Re: Dovecot quota and Postfix smtpd_recipient_restrictions?
Well, so the right syntax (in my case) would be: -o smtpd_recipient_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject,check_policy_service inet:mailstore.example.com:12340 right?? I configured it before the "permit_sasl_authenticated" and the "reject" statement. I've a doubt (again): Is it correct the the space between "[..]service" and "inet[..]"? As suggested here: https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html I've run: postconf smtpd_recipient_restrictions=check_policy_service inet:mailstore.example.com:12340 but obtain the error: postconf: fatal: missing '=' after attribute name: "inet:mailstore.example.com:12340" Please, which is the correct syntax? :-) Thanks again! Davide
Re: Dovecot quota and Postfix smtpd_recipient_restrictions?
From: Urban Loesch Hi, Well, so the right syntax (in my case) would be: -o smtpd_recipient_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject,check_policy_service inet:mailstore.example.com:12340 right?? I configured it before the "permit_sasl_authenticated" and the "reject" statement. And eventually, should you suggest me how made some functional verification test? According to: http://www.postfix.org/SMTPD_POLICY_README.html try on your postfix: telnet mailstore.example.com 12340 and insert the following lines: sender=somesen...@somedomain.com recipient=y...@recipient.com size=12345 [empty line] Set a size= in bytes which is greater that your configured quota. In theory the policy service should respond with your configured error message "552 5.2.2 Mailbox is full". Example on my server: ... sender=postmas...@somedomain.com recipient=m...@recipient.com size=12345000 action=552 5.2.2 Mailbox is full ... For a livetest reduce the quota of your testaccount to ex. 100KB and the send a mail > 100BK from outside to it. You should see the "552" error message in your logs and you should get back a bouncemail from the sending server. Hope I explained it correct. Best Urban WAW! Very very clear your example! Thanks again Urban, you are a friend ;-) I will try... Thanks again to all! Davide -- cosmogoniA n o p r o v a r e n o f a r e o n o n f a r e n o n c e p r o v a r e
Re: Dovecot quota and Postfix smtpd_recipient_restrictions?
From: Urban Loesch Hi, I would like to enable (the same) quota (count) for all (virtual)users, on Debian Stretch, Postfix 3.1.8, Dovecot 2.2.27, and is not clear for me if I need to tell Postfix to communicate with the service in /etc/postfix/main.cf as here: smtpd_recipient_restrictions = ... check_policy_service inet:mailstore.example.com:12340 I configured it like your example above and it works for me. Best Urban Well, so the right syntax (in my case) would be: -o smtpd_recipient_restrictions = reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject,check_policy_service inet:mailstore.example.com:12340 right? :-) And eventually, should you suggest me how made some functional verification test? Many many many thanks Urban!! ;-) Davide
Dovecot quota and Postfix smtpd_recipient_restrictions?
Hi Friends, a doubt: I would like to enable (the same) quota (count) for all (virtual)users, on Debian Stretch, Postfix 3.1.8, Dovecot 2.2.27, and is not clear for me if I need to tell Postfix to communicate with the service in /etc/postfix/main.cf as here: smtpd_recipient_restrictions = ... check_policy_service inet:mailstore.example.com:12340 My current Postfix "smtpd_recipient_restrictions": -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject Currently I've edited: conf.d/10-mail.conf: # Space separated list of plugins to load for all services. Plugins specific to # IMAP, LDA, etc. are added to this list in their own .conf files. mail_plugins = $mail_plugins quota conf.d/20-imap.conf: protocol imap { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins imap_quota } conf.d/90-quota.conf: (for use with the quota-status service) plugin { quota_grace = 10%% # 10% is the default quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full" } /etc/dovecot/conf.d/90-quota.conf: plugin { quota = maildir quota_rule = *:storage=3G quota_rule2 = Trash:storage=+100M # LDA/LMTP allows saving the last mail to bring user from under quota to # over quota, if the quota doesn't grow too high. Default is to allow as # long as quota will stay under 10% above the limit. Also allowed e.g. 10M. #quota_grace = 10%% # 10% is the default quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full" } plugin { quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u } plugin { #quota = dirsize:User quota #quota = maildir:User quota #quota = dict:User quota::proxy::quota #quota = fs:User quota quota = count:User quota # This is required - it uses "virtual sizes" rather than "physical sizes" for quota counting: quota_vsizes = yes } plugin { #quota = dict:user::proxy::quota #quota2 = dict:domain:%d:proxy::quota_domain #quota_rule = *:storage=102400 #quota2_rule = *:storage=1048576 } service quota-warning { executable = script /usr/local/bin/quota-warning.sh user = dovecot unix_listener quota-warning { user = vmail } } service quota-status { executable = quota-status -p postfix inet_listener { port = 12340 # You can choose any port you want } client_limit = 1 } Many many thanks!! Davide
Re: Auto MX Email Client configuration, the right way?
Now I've seen the new RFC 6186 specification (https://tools.ietf.org/html/rfc6186) that describe a "DNS way" to achieve the same goal. [..] again: [..] When a user identifier is required, MUAs MUST first use the full email address provided by the user, and if that results in an authentication failure, SHOULD fall back to using the "local- part" extracted from the email address. This is in line with the guidance outlined in Section 5. If both these user identifiers result in authentication failure, the MUA SHOULD prompt the user for a valid identifier. [..] here I have the biggest doubt, in fact Thunderbird often uses only the username and not the whole email address, both for incoming and outgoing server... Is any of you using this second way? And possibly, do you kniw if it works with different clients (desktop and mobile)? I've made some tests and this solution seems very serviceable, for the only exception for the user name on Thunderbird. Unlike what is stated in this RFC, Thunderbird "takes" only the name and not the entire email address as the username. Anyone knows if is it possible to communicate the username type via RFC? Many thanks again! Davide
Auto MX Email Client configuration, the right way?
Hi Friends! An opinion. I would like to facilitate the configuration of one's mail client (desktop or mobile) to my users server. Some time ago I asked the same question and you suggested me to use "Automx". So I started of good will and I looked for the Automx documentation. And here the problems started as I found several inconsistencies, even parameters (in official documentation) that produce Apache errors.. to complicate things, different path between deb packages and official version :-) Now I've seen the new RFC 6186 specification (https://tools.ietf.org/html/rfc6186) that describe a "DNS way" to achieve the same goal. [..] 4. Guidance for MUAs By using SRV records as above, MUAs need initially only to prompt the user for their email address [RFC5322]. The "local-part" and "domain" portions are then extracted from the email address by the MUA. The MUA uses the "domain" portion as the service domain to perform SRV lookups for the services it wants to configure. If the SRV lookup is successful, the target FQDN and port for the service can be determined and used to complete MUA configuration. If an SRV record is not found, the MUA will need to prompt the user to enter the FQDN and port information directly, or use some other heuristic. In the case of multiple SRV records returned for a particular service, the MUA MUST use the priority and weight fields in the record to determine which one to use (as per [RFC2782]). [..] again: [..] When a user identifier is required, MUAs MUST first use the full email address provided by the user, and if that results in an authentication failure, SHOULD fall back to using the "local- part" extracted from the email address. This is in line with the guidance outlined in Section 5. If both these user identifiers result in authentication failure, the MUA SHOULD prompt the user for a valid identifier. [..] here I have the biggest doubt, in fact Thunderbird often uses only the username and not the whole email address, both for incoming and outgoing server... Is any of you using this second way? And possibly, do you kniw if it works with different clients (desktop and mobile)? Many many thanks! Davide