Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Sensible mail size limits
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3450

PostPosted: Wed Feb 08, 2012 5:01 pm    Post subject: Sensible mail size limits Reply with quote

We have a vanity domain at dyndns.org, as well as incoming email forwarding (through gmail) and outgoing relay. (So my domain looks fully consistent.)

Periodically we run into trouble, usually when relatives send us too many pictures attached to one email. The problem is that I have fetchmail set to check gmail about every 20 minutes. When it sees the oversize email, it generates a bounce message. Enough of those use up our outgoing quota at DynDNS. Then it starts sending bounce messages about the quota refusal, bounce notices about those bounces, etc, etc, etc. The result is a humungous outgoing queue that I have to delete, otherwise it'll use up tomorrow's quota in seconds.

Since it only happens a few times a year, I live with it. Today it happened again, and I stopped it before hitting the outgoing quota, so we're good. That also meant that the error messages were local and not buried in noise in the logs, so I had a clearer shot at diagnosing. The error messages also gave me an easier search, rather than a vague "incoming attachments are too big." I've got most of the information I need to go on, now.

Part of the fix can be "message_size_limit" in Postfix. Part of the fix can be "limit" in fetchmail. I'd like to do both, and that would be pretty good. Which leaves me with 2 problems:

1 - Is there a "normal maximum" message size limit, so I can just make my postfix not be the weakest link? I don't think I want to open it up too big, but it would be nice to know some sort of standard value. Clearly 10MB (default) isn't big enough.

2 - The fetchmail documentation describes how to limit incoming message size gracefully on the command line, but doesn't say how to do it in fetchmailrc. I've tried several different syntax styles, but none of them work. Can someone give a snippet?
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Wed Feb 08, 2012 8:36 pm    Post subject: Reply with quote

id base it on my storage capability, and on any size limitations imposed by upstream hosts (e.g. if your mail hits a Dyn mta first, then hits postfix, you'd need to know Dyn's limit - send it an EHLO and see)

Giving you a hard number wouldnt do heaps. I have the storage, and no other hops, so I gladly set mine to 100MB.

50MB might be fine for you, maybe 20, cant say unless we know what the limit is for any hosts you have in front of your own postfix.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3450

PostPosted: Wed Feb 08, 2012 9:00 pm    Post subject: Reply with quote

My main desire was to be "just bigger than the next limiting link". Right now my system is the weakest link, I'd like someone else to be.

I know you can telnet into alternate ports, and have done it upon very rare occasions (years ago) debugging some of my own stuff. So you're saying that I should telnet into each step of my mail path, type "EHLO", and it will tell me about its capabilities?

The other thing I was hoping to do was to tell fetchmail to do the failing itself. Right now fetchmail is grabbing the mail and trying to pass it ot my postfix. My postfix fails, causing fetchmail to fail, and triggering an outgoing fail message. I'd especially like to get rid of that outgoing fail message - if fetchmail sends anything I'd like it to be a message to me as admin or to the local recipient.

I have this ugly feeling that no matter how big I make that number, someday number+1 will come winging at me. I figured ISPs somewhere would have limits on attachments, if only to prevent the MPAA from getting down on them for aiding and abetting email movie piracy.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Wed Feb 08, 2012 10:47 pm    Post subject: Reply with quote

depontius wrote:
My main desire was to be "just bigger than the next limiting link". Right now my system is the weakest link, I'd like someone else to be.

I know you can telnet into alternate ports, and have done it upon very rare occasions (years ago) debugging some of my own stuff. So you're saying that I should telnet into each step of my mail path, type "EHLO", and it will tell me about its capabilities?


yip, for example:

Code:

Escape character is '^]'.
220 renee.whitehathouston.com ESMTP Postfix (2.6.5)
ehlo there
250-renee.whitehathouston.com
250-PIPELINING
250-SIZE 100000000


Note the last line. There are more below this, but that's the pertinent one. Do that to any other servers in the picture (telnet to 25, issue ehlo there), should tell you how not to be the weakest link.

depontius wrote:

The other thing I was hoping to do was to tell fetchmail to do the failing itself. Right now fetchmail is grabbing the mail and trying to pass it ot my postfix. My postfix fails, causing fetchmail to fail, and triggering an outgoing fail message. I'd especially like to get rid of that outgoing fail message - if fetchmail sends anything I'd like it to be a message to me as admin or to the local recipient.

I have this ugly feeling that no matter how big I make that number, someday number+1 will come winging at me. I figured ISPs somewhere would have limits on attachments, if only to prevent the MPAA from getting down on them for aiding and abetting email movie piracy.


Dont use fetchmail so cant comment there really. I will say address rewriting in postfix probably wont get you what you want there in a fashion thats maintainable
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum