>> At least from Thunderbird, yes. But SIZE=? does not seem to be a>> mandatory addition to the RCPT-TO line. Perhaps other mail clients do >> not use SIZE either. Just guessting. Correct. It's optional and can't be trusted anyway. > http://www.postfix.org/SMTPD_POLICY_README.html > The "size" attribute value specifies the message size that the client > specified in the MAIL FROM command (zero if none was specified). With > Postfix 2.2 and later, it specifies the actual message size after the > client sends the END-OF-MESSAGE. <bad idea> I misread that and Wietse (Postfix developer) kindly pointed me to the "after" part. So I found an evil way to make it work: smtpd_recipient_restrictions = reject_unauth_destination smtpd_end_of_data_restrictions = \ check_policy_service inet:localhost:12340 The smtpd_end_of_data_restrictions are evaluated after the complete email was received. Of course this is wasteful because receiving a large email only to reject it afterwards is not very considerate. Plus Dovecot complains that the policy service is only supposed to be used in the RCPT stage. So clearly this is a bad approach. </bad idea> In my opinion the quota-status service from Dovecot should be able to reject any email no matter the size if the user is over quota. But I can't get that to work. I have set quota_grace to 0. And the user is using 100% quota. Still? printf "recipient=test at bullseye.example.org\nsize=100\n\n" | \ nc localhost 12340 action=DUNNO printf "recipient=test at bullseye.workaround.org\nsize=1000\n\n" | \ nc localhost 12340 action=554 5.2.2 Quota exceeded (mailbox for user is full) Dovecot is still responding with DUNNO. It accepts size=0. It accepts size=100. Only at a much larger size (1000) it sends a rejection. Why is that? In https://github.com/dovecot/core/blob/master/src/plugins/quota/quota-status.c there are several e_debug statements. How do I enable that debug logging for the quota plugin? Maybe that gives an idea. I really wouldn't want to script my own policy daemon just to avoid backscatter. :( Thanks in advance? ?Christoph
> Plus Dovecot complains that the policy service is only supposed to be > used in the RCPT stage. So clearly this is a bad approach.I want to explore this more. I tried it and also see: dovecot[1096]: quota-status(26164): Warning: Received policy query from MTA in unexpected state END-OF-MESSAGE (service can only be used for recipient restrictions) Why? Why does dovecot even care? Quota plugin is sent a user and a size, it looks up quota for that user and computes if size will put the user over limit and returns an answer. Why does dovecot care or even know at what stage this is done? Why is it bad to check quota after getting the real size? Seems like its designed to allow spoofing from an evil mail client. What is the harm being done that causes this log warning? What is the harm in ignoring the warning?
On 2021-07-29 20:13, Christoph Haas wrote:> I really wouldn't want to script my own policy daemon just to avoid > backscatter. :(why not ? :=) quota grace is ideal with same size as max mailsize in postfix, with is 10MB as standard, the quota grace ensure one mail is possible to be sent if its not much mail left in dovecot to fill the quotas 100% so setting it to 0 is silly like set non default settings in postfix main.cf, limits are there for something