Ancien patch for Postfix checking multiple recipients for Postfix’s Access Policy Delegation


Use the patch provided here at your own risk : do not use if you are not able to understand the code provided

Before using this patch, you may want to read this thread on the postfix-user mailing list where I was told: * that I am ill advised to want such a patch in postfix as its “//approach is fundamentally flawed//” * that this patch is too resource intensive

In order to address the last point, I made sure that : * the feature is turned off by default * the maximum among of memory available to the feature can be set.

With the default values :

smtpd_client_connection_count_limit (default: 50)
smtpd_recipient_limit (default: 1000)
line_length_limit (default: 2048)

The worse case memory utilisation for the feature is around 2Mb per smtpd instance which is 40Mb with the default settings - which are exceptionally large for the recipient limit. Limiting mails to 50 recipients makes the worse case overhead per smtpd 100kb.

40 Mb is indeed a lot for an old machine but on recent hardware it will not even be noticed (and this memory will only be allocated if the mails received have lots of recipients).

The other way to get all the recipients of a mail would be to track the “recipient” sent to the policy server at each RCPT using the “instance” attribute and use the result at the DATA state.

With this approach the policy server need : * to be called at each RCPT (and not only at DATA) * keep track of the recipients for each mail * to perform some cleaning should the connection close between the RCPT and DATA state

The patch provides two new configuration options: * a boolean : access_delegation_recipients, which need to be turned on to use the feature * an integer : smtpd_recipients_length_limit, which limit the among of memory the list of recipients can take, it is set to zero by default meaning that no limitation will be performed. Should its value be under “line_length_limit”, the value will be changed at run time to this default.

It changes the SMTPD POLICY Protocol adding a line starting with “recipients=”. The key contains a “\r” separated list of the mail recipients (or the single recipient, exactly as the recipient key). The list is only set during the DATA and END_OF_DATA state and only if the lenght of the string is under the value set in smtpd_recipients_lenght_limit.

This patch/feature is useful for : * boucing spam to a list of forged inexistent email addresses (especially when your MX and storage servers are not on the same machines). * to allow per domain policies, ie per domain white-listing, etc. * you tell me

You can download the “fourth” version (released the 26th of November 2007) of this `patch for postfix 2.6 20071111

I have updated the patch to apply cleanly on a more recent version of the patch for postfix 2.6 20080201 (which applies cleanly on postfix-2.5.1-rc1)

Should you have downloaded any previous version, please update as the third contain a memory leak which cause the memory utilisation to be up to two times what it should and any version before should simply not be used.

Thomas Mangin
Technology Enthusiast