Testing ESMTP-SIZE patch for qmail

February 14, 2012 by Roberto Puzzanghera 4 comments

The patch allows the qmail-smtpd to reject the message if it's too big according to its accepted databytes before it has been received.

Try to send a test message that is bigger than your accepted databytes (file qmail/control/databytes):

2012-02-07 22:34:07.465743500 tcpserver: status: 1/20
2012-02-07 22:34:07.465990500 tcpserver: pid 27748 from 111.222.333.444
2012-02-07 22:34:07.466128500 tcpserver: ok 27748 0:10.0.0.4:25 :111.222.333.444::46290
2012-02-07 22:41:52.648280500 qmail-smtpd: message too big: root@qmail.domain.xyz from 111.222.333.444 to rcpt@domain.abc helo qmail.domain.xyz

As you can see the message required almost 8 minutes to be downloaded before the decision to reject has been taken by qmail.

Installing the esmtp-size patch solves the problem:

2012-02-07 23:08:02.433522500 tcpserver: status: 1/20
2012-02-07 23:08:02.476457500 tcpserver: pid 13161 from 111.222.333.444
2012-02-07 23:08:34.216799500 qmail-smtpd: message too big: root@mail.domain.xyz from 555.666.777.888 to postmaster@domain.abc helo mail.domain.xyz
2012-02-07 23:08:34.239482500 tcpserver: end 13161 status 0
2012-02-07 23:08:34.239487500 tcpserver: status: 0/20

The message was rejected according to the ESMTP-SIZE, before the download, saving cpu and bandwidth. And infact this is what qmail-send of the sender says:

2012-02-07 23:19:43.001229500 delivery 771: failure: 444.333.222.111_failed_after_I_sent_the_message./Remote_host_said:_552_sorry,_that_message_size_exceeds_my_databytes_limit_(#5.3.4)/

I think this is important even though nowadays almost all clients refuse to send messages exceeding ESMTP-SIZE

Comments

SIZE check is already included in qmail-auth patch since qmail-smtpd-auth-057

Hi Roberto,

SIZE checks for the incoming mails is already implemented in qmail-auth patch (since qmail-smtpd-auth-057), with a minor difference:

Your patch enforces the SIZE argument, whereas the "qmail-smtpd-auth" patch does not enforce the SIZE argument because RFC1870 says:

The extended MAIL command is issued by a client when it "wishes" to inform a server of the size of
the message to be sent.

However, we can tweak your combined patch with a simple patch like this (to enforce the SIZE argument), and then we can remove this redundant patch altogether. Feel free to test and share.

AET

Reply |

SIZE check is already included in qmail-auth patch since qmail-smtpd-auth-057

Hi Ali, on the same RFC

An SMTP client wishing to relay a large content may issue the EHLO command to start an SMTP session, to determine if the server supports any of several service extensions. If the server responds with code 250 to the EHLO command, and the response includes the EHLO keyword value SIZE, then the Message Size Declaration extension is supported.

so declaring the SIZE doesn't seems to me an enforcement. The client issues the EHLO and the server shows the SIZE verb. I would see it as an enforcement with respect to what is specified here if we provide the SIZE verb even with the simple HELO

Reply |

SIZE check is already included in qmail-auth patch since qmail-smtpd-auth-057

Hi Roberto,

I'm not sure if I understand you correctly, but please keep in mind that SIZE is an Extended SMTP (ESMTP) argument.

Therefore the client "must" begin with EHLO (Extended Hello) to make use of the SIZE argument within the conversation.

If the client starts with a simple HELO, it will not provide the SIZE argument no matter how hard you push him.

A typical ESMTP conversation is sth like:

S: 220 smtp.server.com Simple Mail Transfer Service Ready
C: EHLO client.example.com
S: 250-smtp.server.com Hello client.example.com
S: 250-SIZE 1000000
S: 250-AUTH LOGIN PLAIN CRAM-MD5
S: 250-STARTTLS
S: 250 HELP
C: MAIL FROM:<mail@samlogic.com> SIZE=500000

And exactly at this point, our server checks and decides whether to accept the message or reject it due to the SIZE argument.

Currently, with your combined patch, qmail-smtpd checks the SIZE argument twice for no reason. I removed the first check, and adjusted the second check to push the client to provide SIZE argument (to preserve the existing functionality). Actually the code will tell you what it does better than me :-)

AET

Reply |

SIZE check is already included in qmail-auth patch since qmail-smtpd-auth-057

Now it's clear what you meant before. I thought that you were suggesting that the server should not issue the SIZE verb after the EHLO of the client.

Reply |

Recent comments
See also...
Recent posts

RSS feeds