





#####################################################################
#                             SPAMTRAP                 (functional) #
#####################################################################
#
# enable spamtrap                                     default: off
#
#   the idea of this module is to allow you to capture
#   hosts that mail to your spamtraps without having to
#   resort to parsing the mails to identify senders. you
#   now have the ability to blacklist the host/netblock
#   for a period of time (definable in SPAMTRAP_AUTO_EXPIRE).
#
#                                                     1=on  0=off
SPAMTRAPPING=1

#
# spamtrap rejection:                                 default: "Abuse. Go Away."
#
#   what error message the connecting host will recieve
#   when a message is directly sent to your spamtraps
#
SPAMTRAP_REJECTION="Abuse. Go away."

#
# spamtrap auto expire:                               default: 7 days
#
#   this allows you to specify for what period of time any
#   host will be blacklisted for when it has been caught
#   mailing to your spamtrap addresses. (a setting of 0
#   sets a permanent blacklist)
#
SPAMTRAP_AUTO_EXPIRE=7d





#####################################################################
#                            GREYLISTING               (functional) #
#####################################################################
#
# enable greylisting                                  default: on
#
#   whether greylisting should be enabled or disabled.
#
#                                                     1=on  0=off
GREYLISTING=0

#
# greylist rejection:                                 default: "Please try later"
#
#   what error message the connecting host will recieve
#   when a new triplet has been created.
#
GREYLIST_REJECTION="Please try later."

#
# greylist x-header:                                  default: off
#
#   you now have the functionality of tagging all mail
#   that has passed greylisting.
#
#                                                     1=on  0=off
GREYLIST_X_HEADER=0

#
# greylist host address:                              default: off
#
#   by default policyd will only use 3 octets when dealing
#   with greylisting information. this allows policyd to
#   work around roaming MTAs which are known to move mail
#   between different queues after a 450/temp rejection.
#   
#   some dont want this functionality and wish to be more
#   aggressive when receiving mail. example of the format
#   of the ips stored:
#
#   1=192
#   2=192.168
#   3=192.168.0            <- default/recommended
#   4=192.168.0.1
#
GREYLIST_HOSTADDR=3

#
# train database:                                     default: off
#
#   this is very usefull for people would want to build
#   up a collection of triplets before they start rejecting
#   mail. training mode allows the collection of triplets
#   to mature to a stage that when greylisting is actually
#   enabled, they impact caused is far far less.
#
#                                                     1=on  0=off
TRAINING_MODE=0

#
# training policy duration/timeout                    default: 0d
#
#   when you have run TRAINING_MODE for your all your domains
#   and are running greylisting across the board, adding new
#   domains and subjecting them to greylisting without a
#   training period can bring unnessasary hassles. this feature
#   allows you to specify for how long 'new domains' are to be
#   trained for before being subjected to greylisting.
#
#   a value of 0 disables this feature.
#
TRAINING_POLICY_TIMEOUT=0

#
#
# triplet timeout:                                    default: 4 minutes
#
#   when a triplet is created from the first mail delivery
#   attempt, what period of time should go by before we
#   allow the 'final delivery'. a study shows that there
#   is no difference between 1 minute and 1 hour for spam
#   at this point in time. a sane limit would be 5 minutes.
#   
TRIPLET_TIME=5m

#
# opt in and opt out:                                 default: off
#
#   some people are fairly irate when it comes to mail and
#   refuse wanting to have any type of delay. this feature
#   enables each and every person the ability to not subject
#   themselves to greylisting. this feature is also VERY
#   usefull when you dont want to subject EVERY person to
#   greylisting at once but instead allows you to enable
#   it in batches/groups of users so you get a feel on the
#   type of complaints or praise from your users.
#
#                                                     1=on  0=off
OPTINOUT=0

#
# optinoutall:                                        default: off
#
#   this allows you to either opt everyone in, or opt every
#   one out and only has any effect if OPTINOUT is enabled.
#
#                                                     1=on  0=off
OPTINOUTALL=0

#
# triplet authenticated cleanup                       default: 30d
#
#   if a triplet has been successfully updated (retried and
#   delivered), this is what is considered an 'authenticated'
#   triplet. this options allows some sanity so you do not
#   keep these triplets forever. specify the amount of days
#   that we keep authenticated triplets since it was last updated.
#
TRIPLET_AUTH_TIMEOUT=7d

#
# triplet unauthenticated cleanup                     default: 2d
#
#   if a triplet has NOT been successfully updated (no retry
#   attempt), this is what is considered as an 'unathenticated'
#   triplet. this option allows some sanity so you do not
#   keep these triplets forever. specify the amount of days
#   that we keep unauthenticated triplets since being inserted
#   into the database
#
TRIPLET_UNAUTH_TIMEOUT=2d




#####################################################################
#                      SENDER THROTTLE                 (functional) #
#####################################################################
#
# throttle senders                                    default: off
#
#   sender throttling allows per-user limits of all
#   mail that passes the policy daemon. any envelope
#   sender that is not found in the database will
#   fall back to the config defaults listed below.
#
#                                                     1=on  0=off
SENDERTHROTTLE=0

#
# throttle SASL users                                 default=on
#
#   throttling based upon envelope sender addresses does
#   not work very well as it can of course be easily forged.
#   if your users are forced to authenticate via SASL, enable
#   this option so that quotas stick like glue regardless of
#   what they try.
#
#   if this option is enabled, and a remote client connects
#   WITHOUT sasl, it will then use the clients sending/FROM
#   address.
#                                                     1=on  0=off
SENDER_THROTTLE_SASL=0

#
# throttle IP addresses                               default=on
#
#   throttling based upon the ip address of the sender
#   will ensure that the host does not send more than
#   their allowed quota. you may only enable
#   SENDER_THROTTLE_SASL or SENDER_THROTTLE_HOST but
#   *NOT* both.
#                                                     1=on  0=off
SENDER_THROTTLE_HOST=0

#
# quota exceeded temp rejection:                           default: 5xx
#
#   select temp reject (4xx) or hard reject (5xx) on quota exceeded
#
#                                                     1=4xx  0=5xx
QUOTA_EXCEEDED_TEMP_REJECT=1

#
# throttle rejection:                               default: "Quota Exceeded"
#
#   what error message the connecting host will recieve
#   when they have exceeded any of their quotas.
#
SENDER_QUOTA_REJECTION="Quota Exceeded."

#
# throttle max message size reject message          default: Message size too big
#
#   
#
SENDER_SIZE_REJECTION="Message size too big."

#
# maximum mail sent per time period                 default: 5000
#
#   how many messages a user is allowed to send out
#   before the time limit has expired.
#
SENDERMSGLIMIT=512

#
# maximum mail recipients per time period           default: 5000
#
#   how many recipients a user is allowed to send out
#   before the time limit has expired.
#
SENDERRCPTLIMIT=3600

#
# maximum mail quota/size per time period           default: 250 meg
#
#   how much mail will be allowed from a user (in megs)
#   which will be accepted before the timelimit has expired.
#   note: the maximum supported size is 2gig
#
SENDERQUOTALIMIT=250000000

#
# sender time limit:                                default: 24 hours
#
#   after how long does all quota last before counters
#   are reset back to to zero.
#
SENDERTIMELIMIT=1h

#
# sender message size:                              default: 10 meg
#
#   this is the maximum sender mail size
#
SENDERMSGSIZE=10240000

#
# sender "warning" threshold
#
#   this is the threshold (in percentage) that will trigger a
#   a warning to syslog. valid percentages are 1 -> 99
#
SENDERMSGSIZE_WARN=50

#
# sender "panic" threshold
#
#   this is the threshold (in percentage) that will trigger a
#   a warning to syslog. valid percentages are 1 -> 99
#
SENDERMSGSIZE_PANIC=90

#
# inactive sender database record cleanup           default: 31 days
#
#   this allows you to specify how long the throttling
#   records of inactive senders kept in the database.
#   this allows to keep the database small. a setting
#   of 0 keeps all entries.
#
SENDER_INACTIVE_EXPIRE=31d




#####################################################################
#                    RECIPIENT THROTTLE                (functional) #
#####################################################################
#
# throttle recipients                               default: off
#
#   recipient throttling allows per-user limits of all
#   mail that passes the policy daemon. any envelope
#   recipient that is not found in the database will
#   fall back to the config defaults listed below.
#
#                                                     1=on  0=off
RECIPIENTTHROTTLE=0

#
# maximum mail sent per time period                 default: 5000
#
#   how many messages a user is allowed to send out
#   before the time limit has expired.
#
RECIPIENTMSGLIMIT=64

#
# recipient time limit:                             default: 24 hours
#
#   after how long does all quota last before counters
#   are reset back to to zero.
#
RECIPIENTTIMELIMIT=1h

# throttle recipient rejection:                     default: "Quota Exceeded"
#
#   what error message the connecting host will recieve
#   when they have exceeded any of their quotas.
#
RECIPIENT_QUOTA_REJECTION="Quota Exceeded."

#
# inactive recipients database record cleanup       default: 31 days
#
#   this allows you to specify how long the throttling
#   records of inactive recipients are kept in the database.
#   this allows to keep the database small. a setting
#   of 0 keeps all entries.
#
RECIPIENT_INACTIVE_EXPIRE=31d



#######
# EOF #
#######

9

Re: Admin panel Mail size vs Postfix Mail size

postfix-policyd_sender_throttle

#! /bin/sh
### BEGIN INIT INFO
# Provides:          postfix-policyd_throttle
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/postfix-policyd
CONFIG=/etc/postfix-policyd_throttle.conf
PIDFILE='/var/run/policyd_throttle.pid'
NAME=postfix-policyd_throttle
DESC="Postfix throttling policy daemon"

test -x $DAEMON || exit 0

# Include policyd defaults if available
#if [ -f /etc/default/postfix-policyd ] ; then
#       . /etc/default/postfix-policyd
#fi

set -e

PIDFILE=`grep "PIDFILE" $CONFIG | awk -F "=" '{print $2}' | awk '{print $1}'`

case "$1" in
  start)
        echo -n "Starting $DESC: "
        start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG
        echo "$NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
        echo "$NAME."
        ;;
  reload|force-reload)
        echo -n "Reloading $DESC configuration: "
        start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON
        echo "$NAME."
        ;;
  restart)
        echo -n "Restarting $DESC: "
        start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG
        echo "$NAME."
        ;;
  *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac

exit 0

10

Re: Admin panel Mail size vs Postfix Mail size

netstat -ntlp | grep -i 1003
tcp        0      0 127.0.0.1:10031         0.0.0.0:*               LISTEN      16807/postfix-polic
tcp        0      0 127.0.0.1:10032         0.0.0.0:*               LISTEN      16733/postfix-polic

11

Re: Admin panel Mail size vs Postfix Mail size

nm2:/etc/init.d# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = abgnetwork.net
myhostname = nm2.abgnetwork.net
mynetworks = 127.0.0.0/8, 10.254.10.0/24, 46.144.243.70, 72.135.198.105, 75.145.128.210, 50.193.66.177, 50.193.66.178, 192.168.222.11, 10.254.252.0/24, 10.11.109.0/24, 10.11.12.0/24
mynetworks_style = subnet
myorigin = /etc/mailname
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $smtpd_sender_login_maps $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_run_delay = 300s
readme_directory = no
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_footer = For assistance, call Advanced Business Group 847-247-0700. Please provide the following information in your problem report: time ($localtime), client ($client_address) and server ($server_name).
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/certs/gd_bundle.crt
smtpd_tls_cert_file = /etc/ssl/certs/nm2.abgnetwork.net.crt
smtpd_tls_key_file = /etc/ssl/private/nm2.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = dovecot
virtual_uid_maps = static:1001

12

Re: Admin panel Mail size vs Postfix Mail size

/var/log/mail.log

Jan 16 12:02:45 nm2 postfix-policyd: rcpt=20549, throttle=update(a), host=127.0.0.1, from=stacy_borkofsky@cpr.ca, to=gperri@unitedsteelandfasteners.com, size=10639/15728640, quota=21036/250000000, count=2/512(2), rcpt=2/3600(2), threshold=0%|0%|0%
Jan 16 12:03:00 nm2 postfix-policyd: rcpt=20550, throttle=update(a), host=10.254.10.10, from=heidi@organicdefoamergroup.com, to=obe@ppiinc.com, size=7466/15728640, quota=84324/250000000, count=7/512(17), rcpt=7/3600(17), threshold=0%|1%|0%
Jan 16 12:03:01 nm2 postfix-policyd: rcpt=20551, throttle=update(a), host=10.254.10.26, from=bad@host.alle-laptop-onlineshops.com, to=jsargis@unitedsteelandfasteners.com, size=17841/15728640, quota=53517/250000000, count=3/512(3), rcpt=3/3600(3), threshold=0%|0%|0%
Jan 16 12:03:01 nm2 postfix-policyd: rcpt=20552, throttle=update(a), host=127.0.0.1, from=heidi@organicdefoamergroup.com, to=obe@ppiinc.com, size=7669/15728640, quota=91993/250000000, count=8/512(18), rcpt=8/3600(18), threshold=0%|1%|0%
Jan 16 12:03:03 nm2 postfix-policyd: rcpt=20553, throttle=update(a), host=127.0.0.1, from=bad@host.alle-laptop-onlineshops.com, to=jeslinesargis@hotmail.com, size=18018/15728640, quota=71535/250000000, count=4/512(4), rcpt=4/3600(4), threshold=0%|0%|0%
Jan 16 12:03:03 nm2 postfix-policyd: rcpt=20554, throttle=update(a), host=127.0.0.1, from=bad@host.alle-laptop-onlineshops.com, to=jsargis@unitedsteelandfasteners.com, size=18028/15728640, quota=89563/250000000, count=5/512(5), rcpt=5/3600(5), threshold=0%|0%|0%
Jan 16 12:03:04 nm2 postfix-policyd: rcpt=20555, throttle=new(a), host=10.254.10.26, from=orders@potbelly.com, to=heatherh@nielsenmassey.com, size=6738/15728640, quota=6738/250000000, count=1/512(1), rcpt=1/3600(1), threshold=0%|0%|0%
Jan 16 12:03:04 nm2 postfix-policyd: rcpt=20556, throttle=update(a), host=127.0.0.1, from=orders@potbelly.com, to=heatherh@nielsenmassey.com, size=6941/15728640, quota=13679/250000000, count=2/512(2), rcpt=2/3600(2), threshold=0%|0%|0%

13

Re: Admin panel Mail size vs Postfix Mail size

Still getting error 552 5.3.4 when trying to send email larger than 15 mb

Did I miss something on
http://www.iredmail.org/wiki/index.php? … ian.Ubuntu

14

Re: Admin panel Mail size vs Postfix Mail size

What's the full error message? A "552 5.3.4" is helpless.