But is there a maximum length?
I don't actually know how smf implements this. You can download a copy of it, and find out yourself. (I found some references that it uses SHA1, but have not verified that)
But in general:
With any decent software your password is not stored on the server. Instead a hash function is applied and the resulting hash is stored.
When you login, the same function is applied, and the result must match.
The hash usually has a fixed length.
E.g. a relatively good SHA256 is 256 bit long => that is there are 2 to the power of 256 possible values.
SHA1 has 160 bits.
Hashes are not collision free. If you test an infinity of passwords, you will find several passwords leading to the same value.
Which means that a password does not get more secure, once it passes a certain length. Because there will be very likely a shorter password, which has the same hash. (And hence will be accepted for login)
A-Z, a-z, 0-9, and maybe 10 special chars => 72 different values. For simplicity make that 64 which is 6 bit. 160 divided by 6 = 27.
So at about 30 truly random chars you reached the cut off. (Differs, if not truly random)
Some hashes may only occur with longer sequences. But you don't know which.