1

Topic: message size limit

Hi

Please find below user ldiff output. I want to restrict per message size limit of a user to less then 512KB for both sending and receiving and it is working fine for recieving.
It is bouncing mails if is try to send more than 512KB from gmail. However it is still delivering mails larger then 512KB when I am sending from my own domain to gmail. Please suggest.


dn: mail=user10@pac.in,ou=Users,domainName=pac.in,o=domains,dc =pac,dc=org
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
mail: user10@pacesetters.in
sn: user10
uid: user10
storageBaseDirectory: /vmail
mailMessageStore: vmail1/pac.in/u/us/use/user10-2011.02.25.15.39.28/
homeDirectory: /vmail/vmail1/pac.in/u/us/use/user10-2011.02.25.15.39.2
8/
mtaTransport: dovecot
enabledService: mail
enabledService: smtp
enabledService: deliver
enabledService: pop3
enabledService: pop3secured
enabledService: imap
enabledService: imapsecured
enabledService: managesieve
enabledService: managesievesecured
enabledService: sieve
enabledService: sievesecured
enabledService: internal
enabledService: forward
enabledService: senderbcc
enabledService: recipientbcc
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
userPassword:: e1NTSEF9NGhrTDhtRGRjZFlwNWI4ZsdfsdfUNCcldCfdfdfbzFBbDIyZnBwazY=
cn: Test User
mailQuota: 104857600
accountStatus: active
amavisMessageSizeLimit: 512000

2

Re: message size limit

Do you bypass authenticated users in Amavisd?

3

Re: message size limit

ZhangHuangbin wrote:

bypass authenticated users in Amavisd

following output from master.cf file.

# Bypass checks for internally generated mail.
pickup    fifo  n       -       n       60      1       pickup
  -o content_filter=
submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026
# Use dovecot deliver program as LDA.

is there's any other file where bypass would be enabled for local users.

Thanks/Pradeep

4

Re: message size limit

pradeep77 wrote:

  -o content_filter=smtp-amavis:[127.0.0.1]:10026

Does it work if you remove this line in postfix master.cf?

5

Re: message size limit

ZhangHuangbin wrote:
pradeep77 wrote:

  -o content_filter=smtp-amavis:[127.0.0.1]:10026

Does it work if you remove this line in postfix master.cf?

Yes. even if this commented in master.cf, Mails exceeding size are bounced when sent from outside. however it doesnot work when sent from internal domain to internet.

6

Re: message size limit

ZhangHuangbin wrote:
pradeep77 wrote:

  -o content_filter=smtp-amavis:[127.0.0.1]:10026

Does it work if you remove this line in postfix master.cf?

Yes. even if this commented in master.cf, Mails exceeding size are bounced when sent from outside. however it doesnot work when sent from internal domain to internet.

7

Re: message size limit

Hi Zhang

here is part of amavisd.conf

$interface_policy{'10026'} = 'ORIGINATING';

$policy_bank{'ORIGINATING'} = {  # mail supposedly originating from our users
  originating => 1,  # declare that mail was submitted by our smtp client
  allow_disclaimers => 1,  # enables disclaimer insertion if available
  # notify administrator of locally originating malware
  virus_admin_maps => ["root\@$mydomain"],
  spam_admin_maps  => ["root\@$mydomain"],
  warnbadhsender   => 1,
  # forward to a smtpd service providing DKIM signing service
  forward_method => 'smtp:[127.0.0.1]:10027',
  # force MTA conversion to 7-bit (e.g. before DKIM signing)
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  #bypass_banned_checks_maps => [1],  # allow sending any file names and types
  #bypass_banned_checks_maps => [0],  # allow sending any file names and types
  terminate_dsn_on_notify_success => 0,  # don't remove NOTIFY=SUCCESS option
};

please suggest..

8

Re: message size limit

when sending from own domain to gmail..

ar  8 09:04:47 testmx amavis[4647]: (04647-03) lookup_ldap_attr(amavismessagesizelimit), "pradeep.h.mishra@gmail.com" no matching records
Mar  8 09:04:47 testmx amavis[4647]: (04647-03) lookup [message_size_limit] => undef, "pradeep.h.mishra@gmail.com" does not match
Mar  8 09:04:47 testmx amavis[4647]: (04647-03) final_destiny (ccat=0) is PASS, recip pradeep.h.mishra@gmail.com


when sending from gmail to own domain works perfectly.
Mar  8 09:00:53 testmx amavis[4648]: (04648-02) lookup_ldap_attr(amavisspamkilllevel), no attribute, "user10@pac" result=undef
Mar  8 09:00:53 testmx amavis[4648]: (04648-02) lookup: (scalar) matches, result="6.9"
Mar  8 09:00:53 testmx amavis[4648]: (04648-02) lookup [spam_kill_level] => true,  "user10@pac.in" matches, result="6.9", matching_key="(constant:6.9)"
Mar  8 09:00:53 testmx amavis[4648]: (04648-02) lookup_ldap_attr(amavismessagesizelimit) "user10@pac.in" result=(512000)
Mar  8 09:00:53 testmx amavis[4648]: (04648-02) lookup [message_size_limit] => true,  "user10@pac.in" matches, result="512000", matching_key="/cached/"
Mar  8 09:00:53 testmx amavis[4648]: (04648-02) OVERSIZED from <pradeep.h.mishra@gmail.com> to <user10@pacesetters.in>: size 748004 B, limit 512000 B
Mar  8 09:00:53 testmx amavis[4648]: (04648-02) blocking contents category is (3) for user10@pac.in

9

Re: message size limit

Tested on my VM server, seems Amavisd only check local recipient.

10

Re: message size limit

Another way is Policyd throtting. Reference:
http://policyd.sourceforge.net/readme.html

11

Re: message size limit

ZhangHuangbin wrote:

Tested on my VM server, seems Amavisd only check local recipient.

Hey Zhang
Thanks for replying. can we some how fix it, since message size restriction is needed to be checked from internally as well as externally. referred your policyd.sourceforge readme but that may not be possible here as we are using LDAP.


Thanks/Pradeep

12

Re: message size limit

iRedMail already ships Policyd, that means you already have policyd installed.

13

Re: message size limit

ZhangHuangbin wrote:

iRedMail already ships Policyd, that means you already have policyd installed.

Dear Zhang as you mentioned "Amavisd only check local recipient."

can you help me locating file in which it is written to map (rcpt to) here pradeep.h.mishra@gmail.com with an ldap filter, obviously it will not match an entry for an external email id in our ldap.

Mar 10 12:09:24 testmx amavis[4647]: (04647-10) lookup_ldap, "pradeep.h.mishra@gmail.com" no match
2:09:24 testmx amavis[4647]: (04647-10) lookup_acl(pradeep.h.mishra@gmail.com), no match
Mar 10 12:09:24 testmx amavis[4647]: (04647-10) lookup [local_domains] => undef, "pradeep.h.mishra@gmail.com" does not match
Mar 10 12:09:24 testmx amavis[4647]: (04647-10) query_keys: pradeep.h.mishra@gmail.com, @gmail.com, @.gmail.com, @.com, @.
Mar 10 12:09:24 testmx amavis[4647]: (04647-10) lookup_ldap "pradeep.h.mishra@gmail.com", query keys: "pradeep.h.mishra@gmail.com", "@gmail.com", "@.gmail.com", "@.com", "@.", base: o=domains,dc=pace,dc=org, filter: (&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(mail=%m)(shadowAddress=%m)))
Mar 10 12:09:24 testmx amavis[4647]: (04647-10) ldap begin_work
Mar 10 12:09:24 testmx amavis[4647]: (04647-10) lookup_ldap: searching base="o=domains,dc=pace,dc=org", scope="sub", filter="(&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(|(mail=pradeep.h.mishra@gmail.com)(mail=@gmail.com)(mail=@.gmail.com)(mail=@.com)(mail=@.))(|(shadowAddress=pradeep.h.mishra@gmail.com)(shadowAddress=@gmail.com)(shadowAddress=@.gmail.com)(shadowAddress=@.com)(shadowAddress=@.))))"
Mar 10 12:09:24 testmx amavis[4647]: (04647-10) lookup_ldap, "pradeep.h.mishra@gmail.com" no match
Mar 10 12:09:24 testmx amavis[4647]: (04647-10) lookup_ldap_attr(amavismessagesizelimit), "pradeep.h.mishra@gmail.com" no matching records
Mar 10 12:09:24 testmx amavis[4647]: (04647-10) lookup [message_size_limit] => undef, "pradeep.h.mishra@gmail.com" does not match
Mar 10 12:09:24 testmx amavis[4647]: (04647-10) ESMTP> 250 2.1.5 Recipient <pradeep.h.mishra@gmail.com> OK
Mar 10 12:09:24 testmx amavis[4647]: (04647-10) switch_to_client_time 480 s, smtp response sent


BR/Pradeep

14

Re: message size limit

In /etc/amavisd.conf (RHEL/CentOS/OpenSuSE) or /etc/amavis/conf.d/50-user (Debian/Ubuntu) or /usr/local/etc/amavisd.conf (FreeBSD):

$enable_ldap = 1;
$default_ldap = {}

15

Re: message size limit

Dear Zhang
output from amavisd.conf
# Integrate Amavisd-new with OpenLDAP.
$enable_ldap    = 1;    # 1 -> enable, 0 -> disable.
$default_ldap   = {
    hostname        => "127.0.0.1",
    port            => 389,
    version         => 3,
    tls             => 0,
    timeout         => 120,
    base            => "o=domains,dc=pac,dc=org",
    scope           => "sub",
    query_filter    => "(&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(mail=%m)(shadowAddress=%m)))",
    bind_dn         => "cn=vmail,dc=pac,dc=org",
    bind_password   => "3152929980230715747882225613",
};

1;  # insure a defined return

I want to set incoming as well as outgoing message size limit per user basis.
say for an example - Managers will have 10MB message size limit for sending as well as recieving. whereas some user may be allowed 3MB message size limit for sending as well receiving.
Currently the way it is working is only for receiving, when I set it in amavisMessageSizeLimit.

Please help how do we set the message size limit per user to make it to work for bidirectional.


Best Regards
Pradeep MIshra

16

Re: message size limit

As i know, there's no addition setting for Amavisd to achieve this. Sorry.
Did you try to restrict this in Policyd instead?

17

Re: message size limit

Thanks Zhang. No I am not using policyd, as the _message_size limit need me to populate data in mysql policyd db. However I thought it would be great if this could have been possible with amavisMessageSizeLimit attribut of LDAP.

Is this bidirectional features are available in IREDADMIN PRO ? as this is required feature for my company.


BR/Pradeep Mishra

18

Re: message size limit

pradeep77 wrote:

Is this bidirectional features are available in IREDADMIN PRO ? as this is required feature for my company.

You can manage per-user and per-domain with iRedAdmin-Pro-LDAP, try our demo here:
http://www.iredmail.org/admin_demo.html

But, some users reported that this feature in policyd is not so stable with Amavisd, so you should test it first.

Screenshots of iRedAdmin-Pro-LDAP:

per-domain throtting:
http://screenshots.iredmail.googlecode.com/hg/iredadmin/domain_profile_throttle.png

per-user throttling:
http://screenshots.iredmail.googlecode.com/hg/iredadmin/user_profile_throttle.png

19

Re: message size limit

ZhangHuangbin wrote:
pradeep77 wrote:

Is this bidirectional features are available in IREDADMIN PRO ? as this is required feature for my company.

You can manage per-user and per-domain with iRedAdmin-Pro-LDAP, try our demo here:
http://www.iredmail.org/admin_demo.html

But, some users reported that this feature in policyd is not so stable with Amavisd, so you should test it first.

Screenshots of iRedAdmin-Pro-LDAP:

per-domain throtting:
http://screenshots.iredmail.googlecode.com/hg/iredadmin/domain_profile_throttle.png

per-user throttling:
http://screenshots.iredmail.googlecode.com/hg/iredadmin/user_profile_throttle.png


Hi Zhang.

I would like to know If I buy iredadmin pro can i use it with the Currrent test environment &  later on the Production Server with the same software or I will have to buy 2 copies for the same ?

BR/Pradeep