Anyone using zen.spamhaus.org?

Jim Holland mailscanner at mango.zw
Fri Sep 8 16:13:06 IST 2006 

On Fri, 8 Sep 2006, Stephen Swaney wrote:

> > I had a specific problem with the above three ISPs because they all ignore
> > the SIZE extension during the SMTP transaction.  Our system has very
> > little bandwidth - 64K for our 2,500 users.  So we need to be very
> > efficient, and set a 1.5 MB size limit on incoming mail.  However these
> > three systems will happily attempt to deliver us messages of 10 MB or
> > more.  Because they don't announce the size at the beginning, we can't
> > tell them the message is too large until they have sent the full message.
> > Which is a huge waste of bandwidth.
> > 
> > So I thought I would be clever and give them a 451 error when their
> > servers connected, so they would always be forced to use our secondary MX
> > which has far more bandwidth than we do.  I do that frequently when being
> > mailbombed by a system sending genuine mail (eg huge mailing lists) - they
> > then send the mail to the secondary from which I can collect it during
> > off-peak periods. However when I checked over the day that I tried to
> > implement this with Gmail, Yahoo and MessageLabs, there was no indication
> > that the mail we had tempfailed here from these three systems was being
> > resent to our secondary MX.  I quickly stopped doing it - and am still
> > left with the problem of how to block their annoying large messages.
> > 
> > Perhaps I have drawn too broad a conclusion about these ISPs from this
> > experience?  Perhaps an explicit 451 generated by us causes them to
> > respond differently than if they got a different kind of temporary failure
> > such as a timeout.  However if I am correct I would expect that
> > greylisting would not work with these systems for the same reason.
> > 
> > Regards
> > 
> > Jim Holland
> > System Administrator
> > MANGO - Zimbabwe's non-profit e-mail service
> > 
> 
> With sendmail or the latest postfix, this might help
> 
> milter-length http://www.snertsoft.com/sendmail/milter-length/ 
>  	  
> >From the site:
> "This is a Sendmail utility milter that imposes message size limits by IP
> address, domain name, or sender address on a message body length, excluding
> the message headers. Sendmail's MaxMessageSize option only allows for a
> single global server wide message size limit, which is insufficient for some
> sites that would prefer finer granularity in the application of message size
> limits. This is particularly useful for mail hosts that manage several
> domains and/or a large number of users, such as an ISP."
> 
> I don't know at what point the connection is broken if the message is too
> large but I would hope that It happens as soon as the message size limit is
> reached during the transmission. This milter is a free source download so if
> you can read the code it you could find out - or contact the author.

Thanks - this looks interesting, but it won't solve the problem in my
case.  If a server does not announce the size in the MAIL FROM command:

	EHLO mail.mango.zw
	250-mail.example.com Hello mail.mango.zw [196.201.16.130], pleased to meet you
	250-ENHANCEDSTATUSCODES
	250-8BITMIME
	250-SIZE 2097152
	250-DSN
	250-ONEX
	250-XUSR
	250 HELP
	MAIL FROM:<mailscanner at mango.zw> SIZE=2304
                                         ^^^^^^^^^
then the recipient will have no idea of the size until the end of the DATA 
phase.  It has to accept the whole message, and the protocols do not allow 
you to disconnect during the DATA phase.  The milter above seems very 
handy but will only work if the ESMTP SIZE extension is used.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service

More information about the MailScanner mailing list