Re: Dovecot quota and Postfix smtpd_recipient_restrictions?

2019-03-21 Thread Davide Marchi via dovecot 

Well,

so the right syntax (in my case) would be:

-o smtpd_recipient_restrictions = 
reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject,check_policy_service

inet:mailstore.example.com:12340

right??
I configured it before the "permit_sasl_authenticated" and the "reject" 
statement.




I've a doubt (again): Is it correct the the space between "[..]service" 
and "inet[..]"? As suggested here: 
https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html


I've run:

postconf smtpd_recipient_restrictions=check_policy_service 
inet:mailstore.example.com:12340


but obtain the error:

postconf: fatal: missing '=' after attribute name: 
"inet:mailstore.example.com:12340"


Please, which is the correct syntax? :-)


Thanks again!

Davide

Re: Dovecot quota and Postfix smtpd_recipient_restrictions?

2019-03-21 Thread Davide Marchi via dovecot 

From: Urban Loesch 
Hi,


Well,

so the right syntax (in my case) would be:

-o smtpd_recipient_restrictions = 
reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject,check_policy_service

inet:mailstore.example.com:12340

right??
I configured it before the "permit_sasl_authenticated" and the "reject" 
statement.




And eventually, should you suggest me how made some functional 
verification test?
According to: http://www.postfix.org/SMTPD_POLICY_README.html try on 
your postfix:


telnet mailstore.example.com 12340

and insert the following lines:

sender=somesen...@somedomain.com
recipient=y...@recipient.com
size=12345
[empty line]


Set a size= in bytes which is greater that your configured quota.
In theory the policy service should respond with your configured error 
message "552 5.2.2 Mailbox is full".


Example on my server:

...
sender=postmas...@somedomain.com
recipient=m...@recipient.com
size=12345000

action=552 5.2.2 Mailbox is full
...


For a livetest reduce the quota of your testaccount to ex. 100KB and 
the send a mail > 100BK from outside to it. You should see the "552" 
error
message in your logs and you should get back a bouncemail from the 
sending server.


Hope I explained it correct.

Best
Urban



WAW! Very very clear your example!

Thanks again Urban, you are a friend ;-)

I will try...


Thanks again to all!


Davide





--
cosmogoniA
n o p r o v a r e n o f a r e o n o n f a r e n o n c e p r o v a r e

Re: Dovecot quota and Postfix smtpd_recipient_restrictions?

2019-03-20 Thread Davide Marchi via dovecot 

From: Urban Loesch

Hi,

I would like to enable (the same) quota (count) for all 
(virtual)users,

on Debian Stretch, Postfix 3.1.8, Dovecot 2.2.27,
and is not clear for me if I need to tell Postfix to communicate with 
the service in /etc/postfix/main.cf as here:



smtpd_recipient_restrictions =
 ...
 check_policy_service inet:mailstore.example.com:12340

I configured it like your example above and it works for me.

Best
Urban


Well,

so the right syntax (in my case) would be:

-o smtpd_recipient_restrictions = 
reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject,check_policy_service 
inet:mailstore.example.com:12340


right?  :-)


And eventually, should you suggest me how made some functional 
verification test?



Many many many thanks Urban!! ;-)


Davide

Dovecot quota and Postfix smtpd_recipient_restrictions?

2019-03-19 Thread Davide Marchi via dovecot 

Hi Friends,

a doubt:

I would like to enable (the same) quota (count) for all (virtual)users,
on Debian Stretch, Postfix 3.1.8, Dovecot 2.2.27,
and is not clear for me if I need to tell Postfix to communicate with 
the service in /etc/postfix/main.cf as here:



smtpd_recipient_restrictions =
...
check_policy_service inet:mailstore.example.com:12340



My current Postfix "smtpd_recipient_restrictions":


-o 
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject




Currently I've edited:



conf.d/10-mail.conf:

# Space separated list of plugins to load for all services. Plugins 
specific to

# IMAP, LDA, etc. are added to this list in their own .conf files.
mail_plugins = $mail_plugins quota


conf.d/20-imap.conf:

protocol imap {
  # Space separated list of plugins to load (default is global 
mail_plugins).

  mail_plugins = $mail_plugins imap_quota
}


conf.d/90-quota.conf: (for use with the quota-status service)

plugin {
quota_grace = 10%%
# 10% is the default
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}



/etc/dovecot/conf.d/90-quota.conf:

plugin {
quota = maildir
quota_rule = *:storage=3G
quota_rule2 = Trash:storage=+100M
  # LDA/LMTP allows saving the last mail to bring user from under quota 
to
  # over quota, if the quota doesn't grow too high. Default is to allow 
as
  # long as quota will stay under 10% above the limit. Also allowed e.g. 
10M.

  #quota_grace = 10%%
  # 10% is the default
  quota_status_success = DUNNO
  quota_status_nouser = DUNNO
  quota_status_overquota = "552 5.2.2 Mailbox is full"
}
plugin {
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
}
plugin {
  #quota = dirsize:User quota
  #quota = maildir:User quota
  #quota = dict:User quota::proxy::quota
  #quota = fs:User quota
quota = count:User quota
  # This is required - it uses "virtual sizes" rather than "physical 
sizes" for quota counting:

  quota_vsizes = yes
}
plugin {
  #quota = dict:user::proxy::quota
  #quota2 = dict:domain:%d:proxy::quota_domain
  #quota_rule = *:storage=102400
  #quota2_rule = *:storage=1048576
}
service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  user = dovecot
  unix_listener quota-warning {
user = vmail
  }
}
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}



Many many thanks!!


Davide

Re: Auto MX Email Client configuration, the right way?

2019-03-10 Thread Davide Marchi via dovecot 

Now I've seen the new RFC 6186 specification
(https://tools.ietf.org/html/rfc6186) that describe a "DNS way" to
achieve the same goal.

[..]
again:
[..]
When a user identifier is required, MUAs MUST first
use the full email address provided by the user, and if that 
results

in an authentication failure, SHOULD fall back to using the "local-
part" extracted from the email address.  This is in line with the
guidance outlined in Section 5.  If both these user identifiers
result in authentication failure, the MUA SHOULD prompt the user 
for

a valid identifier.
[..]

here I have the biggest doubt, in fact Thunderbird often uses only the
username and not the whole email address, both for incoming and 
outgoing

server...
Is any of you using this second way? And possibly, do you kniw if it
works with different clients (desktop and mobile)?


I've made some tests and this solution seems very serviceable, for the 
only exception for the user name on Thunderbird.
Unlike what is stated in this RFC, Thunderbird "takes" only the name and 
not the entire email address as the username.

Anyone knows if is it possible to communicate the username type via RFC?

Many thanks again!


Davide

Auto MX Email Client configuration, the right way?

2019-03-09 Thread Davide Marchi via dovecot 

Hi Friends!
An opinion.

I would like to facilitate the configuration of one's mail client 
(desktop or mobile) to my users server.
Some time ago I asked the same question and you suggested me to use 
"Automx".


So I started of good will and I looked for the Automx documentation. And 
here the problems started as I found several inconsistencies, even 
parameters (in official documentation) that produce Apache errors..
to complicate things, different path between deb packages and official 
version :-)


Now I've seen the new RFC 6186 specification 
(https://tools.ietf.org/html/rfc6186) that describe a "DNS way" to 
achieve the same goal.


[..]
4.  Guidance for MUAs

   By using SRV records as above, MUAs need initially only to prompt the
   user for their email address [RFC5322].  The "local-part" and
   "domain" portions are then extracted from the email address by the
   MUA.  The MUA uses the "domain" portion as the service domain to
   perform SRV lookups for the services it wants to configure.  If the
   SRV lookup is successful, the target FQDN and port for the service
   can be determined and used to complete MUA configuration.  If an SRV
   record is not found, the MUA will need to prompt the user to enter
   the FQDN and port information directly, or use some other heuristic.
   In the case of multiple SRV records returned for a particular
   service, the MUA MUST use the priority and weight fields in the
   record to determine which one to use (as per [RFC2782]).

[..]

again:
   [..]
   When a user identifier is required, MUAs MUST first
   use the full email address provided by the user, and if that results
   in an authentication failure, SHOULD fall back to using the "local-
   part" extracted from the email address.  This is in line with the
   guidance outlined in Section 5.  If both these user identifiers
   result in authentication failure, the MUA SHOULD prompt the user for
   a valid identifier.
   [..]

here I have the biggest doubt, in fact Thunderbird often uses only the 
username and not the whole email address, both for incoming and outgoing 
server...
Is any of you using this second way? And possibly, do you kniw if it 
works with different clients (desktop and mobile)?



Many many thanks!

Davide