Solved

I need to set message size limit for outgoing/incoming mail separately

Posted on 2013-01-08
14
2,211 Views
Last Modified: 2013-01-28
I am trying to set the message size limit for outgoing/incoming mail separately so internal users can only send messages no larger than 2Mb but be able to receive messages up to 10Mb.
Is there any way to do it?.

I am using

postfix as MTA and courierimap
0
Comment
Question by:Ludwig Diehl
  • 3
  • 2
  • 2
  • +4
14 Comments
 
LVL 13

Expert Comment

by:imkottees
ID: 38755417
0
 
LVL 6

Author Comment

by:Ludwig Diehl
ID: 38755561
Thx for the quick response. Indeed I actually read that article before posting my question here. The problem is that my main.conf file has these settings:

mailbox_size_limit = 0
message_size_limit = 2097152

But it limits both, incoming and outgoing messages to 2Mb. I only want to set 2Mb limit for outgoing messages and 10Mb for incoming.
0
 
LVL 13

Expert Comment

by:imkottees
ID: 38755634
i'm sorry. i could not find on the web. I'm a beginner :(
0
 
LVL 6

Author Comment

by:Ludwig Diehl
ID: 38756475
no prob. Thx for trying anyway ;)
0
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
ID: 38758735
Backup your main.cf file, then edit:

message_size_limit = 10240000

restart postfix
0
 
LVL 6

Author Comment

by:Ludwig Diehl
ID: 38760665
thx for your reply. Unfortunately what I need is to limit the outgoing message size to 2Mb and the incoming message size to 10Mb. So users cannot send messages above 2Mb nor receive messages above 10Mb.
If I try your solution it will limit both incoming/outgoing messages to 9.77Mb.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 38816029
I'm thinking that message_size_limit is only influencing the max size of messages on your postfix mail server (both in and out). This is what you want to set to 10Mb. Now about sending messages: your remote MTA should be configured not to accept messages larger than 2Mb. So you'd either have to setup a second postfix instance that you send through (configured for a message_limit of 2Mb) or have someone configure the remote MTA for you.
0
 
LVL 36

Assisted Solution

by:ArneLovius
ArneLovius earned 200 total points
ID: 38816594
message_size_limit is a global size limit, this is because Postfix is an MTA rather than a "mailbox server" such as Exchange.

If your postfix server is behind NAT and you have two public IP addresses, use one address for mx.domain.com which is configured as your MX record and the other as mail.domain.com which is the address that your mail clients use.

The actual server still only needs one address.

Use PAT to forward inbound port 25 for mx.domain.com to a "high" port running on Postfix (with a 10mb limit) , this delivers to your users "mailboxes"

Use PAT to forward port 25 on mail.domain.com to port 25, where you have either another instance of Postfix, or qmail/sendmail/exim etc, and here you have a 2mb limit, this instance of Postfix is setup just as an MTA, with all inbound mail forwarded to the other instance of Postfix running on the high port, it should NOT be configured to deliver to your users "mailboxes" having two email servers pointing at the same place can lead to  corruption of email.

You should now have a mail server that will accept inbound mail of 10mb, while restricting users to 2mb.
0
 
LVL 23

Accepted Solution

by:
Mysidia earned 300 total points
ID: 38817082
Postfix size limits are a global setting.  Depending on where you are in your deployment, there may be some options.  My suggestion would be to  edit /etc/postfix/master.cf

Setup an additional listening service on a different port;  For example, port 587 is commonly used for mail submission.

Either use a separate IP address that you publish in MX, that is different from the IP address your local users are allowed to use;

Or Disable relay on Port 25,  or allow SMTP authentication only on port 587, and force local users to use port 587;  with port 25 for incoming mail only.

Or Use iptables  DNAT  or  redirect rules,  to divert TCP  connections from local IP addresses to port 587.


For example, a   /etc/postfix/master.cf   entry might  contain things like

0.0.0.0:587 inet    n    -    y    -    -    smtpd
-o message_size_limit=2097152
-o smtpd_recipient_limit=200
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_sender_restrictions = reject_unlisted_sender,reject_sender_login_mismatch,permit_mynetworks,reject
 -o soft_bounce=no
 -o smtpd_helo_required=no
 -o bounce_notice_recipient=postmaster
 -o smtpd_client_connection_count_limit=20
 -o smtpd_helo_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8,192.168.0.0/16
 -o strict_rfc821_envelopes=no
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
0
 
LVL 52

Expert Comment

by:Manpreet SIngh Khatra
ID: 38823729
User properties
Check this limits

- Rancy
0
 
LVL 36

Expert Comment

by:ArneLovius
ID: 38824011
@Rancy, this is on Postfix, not Exchange
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 38824555
Although Postfix does not support per-sender limits, or applying a different limit to certain IPs;

Another option is to configure Postfix to the _highest_ limit you ever use, and implement  a Content filter,  Policy daemon, or before-queue Milter plugin,  
to enforce lower limits when required.

Such as
Milter-Length
http://www.snertsoft.com/sendmail/milter-length/

See here, about Postfix support for Milter plugins:
http://www.postfix.org/MILTER_README.html


It may be more useful to use CBPolicyd
and set an  _aggregate_   number of megabytes transferred per user quota, than a per-message quota.

For example:  "Each user can send up to a rolling average of 20 Megabytes of messages per day"

That could be   up to  10    2 Megabyte messages,
or up to 20  1 Megabyte messages,
up to 40  500 kilobyte messages,

up to 80  250 kilobyte messages,
or up to 160 125 kilobyte messages,
for example.


In other words:  An aggregate quota prevents users from defeating the  1 Megabyte size limit anymore to send  a  2 Gigabyte file,  by   splitting that big file into   2000  separate e-mails, and sending all those e-mails out.


Which (IMO)  is a little bit more useful than simply limiting to 1MB.
Although the 1MB limit will definitely remain useful for low-bandwidth WANs,
as it  provides a limitation of the total SMTP session delay, and therefore,
helps eliminate one situation that can cause very poor mail server performance.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Easy CSR creation in Exchange 2007,2010 and 2013
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
The purpose of this video is to demonstrate how to set up Lists in Mailchimp. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchimp account. : Click on Lists. Click on Create List Button : Choose the desi…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now