Postfix: controlling attachment size limits

One of the famous problems, if you're building up a corporate email server, might be an email attachment size, that is allowed for your users to send as emails. On newbie's questions on forums most of gurus are pointing to policyd. Obviously, this plugin is more than amazing, works more than perfect and pretty fast as well. But.. It wont control the attachment size. It's plugin "Quotas" is only to control the amount of sent messages and consumed bandwidth, but not to control a single message size.

NOTE: MessageCumulativeSize will never block your first message with attachment, even it's size is exceeding the limits of hundred times! The first message will always go through. Read this: https://www.mail-archive.com/users@lists.policyd.org/msg01962.html

So this is not what I expected. I'd like to have a simple plugin, that BLOCKS the message sending, if it's size is larger, than I would allow. And I came up with this simple path.

Go to /usr/lib64/policyd-2.0/cbp/modules/ or wherever your cbpolicyd files stored and modify  Quotas.pm or make a patch like this (name it Quotas.pm.patch):

[root@server modules]# cat Quotas.pm.patch

--- Quotas.pm.orig      2014-07-25 21:01:38.332494503 -0400
+++ Quotas.pm   2014-07-25 22:24:08.297785096 -0400
@@ -101,7 +101,6 @@
        #   stage
        #
        if ($sessionData->{'ProtocolState'} eq "RCPT") {
-
                # Key tracking list, if quotaExceeded is not undef, it will contain the msg
                my %newCounters;  # Indexed by QuotaLimitsID
                my @trackingList;
@@ -414,7 +413,24 @@
                                                        if (lc($limit->{'Type'}) eq "messagecumulativesize") {
                                                                # Bump up counter
                                                                my $currentCounter = $qtrack->{'Counter'} + $sessionData->{'Size'};
-
+
+#-------------------------------# Added by SHIRKER
+                                                              # $server->maillog("DEBUG Quota TESTTTTT START!! Quota=%s MessageSize=%s",
+                                                              #                $limit->{'CounterLimit'},
+                                                              #                $sessionData->{'Size'});
+
+                                                               if ($sessionData->{'Size'} > $limit->{'CounterLimit'}){
+                                                               # $server->maillog("DEBUG Quota TESTTTTT DONE!! Quota=%s MessageSize=%s" Verdict=%s",
+                                                               # $limit->{'CounterLimit'},
+                                                               # $sessionData->{'Size'},
+                                                              # $quota->{'Verdict'});
+
+                                                                       # Set verdict
+                                                                       $verdict = $quota->{'Verdict'};
+                                                               }
+#-------------------------------# END added by Shirker
+#
+#
                                                                # Update database
                                                                my $sth = DBDo("
                                                                        UPDATE

Then apply it:

patch Quotas.pm < Quotas.pm.patch

cbpolicy email notifier

I come up with a script, that parses maillog and sends email notification to specified admin's email. take a look:

#!/bin/bash
# Usage:
# cbpolicy_notifier <LINES TO PARSE> <MAIL TO>

LINES=$1
MAIL_TO=$2

if [ -z "$2" ] || [ ! -z "$3" ];then
    echo ""
    echo "ERROR: $0 requires number munber of lines to parse and valid email to notify you"
    echo ""
    echo "Usage: $0 <LINES TO PARSE> <MAIL TO>"
    echo ""
    exit
fi

EMAILMESSAGE="/tmp/cbpolicy_notifier_`date +%Y-%m-%d_%H-%M`.txt"
HOST_NAME=$(hostname)
MAIL_FROM=postmaster@$HOST_NAME

for i in `tail -$LINES /var/log/maillog  | grep cbpolicy | grep reject | grep -v "from=root@" | grep "track=Sender" | grep -oP '(?<=from=).*?(?=,)' | uniq`;
do
        echo $i
        V_EMAIL=$i
        MSG_SUBJECT_ADMIN="$HOST_NAME::Outbound email quota was exceeded for $V_EMAIL"
        MSG_SUBJECT_USER="WARNING::Your outbound email hourly quota was exceeded"
        echo "We have encountered outbound email overlimiting for $V_EMAIL" > $EMAILMESSAGE
        echo "" >> $EMAILMESSAGE
        LOG_SAMPLE=$(tail -$LINES /var/log/maillog  | grep cbpolicy | grep reject | grep -v "from=root@" | grep $V_EMAIL )
        echo "This is the log sample" >> $EMAILMESSAGE
        echo "" >> $EMAILMESSAGE
        echo "$LOG_SAMPLE" >> $EMAILMESSAGE
        /bin/mailx -r "$MAIL_FROM" -s "$MSG_SUBJECT_ADMIN" "$MAIL_TO" < $EMAILMESSAGE

        echo "Dear customer." > $EMAILMESSAGE
        echo "" >> $EMAILMESSAGE
        echo "Your hourly outbound email quota was overlimited. Please reduce amount of emails you are sending out." >> $EMAILMESSAGE
        /bin/mailx -r "$MAIL_FROM" -s "$MSG_SUBJECT_USER" "$V_EMAIL" < $EMAILMESSAGE
done

add this to cron, just specify num of lines to parse and email. Like this:

*/15 * * * * /usr/local/sbin/cbpolicy_notifier 500 support@example.com