Re: Understanding reject_unknown_(recipient|sender)_domain
Many thanks for the concise explanation Bill! On 2016-10-25 13:05, Bill Cole wrote: On 25 Oct 2016, at 15:15, mro...@insiberia.net wrote: On 2016-10-25 07:00, Bill Cole wrote: On 25 Oct 2016, at 2:04, mro...@insiberia.net wrote: Hi, Reading the postconf explanation of reject_unknown_recipient_domain and reject_unknown_sender_domain, I'm having trouble understanding where these find their use. For incoming mail: The first test criteria for both is that Postfix not be the final destination for the recipient/sender domain, so when Postfix is not set up with a catchall and rejects unknown users, am I correct to think there is no use for these here? Not exactly. It isn't very helpful to group these 2 restrictions together despite their similar names, because they act on completely independent attributes of a SMTP transaction. Fair enough, and you've nicely explained the usefulness (albeit limited in this day and age) of reject_unknown_sender_domain. However, can you speak to reject_unknown_recipient_domain? Trying to re-think but I can't find a scenario where it would be redundant. ?? If a user provides a "To:" address to their mail client with an unresolvable domain, Postfix will reject it immediately, when the user attempts to send the message if reject_unknown_recipient_domain is in smtp_recipient_restrictions (or any other smtpd_*_restrictions list, if smtpd_delay_reject is enabled.) If reject_unknown_recipient_domain is not in any restriction list, Postfix will accept the message provided the user has done whatever else is required to relay, such as successful authentication. It will defer the message for later retry, and retry repeatedly until the message has been queued for maximal_queue_lifetime (5 days, by default.) If the domain becomes resolvable before Postfix gives up, then the message will get delivered. Because unresolvable domains in recipient addresses are usually due to user error (i.e. incorrect entry of an address) it is usually better to have the attempt to send such a message fail immediately instead of taking 5 days to fail. That also allows the failure to be handled by the user's mail client rather than having Postfix send the user a DSN message documenting the failure in precise but not entirely user-friendly detail.
Re: Understanding reject_unknown_(recipient|sender)_domain
On 2016-10-25 07:00, Bill Cole wrote: On 25 Oct 2016, at 2:04, mro...@insiberia.net wrote: Hi, Reading the postconf explanation of reject_unknown_recipient_domain and reject_unknown_sender_domain, I'm having trouble understanding where these find their use. For incoming mail: The first test criteria for both is that Postfix not be the final destination for the recipient/sender domain, so when Postfix is not set up with a catchall and rejects unknown users, am I correct to think there is no use for these here? Not exactly. It isn't very helpful to group these 2 restrictions together despite their similar names, because they act on completely independent attributes of a SMTP transaction. Fair enough, and you've nicely explained the usefulness (albeit limited in this day and age) of reject_unknown_sender_domain. However, can you speak to reject_unknown_recipient_domain? Trying to re-think but I can't find a scenario where it would be redundant. ?? reject_unknown_sender_domain prevents Postfix from accepting mail that cannot be bounced. That may seem like an antique idea in a time when "blowback" from bouncing messages with forged senders is a big headache, but there remain generally safe circumstances where bounces are useful. More importantly in common modern MTAs, using reject_unknown_sender_domain as the first restriction in smtp_sender_restrictions spares a system from doing any further logical processing on that session when the sender is obviously bogus: no lookups of anything in any maps, no determination of recipient validity, no bandwidth/memory/disk wasted on receiving the actual message data and passing it to a content filter. reject_unknown_sender_domain is just about the cheapest and most reliable anti-spam policies possible, which is part of why it catches relatively little spam: for 20 years no sanely-configured MTA with Internet access has NOT used an equivalent restriction so spammers almost universally have given up on using domains that don't resolve. Likewise for outgoing messages: The criteria for the domain needing to have valid, well formed MX -- even without reject_unknown_sender_domain, Postfix won't be able to send such mail anyway. Is this a matter of instantaneous rejection vs. queue and bounce after retries? Yes. For "outgoing" mail (which is presumably arriving via authenticated port 587 submission and if it isn't: *WHY NOT???*) there's no realistic scenario where the MSA isn't in a fundamentally broken state where it has a realistic hope of eventually being able to pass along mail to a recipient whose domain cannot be resolved at the time of submission. Are these two settings more applicable to relay scenarios? Not really, except in the sense that outgoing mail submission is a relay scenario.
Understanding reject_unknown_(recipient|sender)_domain
Hi, Reading the postconf explanation of reject_unknown_recipient_domain and reject_unknown_sender_domain, I'm having trouble understanding where these find their use. For incoming mail: The first test criteria for both is that Postfix not be the final destination for the recipient/sender domain, so when Postfix is not set up with a catchall and rejects unknown users, am I correct to think there is no use for these here? Likewise for outgoing messages: The criteria for the domain needing to have valid, well formed MX -- even without reject_unknown_sender_domain, Postfix won't be able to send such mail anyway. Is this a matter of instantaneous rejection vs. queue and bounce after retries? Are these two settings more applicable to relay scenarios?
Re: Effects of very large message_size_limit?
On 2016-09-15 13:55, wie...@porcupine.org wrote: mro...@insiberia.net: On 2016-09-14 23:34, Robert Schetterer wrote: > Am 15.09.2016 um 07:19 schrieb mro...@insiberia.net: >> Hi, I'm wondering what the downside of setting a large >> message_size_limit are? >> >> By "large" I mean 30MB, 40MB, 50MB >> >> I think sendmail has a default of no restriction for message size - >> that >> seems crazy, but maybe I don't understand the risks well enough. > > some freemailers have a limit of 10 MB, so its perhaps a good choice to > set it for outgoing external mail, for inside a higher amount up to 50 > sometimes makes sense I'm aware of the range of limits, for example: https://www.outlook-apps.com/maximum-email-size/ But can anyone answer my question - what factors should I consider when increasing the limit in the 30-50MB range (or higher)? Are there drawbacks to doing this? Obviously, the size of the file system determines how large your email messages can be. Postfix will stop accepting mail delivery transactions when the free space in the queue directory is less than 1.5 times the message size limit. I see, so Postfix doesn't experience any bottlenecks or congestion in other ways with 50MB+ attachments? If size of filesystem is the main concern, quotas are easy way to keep it under control. In that case, is there argument against a limit of say 100MB?
Re: Effects of very large message_size_limit?
On 2016-09-14 23:34, Robert Schetterer wrote: Am 15.09.2016 um 07:19 schrieb mro...@insiberia.net: Hi, I'm wondering what the downside of setting a large message_size_limit are? By "large" I mean 30MB, 40MB, 50MB I think sendmail has a default of no restriction for message size - that seems crazy, but maybe I don't understand the risks well enough. some freemailers have a limit of 10 MB, so its perhaps a good choice to set it for outgoing external mail, for inside a higher amount up to 50 sometimes makes sense I'm aware of the range of limits, for example: https://www.outlook-apps.com/maximum-email-size/ But can anyone answer my question - what factors should I consider when increasing the limit in the 30-50MB range (or higher)? Are there drawbacks to doing this?
Effects of very large message_size_limit?
Hi, I'm wondering what the downside of setting a large message_size_limit are? By "large" I mean 30MB, 40MB, 50MB I think sendmail has a default of no restriction for message size - that seems crazy, but maybe I don't understand the risks well enough.
