Hi,
Can anyone help me with an acl to allow different users different message
sizes. What I would like to do is have a list of users and their allowed
message sizes (local_message_sizes) like so:
john: 10M
jimmy: 10M
james: 5M
peter: 512K
Then have an acl which sets a hard limit of say 256K for any user who is not
listed in that file.
I'm thinking something like the following:
deny
message = Message size exceeds limit set for user.
?
condition = ${if < {$message_size}{256k}{1}}
Can anyone help?
Thanks,

I think you would need to do a lookup like:

condition = ${if {$message_size}{${lookup{${lc:$local_part}} lsearch
{filename}}}{1}}

Please be aware of the doc that specifies the following:

hile running an ACL at the time of an SMTP RCPT command,
*$message_size*contains the size supplied on the MAIL command, or -1
if no size was given.
The value may not, of course, be truthful.

So you might want to assign the local_part or users as a variable for use in
the data acl stages.

Ed

26/10/06, Mark Ter Morshuizen <mark (AT) itbox (DOT) co.zawrote:

Hi,

Can anyone help me with an acl to allow different users different message
sizes. What I would like to do is have a list of users and their allowed
message sizes (local_message_sizes) like so:

john: 10M
jimmy: 10M
james: 5M
peter: 512K

Then have an acl which sets a hard limit of say 256K for any user who is
not
listed in that file.

I'm thinking something like the following:

deny
message = Message size exceeds limit set for user.
?
condition = ${if < {$message_size}{256k}{1}}

Can anyone help?

Thanks,

Hi Edward,

Thanks for the reply.

Thursday 26 2006 16:16, Edward St Pierre wrote:
I think you would need to do a lookup like:

condition = ${if {$message_size}{${lookup{${lc:$local_part}} lsearch
{filename}}}{1}}

I don't see how that addresses the default case where the user is not listed
in the file.

Please be aware of the doc that specifies the following:

hile running an ACL at the time of an SMTP RCPT command,
*$message_size*contains the size supplied on the MAIL command, or -1
if no size was given.
The value may not, of course, be truthful.

Ja, I'm assuming that any competent mailer would specify this correctly. If
spammers don't then so much the better.

So you might want to assign the local_part or users as a variable for use
in the data acl stages.
--
Ed

Mark Ter Morshuizen wrote:
Hi Edward,

Thursday 26 2006 16:16, Edward St Pierre wrote:
>I think you would need to do a lookup like:
>>
>condition = ${if {$message_size}{${lookup{${lc:$local_part}} lsearch
>{filename}}}{1}}

I don't see how that addresses the default case where the user is not listed
in the file.

Mark,

You could use "lsearch*" instead of lsearch, and put a "*: 256k" entry
at the end of your lookup file. That would probably be the simplest way
to take care of the default case.

Regards,
Tim

Thu, 26 2006, Mark Ter Morshuizen wrote:

Hi,

Can anyone help me with an acl to allow different users different message
sizes. What I would like to do is have a list of users and their allowed
message sizes (local_message_sizes) like so:

You cannot make this work reliably.[*] In the RCPT ACL, where you have each
recipient, the value of $message_size is what the sender said it was,
not what it really is. So you have to trust the sender. Sometimes the
sender won't tell you a size in advance, so you are even worse off. By
the time you have received the data, and therefore know the true size,
you can no longer reject individual recipients. This is a limitation of
SMTP. It's too S.

[*] Unless you accept only one recipient per message and delay all the
rest, which raises its own problems.

Martijn Grendelman wrote:
What about using :fail: in a router? We do it to block spam for certain
users while letting it through for others.
That leads to collateral spamming, and will eventually get you
blacklisted yourselves.
- Marc

Hi,

Marc Sherman wrote:
Martijn Grendelman wrote:
>What about using :fail: in a router? We do it to block spam for certain
>users while letting it through for others.

That leads to collateral spamming, and will eventually get you
blacklisted yourselves.

I am sorry, but I am not sure I understand that. Are you talking about
bounces that go to faked senders?

Thank you,
Martijn.

30 2006 10:08:37 +0100 Martijn Grendelman <martijn (AT) pocos (DOT) nl
wrote:

Hi,

Marc Sherman wrote:
>Martijn Grendelman wrote:
What about using :fail: in a router? We do it to block spam for certain
users while letting it through for others.
>>
>That leads to collateral spamming, and will eventually get you
>blacklisted yourselves.
>
I am sorry, but I am not sure I understand that. Are you talking about
bounces that go to faked senders?

That's what "collateral spamming" is.

Thank you,
Martijn.

Ian Eiloart wrote:
>Marc Sherman wrote:
Martijn Grendelman wrote:
What about using :fail: in a router? We do it to block spam for certain
users while letting it through for others.

That leads to collateral spamming, and will eventually get you
blacklisted yourselves.
>>
>I am sorry, but I am not sure I understand that. Are you talking about
>bounces that go to faked senders?

That's what "collateral spamming" is.

I wasn't familiar with that term, but I understand now. Instead of
:fail:ing those messages, I will quarantine them from now on.

Thank you,
Martijn.