[Dovecot] For Configuration Help: per-user quota for virtual users.
Dear dovecot list:
Could any experts help me on the configuration of per-user for dovecot on
FreeBSD 7.x with postfix-2.5.4,1.
I followed the howto of http://workaround.org/articles/ispmail-etch/, it
is an excellent file, my mailserver worked very well.
When I configured per-user quota plug-in, quota_rule with 20MB limits can
not be overrided by the Mysql query statement, Although I followed the
document at : http://wiki.dovecot.org/Quota.
Below is the output of dovecot --version, dovecot -n and dovecot-sql.conf.
Could any experts help me?
Thanks in advance !
Best Regards,
Forrest
-
ns1# dovecot --version
1.1.2
ns1# dovecot -n
# 1.1.2: /usr/local/etc/dovecot.conf
protocols: imap pop3 pop3s imaps
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
verbose_proctitle: yes
first_valid_gid: 0
mail_privileged_group: mail
mail_location: maildir:/home/vmail/%d/%n/Maildir
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail netscape-eoh
tb-extra-mailbox-sep
imap_client_workarounds(imap): delay-newmail netscape-eoh
tb-extra-mailbox-sep
imap_client_workarounds(pop3):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
mechanisms: plain login
passdb:
driver: sql
args: /usr/local/etc/dovecot-sql.conf
userdb:
driver: passwd
userdb:
driver: static
args: uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
plugin:
quota: maildir
quota_rule: *:storage=20M
quota_rule2: Trash:storage=10M
quota_warning: storage=95%% /usr/local/bin/quota-warning.sh 95
quota_warning2: storage=80%% /usr/local/bin/quota-warning.sh 80
ns1# grep -v '^ *\(#.*\)\?$' dovecot-sql.conf
driver = mysql
connect = host=127.0.0.1 dbname=** user=** password=
default_pass_scheme = PLAIN-MD5
password_query = SELECT email as user, password FROM view_users WHERE
email='%u';
user_query = select 5000 as uid, 5000 as gid, '/home/vmail/%d/%n' as home, \
concat('*:bytes=', quota_bytes) as quota_rule \
from email_quota where email = '%u'
Re: [Dovecot] [dspam-users] mysql fetch row error
Hi Steve, MTA = Postfix I have amavis - spamassassin - dspam installed. i think spamassassin scnas after dspam, cuase in the mail headers dspam comes at first. I use Dovecot as Imap Server OS = Gentoo Linux i put the config of dspam here = http://rafb.net/p/VCX8XO97.html if u need more confs just tell me , i can paste then marko Steve schrieb: Hallo Marko This is not normal. DSPAM does not add the encoding. It must be something else you are using/doing to get that tagged with the encoding in front of every DSPAM tag. And I don't see the DSPAM signature in your header. This is not normal. If you have the other DSPAM header lines, then you should have the result as well. What MTA are you using? How is the integration between MTA and DSPAM? Do you have other filters running before and after DSPAM? What IMAP server are you using? What OS are you using? Could you post your DSPAM config? (Grüsse aus Zürich) // Steve Original-Nachricht Datum: Sat, 15 Nov 2008 10:37:38 +0100 Von: Marko Weber [EMAIL PROTECTED] An: [EMAIL PROTECTED] [EMAIL PROTECTED] Betreff: Re: [dspam-users] mysql fetch row error Hello Steve this is the full Header of a spam mail where the training also fails. withe the mysql fetch error. marko Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from localhost (localhost [127.0.0.1]) by salonwebserver.de (Postfix) with ESMTP id 02C8613BC09B for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:38:09 +0100 (CET) X-DSPAM-Result: =?iso-8859-1?Q?Spam=0D?= X-DSPAM-Confidence: =?iso-8859-1?Q?0.7177=0D?= X-DSPAM-Probability: =?iso-8859-1?Q?1.=0D?= ?iso-8859-1?Q?491de1b0254959695846858=0D?= X-DSPAM-Factors: 15, X-Virus-Scanned: amavisd-new at salonwebserver.de X-Spam-Flag: NO X-Spam-Score: 2.415 X-Spam-Level: ** X-Spam-Status: No, score=2.415 tagged_above=-1000 required=2.5 tests=[DNS_FROM_SECURITYSAGE=0.127, RCVD_IN_BL_SPAMCOP_NET=2.188, RDNS_DYNAMIC=0.1] Received: from salonwebserver.de ([127.0.0.1]) by localhost (kraftwerk1.salonwebserver.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nOQQilMNvp-o for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:38:07 +0100 (CET) Received: from zackbummfertig.de (static.243.42.46.78.clients.your-server.de [78.46.42.243]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by salonwebserver.de (Postfix) with ESMTPS id E86BD13BC078 for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:38:06 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by zackbummfertig.de (Postfix) with ESMTP id BC4BDECC067 for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:37:46 +0100 (CET) X-Virus-Scanned: amavisd-new at zackbummfertig.de Received: from zackbummfertig.de ([127.0.0.1]) by localhost (weberweb.zackbummfertig.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xr6ayW0lyDGC for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:37:43 +0100 (CET) Received: from rachel22b12579 (unknown [78.146.113.186]) by zackbummfertig.de (Postfix) with SMTP id 3E83CECC040 for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:37:43 +0100 (CET) Date: Fri, 14 Nov 2008 20:38:01 + From: Chrystal Huddleston [EMAIL PROTECTED] Subject: gambling slot machines To: [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] Organization: fightingbobfest.org MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Priority: 3 (Normal) Steve schrieb: Can you post the full header of the message in question? Original-Nachricht Datum: Fri, 14 Nov 2008 23:18:39 +0100 Von: Marko Weber [EMAIL PROTECTED] An: [EMAIL PROTECTED] [EMAIL PROTECTED] Betreff: Re: [dspam-users] mysql fetch row error Hi Steve, this sed thing dont worked for me.. sorry how i can get dspam working without this mysql fetch error ? u have any hints ? marko Steve schrieb: Original-Nachricht Datum: Fri, 14 Nov 2008 18:11:55 +0100 Von: Marko Weber [EMAIL PROTECTED] An: [EMAIL PROTECTED] [EMAIL PROTECTED] Betreff: [dspam-users] mysql fetch row error Hello to all in the Mailinglist, i installed dspam on our server and it works so far that incoming mails are tagged by dspam. i installed dovecot-antispam for retraining. when in try to retrain a mail i get this in the dspam.debug log = 9056: [11/14/2008 15:23:01] mysql_fetch_row() failed in _ds_get_signature in the /var/log/messages log i get this = Nov 14 15:29:25 kraftwerk1 imap: antispam: /usr/bin/dspam --source=error --class=spam
Re: [Dovecot] [dspam-users] mysql fetch row error
sorry wrong list Marko Weber schrieb: Hi Steve, MTA = Postfix I have amavis - spamassassin - dspam installed. i think spamassassin scnas after dspam, cuase in the mail headers dspam comes at first. I use Dovecot as Imap Server OS = Gentoo Linux i put the config of dspam here = http://rafb.net/p/VCX8XO97.html if u need more confs just tell me , i can paste then marko Steve schrieb: Hallo Marko This is not normal. DSPAM does not add the encoding. It must be something else you are using/doing to get that tagged with the encoding in front of every DSPAM tag. And I don't see the DSPAM signature in your header. This is not normal. If you have the other DSPAM header lines, then you should have the result as well. What MTA are you using? How is the integration between MTA and DSPAM? Do you have other filters running before and after DSPAM? What IMAP server are you using? What OS are you using? Could you post your DSPAM config? (Grüsse aus Zürich) // Steve Original-Nachricht Datum: Sat, 15 Nov 2008 10:37:38 +0100 Von: Marko Weber [EMAIL PROTECTED] An: [EMAIL PROTECTED] [EMAIL PROTECTED] Betreff: Re: [dspam-users] mysql fetch row error Hello Steve this is the full Header of a spam mail where the training also fails. withe the mysql fetch error. marko Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from localhost (localhost [127.0.0.1]) by salonwebserver.de (Postfix) with ESMTP id 02C8613BC09B for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:38:09 +0100 (CET) X-DSPAM-Result: =?iso-8859-1?Q?Spam=0D?= X-DSPAM-Confidence: =?iso-8859-1?Q?0.7177=0D?= X-DSPAM-Probability: =?iso-8859-1?Q?1.=0D?= ?iso-8859-1?Q?491de1b0254959695846858=0D?= X-DSPAM-Factors: 15, X-Virus-Scanned: amavisd-new at salonwebserver.de X-Spam-Flag: NO X-Spam-Score: 2.415 X-Spam-Level: ** X-Spam-Status: No, score=2.415 tagged_above=-1000 required=2.5 tests=[DNS_FROM_SECURITYSAGE=0.127, RCVD_IN_BL_SPAMCOP_NET=2.188, RDNS_DYNAMIC=0.1] Received: from salonwebserver.de ([127.0.0.1]) by localhost (kraftwerk1.salonwebserver.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nOQQilMNvp-o for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:38:07 +0100 (CET) Received: from zackbummfertig.de (static.243.42.46.78.clients.your-server.de [78.46.42.243]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by salonwebserver.de (Postfix) with ESMTPS id E86BD13BC078 for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:38:06 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by zackbummfertig.de (Postfix) with ESMTP id BC4BDECC067 for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:37:46 +0100 (CET) X-Virus-Scanned: amavisd-new at zackbummfertig.de Received: from zackbummfertig.de ([127.0.0.1]) by localhost (weberweb.zackbummfertig.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xr6ayW0lyDGC for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:37:43 +0100 (CET) Received: from rachel22b12579 (unknown [78.146.113.186]) by zackbummfertig.de (Postfix) with SMTP id 3E83CECC040 for [EMAIL PROTECTED]; Fri, 14 Nov 2008 21:37:43 +0100 (CET) Date: Fri, 14 Nov 2008 20:38:01 + From: Chrystal Huddleston [EMAIL PROTECTED] Subject: gambling slot machines To: [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] Organization: fightingbobfest.org MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Priority: 3 (Normal) Steve schrieb: Can you post the full header of the message in question? Original-Nachricht Datum: Fri, 14 Nov 2008 23:18:39 +0100 Von: Marko Weber [EMAIL PROTECTED] An: [EMAIL PROTECTED] [EMAIL PROTECTED] Betreff: Re: [dspam-users] mysql fetch row error Hi Steve, this sed thing dont worked for me.. sorry how i can get dspam working without this mysql fetch error ? u have any hints ? marko Steve schrieb: Original-Nachricht Datum: Fri, 14 Nov 2008 18:11:55 +0100 Von: Marko Weber [EMAIL PROTECTED] An: [EMAIL PROTECTED] [EMAIL PROTECTED] Betreff: [dspam-users] mysql fetch row error Hello to all in the Mailinglist, i installed dspam on our server and it works so far that incoming mails are tagged by dspam. i installed dovecot-antispam for retraining. when in try to retrain a mail i get this in the dspam.debug log = 9056: [11/14/2008 15:23:01] mysql_fetch_row() failed in _ds_get_signature in the /var/log/messages log i get this = Nov 14 15:29:25 kraftwerk1 imap: antispam: /usr/bin/dspam --source=error --class=spam
Re: [Dovecot] Dovecot and Bogofilter
Matthias-Christian Ott wrote: Hi, on my small Xen-virtualised server with 48 MiB RAM I use Postfix and Dovecot, because the Debian administrators dislike qmail [1], which is in my opinion despite some maintainability and code quality issues a quite well designed software, because it mostly follows the UNIX principles. Postfix is not able to sort my E-Mail into different Maildir folders postfix can, with the help of other programs. unix principles, you know ;-p postfix can pass mail to any program you want. A wrapper would do something like - pass the message to a filter. - save the filtered message to a temp file - parse the temp file to determine the destination folder - run dovecot deliver with the -m option to specify the destination folder of course, you need to catch errors. maildrop may be a better tool at this job, though. and after I looked at procmail's source code, I decided to use Dovecot's LDA, because it supports sieve via a plugin. All in all it worked after some tweaking and Dovecot is now responsible for authentication and delivery. Furthermore I want to setup a spam filter and due to the memory constraints I decided in favour of bogofilter (I made no real world tests, but the authors claim that it's fast and has a small memory footprint). My first idea was train bogofilter via a cronjob that runs bogofilter for each E-Mail in my spam folder and deletes them afterwards. Then I stumbled upon the dovecot antispam [2] plugin and quickly wrote a backend for bogofilter. During the development I realised that bogofilter has to update the X-Bogosity header of the reclassified E-Mails. Johannes Berg told me that he wasn't sure whether dovecot would be able to do this and recommended to ask this on the mailing list. one possibility would be - deliver the reclassified message - if ok, delete the original one. this means the plugin needs to know the file location. An other problem is that each mail needs to be initially classified and due to the fact that sieve is not able to execute external programmes, deliver has to do this task. I'm currently thinking of possibilities to implement this, so far I came up with the following: 1. Write a generic pipe plugin which can execute an arbitrary number of programmes. The problem with this is that I'm not sure how to integrate this is in Dovecot's configuration file. I thought of something like this: pipe = prg1 | prg2 keep it simple ... if you need to pipe between multiple programs, just use shell wrappers. 2. Write a bogofilter-specific plugin for this. I guess we will end up with a foo-specific plugin, for every possible foo filter. A generic plugin is better even if that means executing shell wrappers. Anyhow I would like to take this opportunity to criticise Dovecot for being a bloated (unnecessary abstractions, verbose, pseudo object-oriented, ...), non-suckless [3] and non-unixish (plugin architecture, monolithic design, ...) software which in return works quite well and stable so far. ot non-unixish? well - plugins are simply loadable libraries. if you think they are windowish, you are wrong. They fit perfectly into the simple pieces of code to do fewtasks philosophy. just because dynamic libs weren't usable a long time ago doesn't mean unix should stick with old stuff. - the unix kernel is monolithic. loadable modules support has been added but the kernel is still a large piece of code. - and before I forget, my favourite provaction: unix is obsolete ;-p /ot I appreciate any suggestions, ideas or criticism. I would really like to finish configuring my mail server as soon as possible. Regards, Matthias-Christian [1] http://smarden.org/pape/Debian/1215531259.4854_332.werc [2] http://johannes.sipsolutions.net/Projects/dovecot-antispam [3] http://www.suckless.org/common/
Re: [Dovecot] antispam plugin claims antispam signature not found
Sounds like the training is working with your patch : Nov 15 11:13:59 ks29138 imap: antispam: plugin initialising (1.1-notgit) Nov 15 11:13:59 ks29138 imap: antispam: Trash is trash folder Nov 15 11:13:59 ks29138 imap: antispam: Spam is spam folder Nov 15 11:13:59 ks29138 imap: antispam: no unsure folders Nov 15 11:13:59 ks29138 imap: antispam: dspam binary set to /usr/bin/dspam Nov 15 11:13:59 ks29138 imap: antispam: signature header line is X-DSPAM-Signature Nov 15 11:13:59 ks29138 imap: antispam: will silently move mails with missing signature Nov 15 13:05:37 ks29138 imap: antispam: mailbox_is_unsure(Spam): 0 Nov 15 13:05:37 ks29138 imap: antispam: mailbox_is_trash(INBOX): 0 Nov 15 13:05:37 ks29138 imap: antispam: mailbox_is_trash(Spam): 0 Nov 15 13:05:37 ks29138 imap: antispam: mail copy: from trash: 0, to trash: 0 Nov 15 13:05:37 ks29138 imap: antispam: mailbox_is_spam(INBOX): 0 Nov 15 13:05:37 ks29138 imap: antispam: mailbox_is_spam(Spam): 1 Nov 15 13:05:37 ks29138 imap: antispam: mailbox_is_unsure(INBOX): 0 Nov 15 13:05:37 ks29138 imap: antispam: mail copy: src spam: 0, dst spam: 1, src unsure: 0 Nov 15 13:05:37 ks29138 imap: antispam: /usr/bin/dspam --source=error --class=spam --signature=491eb6f2313798800310897 And without the patch : Nov 15 13:18:42 ks29138 imap: antispam: plugin initialising (1.1-3-g03a1d10) Nov 15 13:18:42 ks29138 imap: antispam: Trash is trash folder Nov 15 13:18:42 ks29138 imap: antispam: Spam is spam folder Nov 15 13:18:42 ks29138 imap: antispam: no unsure folders Nov 15 13:18:42 ks29138 imap: antispam: dspam binary set to /usr/bin/dspam Nov 15 13:18:42 ks29138 imap: antispam: signature header line is X-DSPAM-Signature Nov 15 13:18:45 ks29138 imap: antispam: mailbox_is_unsure(Spam): 0 Nov 15 13:18:45 ks29138 imap: antispam: mailbox_is_trash(INBOX): 0 Nov 15 13:18:45 ks29138 imap: antispam: mailbox_is_trash(Spam): 0 Nov 15 13:18:45 ks29138 imap: antispam: mail copy: from trash: 0, to trash: 0 Nov 15 13:18:45 ks29138 imap: antispam: mailbox_is_spam(INBOX): 0 Nov 15 13:18:45 ks29138 imap: antispam: mailbox_is_spam(Spam): 1 Nov 15 13:18:45 ks29138 imap: antispam: mailbox_is_unsure(INBOX): 0 Nov 15 13:18:45 ks29138 imap: antispam: mail copy: src spam: 0, dst spam: 1, src unsure: 0 Nov 15 13:18:45 ks29138 imap: antispam: /usr/bin/dspam --source=error --class=spam --signature=491eb6f2313798800310897 I tried with some new mails this time. Guillaume HILT a écrit : Not really, I haven't tried it with some new mails. I had this problem with some old one I imported from my previous server (i used spamassassin and courier-imap). I'll try to test the training and if it's not working, I'll revert to the svn version. It's not a big deal anyway if I can't use some old mails to train the plugin. Johannes Berg a écrit : On Fri, 2008-11-14 at 16:53 +0100, Guillaume HILT wrote: Ok, i updated the files by hand, and it's working like a charm :) Thanks for the patch Johannes. Umm, you realise that now it's not training at all, right? That's why the docs there say don't use this patch unless you verified that it works first. Unless you really had this problem only with some large emails? johannes -- Guillaume Hilt
Re: [Dovecot] IMAP ACLs and global ACLs in v1.2
On Nov 16, 2008, at 5:09 AM, Timo Sirainen wrote: Any thoughts? Also: Users probably shouldn't be able to remove administrator access from themselves in their own mailboxes? A global ACL would be able to do that, but if there are no global ACLs I'm thinking that the admin access would be allowed regardless of how the local ACLs are configured. The admin access could be removed by one of owner, user or group-override. I think maybe SETACL owner could refuse to drop the 'a' right (wouldn't give an error, but it would just not remove it), but if user or group-override drops the admin right there's nothing to be done there. Instead then GETACL's output just wouldn't match MYRIGHTS output. I'm not sure what to do about ACLs when renaming a private mailbox to shared namespace. Currently this isn't even possible, but it should be pretty easy to implement. In this case user could lose access to the entire mailbox if ACLs aren't set properly. Perhaps the RENAME could add user=name all rights automatically when renaming the mailbox? And if adding that didn't give user 'lra' rights (because of group- override or global ACLs) it would refuse the RENAME? After those checks at least it would be guaranteed that user has some access to the mailbox and hopefully even be able to RENAME it back if it was an accident. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] IMAP ACLs and global ACLs in v1.2
On Nov 16, 2008, at 5:09 AM, Timo Sirainen wrote: Any thoughts? 1. How to handle anyone and authenticated? It might be nice to let users share mailboxes, but if they'll start spamming their mailboxes visible to everyone it'll get really annoying and fast. So I'm thinking about a setting: acl_anyone = allow : Let them do what they intended to do. Admins could have this setting set. acl_anyone = disallow : Don't allow user to add any ACLs with them. Fail with NO if tried. acl_anyone = domain : Treat them as alias for [EMAIL PROTECTED] which matches all users from the user's domain ([EMAIL PROTECTED] matching not implemented yet). The default would probably be disallow. 2. There probably need to be some limits to how many different users and groups can be used by ACLs and perhaps a limit to how many ACLs in general each mailbox can have. The latter limit could be configurable, defaulting to 100 maybe? The former then would require tracking the users and groups somehow. Actually the reason why I'm even thinking about it is because of mailbox listing. I was planning on storing to a dict sharing_user/ acl_user and sharing_user/acl_group keys for each (non-negative) ACL in user's mailboxes. So to prevent user from spamming the dict full there would have to be some kind of a limit for this. Again perhaps 100 as the default. The current value could always be read by iterating through sharing_user/* in dict and counting how many entries there are. PGP.sig Description: This is a digitally signed message part
