OT: Blocking oversized messages during SMTP transaction

Jim Holland mailscanner at MANGO.ZW
Thu Jun 16 16:23:00 IST 2005 

Hi

On Wed, 15 Jun 2005, Richard.Hall wrote:

> > We have only very limited bandwidth - 64k for 2,500 (yes) e-mail users 

> Ouch :-(

Well would you believe that the same 2,500 users collect their mail via a
bank of only 6 dialin modems set up on a hunting line?  We are able to
make this quite workable by getting 97% of our users to use ancient
FidoNet software that sends mail in compressed format and sends
attachments in binary format.
 
> > Is there any automated solution to this?  We need to be able to terminate
> > the session with an appropriate error message the moment it is apparent
> > that the message is too large.  Can sendmail be made to issue a fatal
> > error message during the DATA phase of the SMTP transaction?  Or is the
> > crunch time when we need to bite the bullet and change to say Exim instead?
> [...]
> 
> Much as I love Exim, and despite the fact that sendmail's config makes me
> feel nauseous, I don't believe that Exim can help you here. But nor can
> sendmail IMHO. The problem is the SMTP protocol itself, which only gives
> you two (relevant) points at which you can reject the message:-
> 
> 1) immediately after receiving the DATA command - but that is obviously
>    too soon for you, as you don't yet know the size;
> 
> 2) after the terminating '.', when you do know the size - but by then it
>    is too late, as you clearly appreciate.
> 
> In between those two points the traffic is all "one-way".  The SMTP
> protocol does not define any way to stop the data transmission in
> mid-stream, except by dropping the connection. And the other end will
> treat that as a temporary failure, and retry later. Ah, you know that ...

Thanks for the confirmation.  It is what I feared.  However I had hoped
that as some virus scanners could be configured to block a virus during
the SMTP session this meant that it was possible to send a termination
signal during the DATA phase.  Presumably they do in fact also have to
wait until the very end of the DATA phase and then reject the virus at
that point.
 
> The best I can suggest at the moment is that you limit the number of
> simultaneous connections from one IP address, eg so that you only have
> one rogue connection at a time. Exim can certainly do that; I don't know
> about sendmail. (Anyway, it's not foolproof - there are all sorts of
> trivial counter-examples - but it might help a bit.)

sendmail can do that.  However the number of times I have such a problem 
has been so small that the drawbacks would outweigh the benefits.  (Now I 
see that I have 3 oversize Yahoo messages in the mqueue.in directory as I 
write :-(

What is wrong with Yahoo and Google Mail???  Surely it would be to their 
benefit to adopt the well-known SIZE extension?  Perhaps they have so much 
bandwidth that they simply don't care.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list