Re: check_policy_service sends size=0
Wietse Venema: > AFTER the message is received, the message size is known. Thanks, Wietse. Makes sense now. Like this it works: smtpd_recipient_restrictions = reject_unauth_destination smtpd_end_of_data_restrictions = \ check_policy_service inet:localhost:12340 It's just a bit wasteful because the email would have to be received entirely before its size can be calculated. It sounds like a better approach would be to make Dovecot reject any email no matter what the size is (even size=0) if a user is over quota. I'll take further discussion to the dovecot mailing list then. Kindly… Christoph
Re: check_policy_service sends size=0
Wietse Venema: > Christoph Haas: > > request=smtpd_access_policy > > protocol_state=RCPT > ... > > size=0 > > The RCPT TO command is received before the message is > received, therefore the message size is not known. Also, the client did not specify a message size when it sent the MAIL FROM command, otherwise the policy request would have shown that. > > My Postfix log shows though: > > > > postfix/qmgr[43700]: A031B9D69C: from=, size=501, > > nrcpt=1 (queue active) > > AFTER the message is received, the message size is known. This is always the real size, not the size announced in the MAIL FROM command. Wietse
Re: check_policy_service sends size=0
Christoph Haas: > request=smtpd_access_policy > protocol_state=RCPT ... > size=0 The RCPT TO command is received before the message is received, therefore the message size is not known. > My Postfix log shows though: > > postfix/qmgr[43700]: A031B9D69C: from=, size=501, > nrcpt=1 (queue active) AFTER the message is received, the message size is known. Wietse
check_policy_service sends size=0
Dear list, I'm chasing a strange phenomenon with Postfix 3.5.6. I deliver virtual emails through LMTP to Dovecot. That works well. Now I'd also like to check the user's quota using Dovecot's quota service as described at https://doc.dovecot.org/configuration_manual/quota_plugin/#quota-service Relevant Postfix config: smtpd_recipient_restrictions = \ reject_unauth_destination \ check_policy_service inet:localhost:12340 I usually test any mail server using swaks (http://jetmore.org/john/code/swaks/). So I ran: swaks --to t...@bullseye.example.org The test user is over quota but Dovecot still replies with DUNNO instead of rejecting the email. So I used tcpdump to look into the lines that Postfix sends on port 12340 to the policy service: request=smtpd_access_policy protocol_state=RCPT protocol_name=ESMTP client_address=… client_name=… client_port=41000 reverse_client_name=… server_address=… server_port=25 helo_name=yoda.example.org sender=r...@yoda.example.org recipient=t...@bullseye.example.org recipient_count=0 queue_id= instance=acde.6101de59.d9386.0 size=0 […] My Postfix log shows though: postfix/qmgr[43700]: A031B9D69C: from=, size=501, nrcpt=1 (queue active) What might be happening here? Postfix sends "recipient_count=0" and "size=0" although it logs that there is one recipient and the email has a size of 501 bytes. At first I suspected swaks because it does not send a SIZE=… argument along with the RCPT TO. Then I checked http://www.postfix.org/SMTPD_POLICY_README.html and found: "The "size" attribute value specifies the message size that the client specified in the MAIL FROM command (zero if none was specified). With Postfix 2.2 and later, it specifies the actual message size after the client sends the END-OF-MESSAGE." I do not encounter this when sending emails through Thunderbird. But I would still like to know the reason that it fails with swaks. After all swaks is just doing a regular SMTP connection AFAICT: === Trying bullseye.example.org:25... === Connected to bullseye.example.org. <- 220 bullseye ESMTP Postfix (Debian/GNU) -> EHLO yoda.example.org <- 250-bullseye <- 250-PIPELINING <- 250-SIZE 1024 <- 250-VRFY <- 250-ETRN <- 250-STARTTLS <- 250-ENHANCEDSTATUSCODES <- 250-8BITMIME <- 250-DSN <- 250-SMTPUTF8 <- 250 CHUNKING -> MAIL FROM: <- 250 2.1.0 Ok -> RCPT TO: <- 250 2.1.5 Ok -> DATA <- 354 End data with . -> Date: Thu, 29 Jul 2021 18:44:32 +0200 -> To: t...@bullseye.example.org -> From: r...@yoda.example.org -> Subject: test Thu, 29 Jul 2021 18:44:32 +0200 -> Message-Id: <20210729184432.012...@yoda.example.org> -> X-Mailer: swaks v20181104.0 jetmore.org/john/code/swaks/ -> -> This is a test mailing -> -> -> . <- 250 2.0.0 Ok: queued as A031B9D69C -> QUIT <- 221 2.0.0 Bye === Connection closed with remote host. Any clues welcome. Been pulling my hair out the second day now. …Christoph