Re: allow any size attachment for only a few individuals
Before going this way, please start considering if you really want to offer "unlimited" message sizes to any of your customers. If you do this, it means you have to disable the maximum size settings defined by your mail flow policies (which are also displayed in the ESMTP greeting). This way it's quite easy to overload your system with only a few connections. (Just send 4.5GB ISO images from 20 individual senders and at least your internet connection is overloaded) I think it's better to have some limit (even if it is 250MB) than no limit at all. Please also understand the way ESMPT is handling message sizes, it there is a max size in the ESMPT greeting the sending system does not send a message that exceeds that limit at all. This means your connection is not loaded with a large message that will be bounce later on. If you apply limits lower that this global settings (or during SMTP connections) the sending server starts transmitting the message until the maximum is reached. At that moment your server discards the message but it can mean that (if your limit is 500MB) the sending server has delivered 500 useless MB’s over your line.
To accomplish user (group) based sizes you define the max size to your maximum needs (or no max size) in the Mail Flow Policies ("Mail Policies" tab, "Mail Flow Policies" option). After that you create two content filters one "normal Size limits" that contains a size filter that you want to apply to your normal users. (Message condition: “Message Size” / greater than xxMB & Message Actions: (if you want: Notify the sender and) drop message. I would suggest not bouncing large messages since this implies that you will send the message back to the return address. This is, again, a load on your internet connection) Finally you create a special "Incoming Mail Policy" for your group of "mammoth size users". I suggest you use an LDAP query to provision the members of this group, but manually adding the addresses is also possible. To this group you apply all the filters you have for your default settings except size limit filter. The "normal size limits" filter must be added to your default settings.
That should do the trick…. But be sure you know what you are doing!
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...