message_size_limit per domain

hata_ph

Well-Known Member
Nov 13, 2019
870
192
48
44
If not mistaken the message_size_limit is global setting. It there option to set message_size_limit per domain or users?
 
This is currently not possible. I am also not sure that this would be easily doable with postfix.
Out of curiosity: what is your use-case for this ?

Thanks!
 
Our email policy have restrict 10MB for outgoing email. But they need to send attachment over 10MB to sister company.
 
Maybe postfwd is the answer...look doable...will test it out tomorrow...

Code:
## Message size (requires message_size_limit to be set to 30000000)
# 1. 30MB for systems in *.customer1.tld
# 2. 20MB for SASL user joejob
# 3. 10MB default
id=SZ001; state==END-OF-MESSAGE; action=REJECT message too large; size=30000000 ; client_name=\.customer1.tld$
id=SZ002; state==END-OF-MESSAGE; action=REJECT message too large; size=20000000 ; sasl_username==joejob
id=SZ003; state==END-OF-MESSAGE; action=REJECT message too large; size=10000000

http://www.linuxcertif.com/man/8/postfwd/
 
It work. I setup a dummy ubuntu VM with postfix and postfwd installed.
Add check_policy_service inet:127.0.0.1:10040 to smtpd_end_of_data_restrictions.
Make sure the messages_size_limit is set to your max email size limit.

Code:
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10040
myhostname = postfwd.xxx.local
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, postfwd, localhost.localdomain, , localhost
#relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.40.106/32
#mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 125829120
message_size_limit = 62914560

With below postfwd rules, any recipient domain beside @yahoo.com and @gmail.com will have a 10MB message size limit.
Due to global message_size_limit apply to both incoming and outgoing mail, i create individual rules for both.

Until now still cannot find any way to allow message size limit per domain. So I control the size limit by sender instead.

Code:
id=SZ002; protocol_state=END-OF-MESSAGE; action=DUNNO; size<=62914560; sender=abc@mydomain.com
id=SZ003; protocol_state=END-OF-MESSAGE; action=DUNNO; size<=15728640
id=SZ100; protocol_state=END-OF-MESSAGE; action=REJECT Message size $$size exceed fixed limit 10MB

Code:
Nov 15 06:01:50 postfwd postfix/smtpd[6521]: connect from pmg.xxx.local[192.168.40.106]
Nov 15 06:01:50 postfwd postfwd2/policy[6553]: [RULES] rule=1, id=default, client=pmg.xxx.local[192.168.40.106], sender=<lee@xxx.local>, recipient=<xxx@yahoo.com>, helo=<pmg.xxx.local>, proto=ESMTP, state=RCPT, delay=0.00s, hits=default, action=DUNNO
Nov 15 06:01:50 postfwd postfix/smtpd[6521]: BB12560928: client=pmg.xxx.local[192.168.40.106]
Nov 15 06:01:50 postfwd postfix/cleanup[6524]: BB12560928: message-id=<5DCEAFC5020000F80011F345@mail.xxx.local>
Nov 15 06:01:50 postfwd postfwd2/policy[6553]: [RULES] rule=0, id=SZ002, queue=BB12560928, client=pmg.xxx.local[192.168.40.106], sender=<lee@xxx.local>, recipient=<xxx@yahoo.com>, helo=<pmg.xxx.local>, proto=ESMTP, state=END-OF-MESSAGE, delay=0.00s, hits=SZ002, action=REJECT Message size exceed fixed limit 5MB
Nov 15 06:01:50 postfwd postfix/smtpd[6521]: BB12560928: reject: END-OF-MESSAGE from pmg.xxx.local[192.168.40.106]: 554 5.7.1 <END-OF-MESSAGE>: End-of-data rejected: Message size exceed fixed limit 5MB; from=<lee@xxx.local> to=<xxx@yahoo.com> proto=ESMTP helo=<pmg.xxx.local>
Nov 15 06:01:50 postfwd postfix/smtpd[6521]: disconnect from pmg.xxx.local[192.168.40.106] ehlo=1 mail=1 rcpt=1 data=0/1 quit=1 commands=4/5
Nov 15 06:02:05 postfwd postfix/smtpd[6521]: connect from pmg.xxx.local[192.168.40.106]
Nov 15 06:02:05 postfwd postfwd2/policy[6553]: [RULES] rule=1, id=default, client=pmg.xxx.local[192.168.40.106], sender=<lee@xxx.local>, recipient=<xxx@gmail.com>, helo=<pmg.xxx.local>, proto=ESMTP, state=RCPT, delay=0.00s, hits=default, action=DUNNO
Nov 15 06:02:05 postfwd postfix/smtpd[6521]: 265BD60928: client=pmg.xxx.local[192.168.40.106]
Nov 15 06:02:05 postfwd postfix/cleanup[6524]: 265BD60928: message-id=<5DCEAFD3020000F80011F34A@mail.xxx.local>
Nov 15 06:02:05 postfwd postfwd2/policy[6553]: [RULES] rule=1, id=default, queue=265BD60928, client=pmg.xxx.local[192.168.40.106], sender=<lee@xxx.local>, recipient=<xxx@gmail.com>, helo=<pmg.xxx.local>, proto=ESMTP, state=END-OF-MESSAGE, delay=0.00s, hits=default, action=DUNNO
Nov 15 06:02:05 postfwd postfix/qmgr[5741]: 265BD60928: from=<lee@xxx.local>, size=19631063, nrcpt=1 (queue active)
Nov 15 06:02:05 postfwd postfix/smtpd[6521]: disconnect from pmg.xxx.local[192.168.40.106] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Nov 15 06:03:38 postfwd postfix/smtp[6525]: 265BD60928: to=<xxx@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.24.27]:25, delay=93, delays=0.22/0/0.69/92, dsn=2.0.0, status=sent (250 2.0.0 OK  1573797817 r19si7646305pgi.261 - gsmtp)
Nov 15 06:03:38 postfwd postfix/qmgr[5741]: 265BD60928: removed
 
Last edited:
Now my option is either:
A. Setup a transport entry in PMG to use the postfix/postfwd relay for dedicated domain.
B. Setup a postfwd service only VM and configure PMG check_policy_service to it. Something like check_policy_service inet:192.168.40.109:10040 (192.168.40.109 is the external postfwd service). But I try to change the postfwd interface to local IP instead of 127.0.0.1, configure PMG to use the 192.168.40.109:10040 as policy service, but it does not work. Can postfix listen to external policy service instead of use 127.0.0.1?
 
postfix should be able to connect to any IP+port combination - see http://www.postfix.org/SMTPD_POLICY_README.html

* does postfwd really listen on 192.168.40.109? (check on the VM with postfwd by running `ss -tlnp`)
* is there maybe a firewall (e.g. iptables on the VM or PMG) which blocks access?

I hope this helps!
 
I have directly install and configure postfwd to PMG 6, set message size limit per domain. Seem to work and will continue to monitor the status.
Btw, what is the function of pmgpolicy (check_policy_service inet:127.0.0.1:10022)?
 
Btw, just to confirm the global message_size_limit apply to all incoming and outgoing message, right?

EDIT: due to global message_size_limit apply to incoming and outgoing mail, have to change the postfwd rules.
 
Last edited:
  • Like
Reactions: Stoiko Ivanov
Below postfwd configuration for message size limit per domain will not work if you have more then 1 @gmail.com recipient in the email.

# Groups
&&SENDER_DOMAIN_GROUP{
sender_domain=gmail.com
sender_domain=yahoo.com
}
&&RECIPIENT_DOMAIN_GROUP{
recipient_domain=gmail.com
recipient_domain=yahoo.com
}
id=SZ001; protocol_state=END-OF-MESSAGE; action=DUNNO; size<=62914560; &&SENDER_DOMAIN_GROUP
id=SZ002; protocol_state=END-OF-MESSAGE; action=DUNNO; size<=62914560; &&RECIPIENT_DOMAIN_GROUP
id=SZ003; protocol_state=END-OF-MESSAGE; action=DUNNO; size<=15728640
id=SZ100; protocol_state=END-OF-MESSAGE; action=REJECT Message size $$size exceed fixed limit 10MB
id=default; action=DUNNO

For now the only way I can do now is to control by sender.

id=SZ002; protocol_state=END-OF-MESSAGE; action=DUNNO; size<=62914560; sender=abc@mydomain.com
id=SZ003; protocol_state=END-OF-MESSAGE; action=DUNNO; size<=15728640
id=SZ100; protocol_state=END-OF-MESSAGE; action=REJECT Message size $$size exceed fixed limit 10MB
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!