Re: Quota-status service on Director
Did you solve this problem of quota status? I am in the same situation right now, i would appreciate you let me know any helpfull information Sent with Aqua Mail for Android https://www.mobisystems.com/aqua-mail
Re: Quota-status service on Director
It is possible it will be supported in future, but for now it's not
supported.
Aki
On 27.09.2017 11:33, Dimos Alevizos wrote:
> Hi,
>
> is quota-status still not supported in proxy configuration ?
> Any chance it will be in the future ?
>
> Dimos
>
> On 10/10/2016 09:06 πμ, Aki Tuomi wrote:
>> Hi!
>>
>> quota-status is not supported in proxy configuration. You should use
>> quota_warning and quota_over_flag scripts instead.
>>
>> Aki
>>
>> On 08.10.2016 03:51, Michael Kliewe wrote:
>>> Hello,
>>> any news on this topic? I tried it again with Dovecot 2.2.25, but it's
>>> still not possible to run the quota-status services on the directors.
>>> They try to access the mailbox of the user, which they obviously
>>> cannot. I'm not sure why Dovecot tries to open the mailbox, I would
>>> have expected just a dict-query (SQL) to check the quota. If the
>>> mailbox has to be opened, it has to be done on the correct backend
>>> Dovecot of the user.
>>> Is there any chance to fix this problem? Or am I doing something wrong
>>> here?
>>> Kind regards
>>> Michael
>>>
>>> Am 23.02.2015 um 03:09 schrieb Michael Kliewe:
>>>> Hello,
>>>>
>>>> I'm trying to configure the quota-status service, but it seems I'm
>>>> not successful with my director setup (2.2.9). I activate the
>>>> quota-status service like this on my director server:
>>>>
>>>> $ cat 91-quota-status.conf
>>>> ##
>>>> ## Quota-Status configuration.
>>>> ##
>>>> # Load Module quota-status and listen on TCP/IP Port for connections.
>>>> service quota-status {
>>>>executable = quota-status -p postfix
>>>>inet_listener {
>>>> address = 10.0.1.44
>>>> port = 12340
>>>>}
>>>>client_limit = 1
>>>> }
>>>> # Plugin configuration.
>>>> # Return messages for requests by quota status: success, nouser and
>>>> overquota.
>>>> plugin {
>>>>quota_status_success = DUNNO
>>>>quota_status_nouser = DUNNO
>>>>quota_status_overquota = "552 5.2.2 Mailbox is over quota"
>>>> }
>>>>
>>>> After restarting the director service I try to query the quota status
>>>> service:
>>>>
>>>> printf "recipient=u...@domain.de\nsize=10\n\n" | nc 10.0.1.44 12340
>>>>
>>>> The output is:
>>>>
>>>> action=DEFER_IF_PERMIT Invalid user settings. Refer to server log for
>>>> more information.
>>>>
>>>> In the debug log of the director I see this:
>>>>
>>>> Feb 23 03:03:09 director01 dovecot: auth: Debug: userdb out: USER
>>>> 1 u...@domain.de
>>>> mail=mdbox:/mnt/data01/domain.de/user/maildir
>>>> home=/mnt/data01/domain.de/user proxy=Y master=
>>>> pass= uid=5000gid=1
>>>> quota_rule=*:storage=60593 quota_rule2=*:messages=10
>>>> Feb 23 03:03:09 director01 dovecot: quota-status(u...@domain.de):
>>>> Error: user u...@domain.de: Initialization failed: Namespace '':
>>>> mkdir(/mnt/data01/domain.de/user/maildir/mailboxes) failed:
>>>> Permission denied (euid=5000(vmail) egid=1(daemon) missing +w perm:
>>>> /mnt, dir owned by 0:0 mode=0755)
>>>>
>>>> So the quota status service tries to access the mailbox of the user
>>>> ON THE DIRECTOR. But the director has not mounted the mailboxes of
>>>> the users, that's what the backend dovecots are for (proxy=Y). So the
>>>> quota-status query is not proxied to the dovecot backend server I
>>>> would assume.
>>>>
>>>> Does that mean I have to start the quota-status service on the
>>>> dovecot backend servers and access it from the Postfix server
>>>> directly? Currently the Postfixes can only reach the directors, not
>>>> the backend servers.
>>>>
>>>> Is it possible to use the quota-status service on the director?
>>>>
>>>> Thanks for any hints and help
>>>> Michael
>
Re: Quota-status service on Director
Hi,
is quota-status still not supported in proxy configuration ?
Any chance it will be in the future ?
Dimos
On 10/10/2016 09:06 πμ, Aki Tuomi wrote:
> Hi!
>
> quota-status is not supported in proxy configuration. You should use
> quota_warning and quota_over_flag scripts instead.
>
> Aki
>
> On 08.10.2016 03:51, Michael Kliewe wrote:
>> Hello,
>> any news on this topic? I tried it again with Dovecot 2.2.25, but it's
>> still not possible to run the quota-status services on the directors.
>> They try to access the mailbox of the user, which they obviously
>> cannot. I'm not sure why Dovecot tries to open the mailbox, I would
>> have expected just a dict-query (SQL) to check the quota. If the
>> mailbox has to be opened, it has to be done on the correct backend
>> Dovecot of the user.
>> Is there any chance to fix this problem? Or am I doing something wrong
>> here?
>> Kind regards
>> Michael
>>
>> Am 23.02.2015 um 03:09 schrieb Michael Kliewe:
>>> Hello,
>>>
>>> I'm trying to configure the quota-status service, but it seems I'm
>>> not successful with my director setup (2.2.9). I activate the
>>> quota-status service like this on my director server:
>>>
>>> $ cat 91-quota-status.conf
>>> ##
>>> ## Quota-Status configuration.
>>> ##
>>> # Load Module quota-status and listen on TCP/IP Port for connections.
>>> service quota-status {
>>>executable = quota-status -p postfix
>>>inet_listener {
>>> address = 10.0.1.44
>>> port = 12340
>>>}
>>>client_limit = 1
>>> }
>>> # Plugin configuration.
>>> # Return messages for requests by quota status: success, nouser and
>>> overquota.
>>> plugin {
>>>quota_status_success = DUNNO
>>>quota_status_nouser = DUNNO
>>>quota_status_overquota = "552 5.2.2 Mailbox is over quota"
>>> }
>>>
>>> After restarting the director service I try to query the quota status
>>> service:
>>>
>>> printf "recipient=u...@domain.de\nsize=10\n\n" | nc 10.0.1.44 12340
>>>
>>> The output is:
>>>
>>> action=DEFER_IF_PERMIT Invalid user settings. Refer to server log for
>>> more information.
>>>
>>> In the debug log of the director I see this:
>>>
>>> Feb 23 03:03:09 director01 dovecot: auth: Debug: userdb out: USER
>>> 1 u...@domain.de
>>> mail=mdbox:/mnt/data01/domain.de/user/maildir
>>> home=/mnt/data01/domain.de/user proxy=Y master=
>>> pass= uid=5000gid=1
>>> quota_rule=*:storage=60593 quota_rule2=*:messages=10
>>> Feb 23 03:03:09 director01 dovecot: quota-status(u...@domain.de):
>>> Error: user u...@domain.de: Initialization failed: Namespace '':
>>> mkdir(/mnt/data01/domain.de/user/maildir/mailboxes) failed:
>>> Permission denied (euid=5000(vmail) egid=1(daemon) missing +w perm:
>>> /mnt, dir owned by 0:0 mode=0755)
>>>
>>> So the quota status service tries to access the mailbox of the user
>>> ON THE DIRECTOR. But the director has not mounted the mailboxes of
>>> the users, that's what the backend dovecots are for (proxy=Y). So the
>>> quota-status query is not proxied to the dovecot backend server I
>>> would assume.
>>>
>>> Does that mean I have to start the quota-status service on the
>>> dovecot backend servers and access it from the Postfix server
>>> directly? Currently the Postfixes can only reach the directors, not
>>> the backend servers.
>>>
>>> Is it possible to use the quota-status service on the director?
>>>
>>> Thanks for any hints and help
>>> Michael
Re: Quota-status service on Director
Hi!
quota-status is not supported in proxy configuration. You should use
quota_warning and quota_over_flag scripts instead.
Aki
On 08.10.2016 03:51, Michael Kliewe wrote:
> Hello,
> any news on this topic? I tried it again with Dovecot 2.2.25, but it's
> still not possible to run the quota-status services on the directors.
> They try to access the mailbox of the user, which they obviously
> cannot. I'm not sure why Dovecot tries to open the mailbox, I would
> have expected just a dict-query (SQL) to check the quota. If the
> mailbox has to be opened, it has to be done on the correct backend
> Dovecot of the user.
> Is there any chance to fix this problem? Or am I doing something wrong
> here?
> Kind regards
> Michael
>
> Am 23.02.2015 um 03:09 schrieb Michael Kliewe:
>> Hello,
>>
>> I'm trying to configure the quota-status service, but it seems I'm
>> not successful with my director setup (2.2.9). I activate the
>> quota-status service like this on my director server:
>>
>> $ cat 91-quota-status.conf
>> ##
>> ## Quota-Status configuration.
>> ##
>> # Load Module quota-status and listen on TCP/IP Port for connections.
>> service quota-status {
>>executable = quota-status -p postfix
>>inet_listener {
>> address = 10.0.1.44
>> port = 12340
>>}
>>client_limit = 1
>> }
>> # Plugin configuration.
>> # Return messages for requests by quota status: success, nouser and
>> overquota.
>> plugin {
>>quota_status_success = DUNNO
>>quota_status_nouser = DUNNO
>>quota_status_overquota = "552 5.2.2 Mailbox is over quota"
>> }
>>
>> After restarting the director service I try to query the quota status
>> service:
>>
>> printf "recipient=u...@domain.de\nsize=10\n\n" | nc 10.0.1.44 12340
>>
>> The output is:
>>
>> action=DEFER_IF_PERMIT Invalid user settings. Refer to server log for
>> more information.
>>
>> In the debug log of the director I see this:
>>
>> Feb 23 03:03:09 director01 dovecot: auth: Debug: userdb out: USER
>> 1 u...@domain.de
>> mail=mdbox:/mnt/data01/domain.de/user/maildir
>> home=/mnt/data01/domain.de/user proxy=Y master=
>> pass= uid=5000gid=1
>> quota_rule=*:storage=60593 quota_rule2=*:messages=10
>> Feb 23 03:03:09 director01 dovecot: quota-status(u...@domain.de):
>> Error: user u...@domain.de: Initialization failed: Namespace '':
>> mkdir(/mnt/data01/domain.de/user/maildir/mailboxes) failed:
>> Permission denied (euid=5000(vmail) egid=1(daemon) missing +w perm:
>> /mnt, dir owned by 0:0 mode=0755)
>>
>> So the quota status service tries to access the mailbox of the user
>> ON THE DIRECTOR. But the director has not mounted the mailboxes of
>> the users, that's what the backend dovecots are for (proxy=Y). So the
>> quota-status query is not proxied to the dovecot backend server I
>> would assume.
>>
>> Does that mean I have to start the quota-status service on the
>> dovecot backend servers and access it from the Postfix server
>> directly? Currently the Postfixes can only reach the directors, not
>> the backend servers.
>>
>> Is it possible to use the quota-status service on the director?
>>
>> Thanks for any hints and help
>> Michael
Re: Quota-status service on Director
Hello,
any news on this topic? I tried it again with Dovecot 2.2.25, but it's
still not possible to run the quota-status services on the directors.
They try to access the mailbox of the user, which they obviously cannot.
I'm not sure why Dovecot tries to open the mailbox, I would have
expected just a dict-query (SQL) to check the quota. If the mailbox has
to be opened, it has to be done on the correct backend Dovecot of the user.
Is there any chance to fix this problem? Or am I doing something wrong here?
Kind regards
Michael
Am 23.02.2015 um 03:09 schrieb Michael Kliewe:
Hello,
I'm trying to configure the quota-status service, but it seems I'm not
successful with my director setup (2.2.9). I activate the quota-status service
like this on my director server:
$ cat 91-quota-status.conf
##
## Quota-Status configuration.
##
# Load Module quota-status and listen on TCP/IP Port for connections.
service quota-status {
executable = quota-status -p postfix
inet_listener {
address = 10.0.1.44
port = 12340
}
client_limit = 1
}
# Plugin configuration.
# Return messages for requests by quota status: success, nouser and overquota.
plugin {
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is over quota"
}
After restarting the director service I try to query the quota status service:
printf "recipient=u...@domain.de\nsize=10\n\n" | nc 10.0.1.44 12340
The output is:
action=DEFER_IF_PERMIT Invalid user settings. Refer to server log for more
information.
In the debug log of the director I see this:
Feb 23 03:03:09 director01 dovecot: auth: Debug: userdb out: USER 1 u...@domain.de
mail=mdbox:/mnt/data01/domain.de/user/maildirhome=/mnt/data01/domain.de/user
proxy=Y master= pass= uid=5000gid=1
quota_rule=*:storage=60593 quota_rule2=*:messages=10
Feb 23 03:03:09 director01 dovecot: quota-status(u...@domain.de): Error: user
u...@domain.de: Initialization failed: Namespace '':
mkdir(/mnt/data01/domain.de/user/maildir/mailboxes) failed: Permission denied
(euid=5000(vmail) egid=1(daemon) missing +w perm: /mnt, dir owned by 0:0
mode=0755)
So the quota status service tries to access the mailbox of the user ON THE
DIRECTOR. But the director has not mounted the mailboxes of the users, that's
what the backend dovecots are for (proxy=Y). So the quota-status query is not
proxied to the dovecot backend server I would assume.
Does that mean I have to start the quota-status service on the dovecot backend
servers and access it from the Postfix server directly? Currently the Postfixes
can only reach the directors, not the backend servers.
Is it possible to use the quota-status service on the director?
Thanks for any hints and help
Michael
quota-status service rejecting plus addressed recipients
Hi,
I have "recipient_delimiter = +" set in my Dovecot config, however the
Dovecot quota-status service is rejecting with "Unknown user" plus
addressed recipients.
Talking to the policy server we have...
# telnet localhost 12340
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> recipient=u...@example.com
>
> action=OK
>
> recipient=user+...@example.com
>
> action=REJECT Unknown user
>
I can mask the issue with "quota_status_nouser = DUNNO", but then over
quota messages are not rejected when plus addressed.
quota-status service config is...
service quota-status {
> executable = quota-status -p postfix
> inet_listener {
> address = localhost
> port = 12340
> # You can choose any port you want
> }
> client_limit = 1
> }
>
Regards,
Rob
RE: quota-status service
> > The way I understand it is, this Quota service was built specifically > for postfix. (I only have postfix, have not used any other MTA) > The "quota-status" executable is in you libexec directory. ( I compiled > my dovecot instance, hence is is not in "regular" directory) Thanks. I also responded to Aki, but to close the loop: evidently quota-status is newer than the version of dovecot on my Ubuntu 12.04 machine. So I'll need to upgrade. > The "quota_status_*" are responses to postifx. AFAIK, these are the only > 3 possible options. > > Please see ( > https://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ ) for > a detailed info on this > > When Postfix MTA is "inline" with the sender, and if you have correctly > configured the quota service, it will check if the recipient's mailbox > can accept mails. If the recipient is able to accept mail dovecot > responds with "DUNNO" (as configured in "quota_status_success" ) to let > postifx continue with its sender checks. if the recipient's mail box is > unable to accept mails, the dovecot responds with "552 5.2.2 Mailbox is > full" (as configured in "quota_status_overquota"), this will prevent > postfix from accepting mail and will respond with 552 status . All this > is documented in that blog. > Thanks. I saw the link to Hildebrandt's blog on the wiki. (BTW, his Postfix book is still great!) And I understood the example. But it didn't cover the answers to my questions. Aki covered most of them. Thanks again, Michael
RE: FW: quota-status service
> No. But someone knew what to answer to them, you keep spamming the mailing > list with repeated '???' instead of waiting, which *is* impolite. Someone > WILL answer you when they have time to study your question and prepare an > answer. As I said, if you think you should be entitled to timely > responses, please consider purchasing a support agreement, so you can have > an SLA. Support provided over mailing list is pro bono publico and no one > gets paid doing it for you. Understood. And I don't think I'm "entitled" to anything. The list is free. But it may be helpful to understand this: I figured that most people would want to use the quota-status service. Therefore, most people must know something about it. But there was no response at all, not even "I can help but it will take a couple of days", even though there was lots of other activity on the list. So I did what is commonplace on some other lists by bumping it up to the top again. No disrespect intended. Every list has its own "personality". I'll learn. > 1. Quota status comes with dovecot-core, on my server (debian) it is in > > ~$ ls -lah /usr/lib/dovecot/quota-status > -rwxr-xr-x 1 root root 84K May 27 12:35 /usr/lib/dovecot/quota-status > > Did you look there? Yes. I actually looked everywhere with find / ... This machine is running Ubuntu 12.04, dovecot --version = 2.0.19 So, I just tried installing on another machine running Ubuntu 14.04, dovecot --version = 2.2.9. It **is** there on that machine. So, evidently, quota-status is not part of the older version. I guess I'll need to upgrade since I prefer not to compile from source. > You also are going to need ... > [answers clipped] Thank you. All EXCELLENT information. quota_status_toolarge wasn't mentioned on the wiki. I presume that refers to the individual message size being too large, correct? Thanks again, this is what I needed. Michael
Re: quota-status service
Michael,
See my responses inline
On 07/02/2016 06:25 AM, Michael Fox wrote:
???
From: Michael Fox [mailto:n...@mefox.org]
Sent: Thursday, June 30, 2016 1:59 PM
To: Dovecot Mailing List (dovecot@dovecot.org)
Subject: quota-status service
I'm trying to understand the quota-status service, but I can't find complete
documentation.
The quota-status service is mentioned here: http://wiki.dovecot.org/Quota
And an example configuration is shown:
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}
This is how I have configured it.
But I can't find any information on quota-status.
"man quota-status" returns nothing.
I am unable to find a "quota-status" file on my machine. Where is the
executable located?
What does the "-p postfix" option do?
Are there any other command line options?
The above wiki page shows three quota_status_* options in use:
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
The way I understand it is, this Quota service was built specifically
for postfix. (I only have postfix, have not used any other MTA)
The "quota-status" executable is in you libexec directory. ( I compiled
my dovecot instance, hence is is not in "regular" directory)
The "quota_status_*" are responses to postifx. AFAIK, these are the only
3 possible options.
Please see (
https://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ ) for
a detailed info on this
When Postfix MTA is "inline" with the sender, and if you have correctly
configured the quota service, it will check if the recipient's mailbox
can accept mails. If the recipient is able to accept mail dovecot
responds with "DUNNO" (as configured in "quota_status_success" ) to let
postifx continue with its sender checks. if the recipient's mail box is
unable to accept mails, the dovecot responds with "552 5.2.2 Mailbox is
full" (as configured in "quota_status_overquota"), this will prevent
postfix from accepting mail and will respond with 552 status . All this
is documented in that blog.
Please also see: http://www.postfix.org/SMTPD_ACCESS_README.html
Where are their meanings documented?
What are the allowed values?
Are there other quota_status_* options?
Thanks in advance.
Thanks,
Michael
Hope this was helpful
-Thanks
Vijay
RE: FW: quota-status service
> On July 3, 2016 at 6:41 PM Michael Fox wrote: > > > Aki: Over the last three days, I've watched many other questions being asked > and answered. Were they also impolite to ask? > No. But someone knew what to answer to them, you keep spamming the mailing list with repeated '???' instead of waiting, which *is* impolite. Someone WILL answer you when they have time to study your question and prepare an answer. As I said, if you think you should be entitled to timely responses, please consider purchasing a support agreement, so you can have an SLA. Support provided over mailing list is pro bono publico and no one gets paid doing it for you. Anyways, here are *some* answers to your questions: 1. Quota status comes with dovecot-core, on my server (debian) it is in ~$ ls -lah /usr/lib/dovecot/quota-status -rwxr-xr-x 1 root root 84K May 27 12:35 /usr/lib/dovecot/quota-status Did you look there? You also are going to need to use 'mail_plugins = $mail_plugins quota'. See quota configuration in dovecot wiki. (http://wiki2.dovecot.org/Quota) 2. It has no man page because it is not intended to be ran at command line, but -p means protocol. It should match your MTA/MX. Such as postfix, which at the moment is the only supported one. 3. Port you can choose freely, it is used by postfix to check the delivery possiblity before actually doing it. This is the statement in smtpd_recipient_restrictions, check_policy_service inet:mailstore.example.com:12340 replace mailstore.example.com with localhost or your dovecot hostname. And port with what you choose. 4. The various responses are what your MTA/MX expects. Looking at postfix manual (http://www.postfix.org/SMTPD_POLICY_README.html#protocol) you can see that "The "DUNNO" action causes Postfix to ignore the result." You can look at the postfix manual for various acceptable answers, but the one indicated in the configuration example probably works best. 5. quota_status_* quota_status_success, default response is OK quota_status_toolarge quota_status_overquota toolarge and overquota default to "554 5.2.2 ". quota_status_nouser, default response is "REJECT Unknown user" These are sent verbatim to your MTA/MX; refer to it's documentation for allowed responses. --- Aki Tuomi Dovecot oy
RE: FW: quota-status service
Aki: Over the last three days, I've watched many other questions being asked and answered. Were they also impolite to ask? Peter: What exactly was impolite about identifying missing information and listing the specific details that I'm looking for? Aki & Peter: Do either of you know the answers to at least some of my questions? Michael > -Original Message- > From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Peter > Chiochetti > Sent: Sunday, July 3, 2016 2:07 AM > To: dovecot@dovecot.org > Subject: Re: FW: quota-status service > > Am 2016-07-03 um 10:43 schrieb Aki Tuomi: > > If you need fast and timely support you can contact OX sales for an > support agreement . It is somewhat impolite to except such from a public > mailing list over weekend. > > Nah, expecting such can be unreasonable, > Impolite though the manner of expression >
Re: FW: quota-status service
Am 2016-07-03 um 10:43 schrieb Aki Tuomi: If you need fast and timely support you can contact OX sales for an support agreement . It is somewhat impolite to except such from a public mailing list over weekend. Nah, expecting such can be unreasonable, Impolite though the manner of expression ---Aki TuomiDovecot oy Original message From: Michael Fox Date: 03/07/2016 09:00 (GMT+02:00) To: Dovecot Mailing List Subject: FW: quota-status service ??? 3rd request -Original Message- From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Michael Fox Sent: Friday, July 1, 2016 5:56 PM To: Dovecot Mailing List Subject: RE: quota-status service ??? From: Michael Fox [mailto:n...@mefox.org] Sent: Thursday, June 30, 2016 1:59 PM To: Dovecot Mailing List (dovecot@dovecot.org) Subject: quota-status service -- peter
Re: FW: quota-status service
If you need fast and timely support you can contact OX sales for an support
agreement . It is somewhat impolite to except such from a public mailing list
over weekend.
---Aki TuomiDovecot oy
Original message From: Michael Fox Date:
03/07/2016 09:00 (GMT+02:00) To: Dovecot Mailing List
Subject: FW: quota-status service
??? 3rd request
-Original Message-
From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Michael Fox
Sent: Friday, July 1, 2016 5:56 PM
To: Dovecot Mailing List
Subject: RE: quota-status service
???
From: Michael Fox [mailto:n...@mefox.org]
Sent: Thursday, June 30, 2016 1:59 PM
To: Dovecot Mailing List (dovecot@dovecot.org)
Subject: quota-status service
I'm trying to understand the quota-status service, but I can't find complete
documentation.
The quota-status service is mentioned here: http://wiki.dovecot.org/Quota
And an example configuration is shown:
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}
But I can't find any information on quota-status.
"man quota-status" returns nothing.
I am unable to find a "quota-status" file on my machine. Where is the
executable located?
What does the "-p postfix" option do?
Are there any other command line options?
The above wiki page shows three quota_status_* options in use:
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
Where are their meanings documented?
What are the allowed values?
Are there other quota_status_* options?
Thanks in advance.
Thanks,
Michael
FW: quota-status service
??? 3rd request
-Original Message-
From: dovecot [mailto:dovecot-boun...@dovecot.org] On Behalf Of Michael Fox
Sent: Friday, July 1, 2016 5:56 PM
To: Dovecot Mailing List
Subject: RE: quota-status service
???
From: Michael Fox [mailto:n...@mefox.org]
Sent: Thursday, June 30, 2016 1:59 PM
To: Dovecot Mailing List (dovecot@dovecot.org)
Subject: quota-status service
I'm trying to understand the quota-status service, but I can't find complete
documentation.
The quota-status service is mentioned here: http://wiki.dovecot.org/Quota
And an example configuration is shown:
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}
But I can't find any information on quota-status.
"man quota-status" returns nothing.
I am unable to find a "quota-status" file on my machine. Where is the
executable located?
What does the "-p postfix" option do?
Are there any other command line options?
The above wiki page shows three quota_status_* options in use:
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
Where are their meanings documented?
What are the allowed values?
Are there other quota_status_* options?
Thanks in advance.
Thanks,
Michael
RE: quota-status service
???
From: Michael Fox [mailto:n...@mefox.org]
Sent: Thursday, June 30, 2016 1:59 PM
To: Dovecot Mailing List (dovecot@dovecot.org)
Subject: quota-status service
I'm trying to understand the quota-status service, but I can't find complete
documentation.
The quota-status service is mentioned here: http://wiki.dovecot.org/Quota
And an example configuration is shown:
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}
But I can't find any information on quota-status.
"man quota-status" returns nothing.
I am unable to find a "quota-status" file on my machine. Where is the
executable located?
What does the "-p postfix" option do?
Are there any other command line options?
The above wiki page shows three quota_status_* options in use:
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
Where are their meanings documented?
What are the allowed values?
Are there other quota_status_* options?
Thanks in advance.
Thanks,
Michael
quota-status service
I'm trying to understand the quota-status service, but I can't find complete
documentation.
The quota-status service is mentioned here: http://wiki.dovecot.org/Quota
And an example configuration is shown:
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}
But I can't find any information on quota-status.
"man quota-status" returns nothing.
I am unable to find a "quota-status" file on my machine. Where is the
executable located?
What does the "-p postfix" option do?
Are there any other command line options?
The above wiki page shows three quota_status_* options in use:
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
Where are their meanings documented?
What are the allowed values?
Are there other quota_status_* options?
Thanks in advance.
Thanks,
Michael
Quota-status service on Director
Hello,
I'm trying to configure the quota-status service, but it seems I'm not
successful with my director setup (2.2.9). I activate the quota-status service
like this on my director server:
$ cat 91-quota-status.conf
##
## Quota-Status configuration.
##
# Load Module quota-status and listen on TCP/IP Port for connections.
service quota-status {
executable = quota-status -p postfix
inet_listener {
address = 10.0.1.44
port = 12340
}
client_limit = 1
}
# Plugin configuration.
# Return messages for requests by quota status: success, nouser and overquota.
plugin {
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is over quota"
}
After restarting the director service I try to query the quota status service:
printf "recipient=u...@domain.de\nsize=10\n\n" | nc 10.0.1.44 12340
The output is:
action=DEFER_IF_PERMIT Invalid user settings. Refer to server log for more
information.
In the debug log of the director I see this:
Feb 23 03:03:09 director01 dovecot: auth: Debug: userdb out: USER 1
u...@domain.de mail=mdbox:/mnt/data01/domain.de/user/maildir
home=/mnt/data01/domain.de/user proxy=Y master=
pass= uid=5000gid=1 quota_rule=*:storage=60593
quota_rule2=*:messages=10
Feb 23 03:03:09 director01 dovecot: quota-status(u...@domain.de): Error: user
u...@domain.de: Initialization failed: Namespace '':
mkdir(/mnt/data01/domain.de/user/maildir/mailboxes) failed: Permission denied
(euid=5000(vmail) egid=1(daemon) missing +w perm: /mnt, dir owned by 0:0
mode=0755)
So the quota status service tries to access the mailbox of the user ON THE
DIRECTOR. But the director has not mounted the mailboxes of the users, that's
what the backend dovecots are for (proxy=Y). So the quota-status query is not
proxied to the dovecot backend server I would assume.
Does that mean I have to start the quota-status service on the dovecot backend
servers and access it from the Postfix server directly? Currently the Postfixes
can only reach the directors, not the backend servers.
Is it possible to use the quota-status service on the director?
Thanks for any hints and help
Michael
Re: [Dovecot] Postfix aliases with quota-status service
On 7.8.2013, at 9.29, Ulrich Zehl wrote: > On Tue, Aug 06, 2013 at 09:20:13PM +0200, Thomas Leuxner wrote: >> Now everything in between seems to create SMTPD rejections in some cases >> _or_ queue the mail and let it hit the quota in other cases. That's my >> whole point... > > I'm sorry, I don't get your point. > > Are you saying that quota-status does not eliminate all over-quota bounces? > > That's to be expected. quota-status does not reserve quota when questioned, > it only tells Postfix whether enough space is currently free or not. This > is not free of race conditions, and therefore cannot eliminate all late > bounces, even when quota-status has all the information, including size. I think it would work also to do the check in SMTP RCPT TO stage and do quota bouncing only there. In LMTP/LDA stage use infinite quota to avoid bouncing. Yeah, user might get a little bit over quota (even over quota_grace) but not by much.
Re: [Dovecot] Postfix aliases with quota-status service
* Ulrich Zehl 2013.08.07 08:29: > Are you saying that rejects depend on SIZE= being sent during the RCPT TO > stage (i.e., messages that announce their size correctly are rejected > during the SMTP transaction, while those without size inidcation are > passed)? Yes. signature.asc Description: Digital signature
Re: [Dovecot] Postfix aliases with quota-status service
On Tue, Aug 06, 2013 at 09:20:13PM +0200, Thomas Leuxner wrote: > Now everything in between seems to create SMTPD rejections in some cases > _or_ queue the mail and let it hit the quota in other cases. That's my > whole point... I'm sorry, I don't get your point. Are you saying that quota-status does not eliminate all over-quota bounces? That's to be expected. quota-status does not reserve quota when questioned, it only tells Postfix whether enough space is currently free or not. This is not free of race conditions, and therefore cannot eliminate all late bounces, even when quota-status has all the information, including size. For example, if a mailbox has 3000 bytes of free space, and two 2000 byte messages arrive close enough together so that the first one has not been delivered by the time the second one sends "RCPT TO ... SIZE=...", quota-status will allow both messages, even though the second one will be rejected when Postfix actually tries local delivery (LTMP/LDA). Are you saying that rejects depend on SIZE= being sent during the RCPT TO stage (i.e., messages that announce their size correctly are rejected during the SMTP transaction, while those without size inidcation are passed)? If so, follow Rob's suggestion, and run quota-status (again) as part of smtpd_end_of_data_restrictions. By then, Postfix will know the size of a message and pass it to quota-status. (This only works for single-recipient messages; multi-recipient messages will always pass at this stage, because Postfix' policy protocol will not send "recipient=..." in this case, and thus quota-status replies with "DUNNO". In my environment, most messages are single-recipient, so it works well enough for me.) Are you saying something else that I missed? Please tell me, because I'd like to understand your point.
Re: [Dovecot] Postfix aliases with quota-status service
Thomas Leuxner skrev den 2013-08-06 18:25: * Timo Sirainen 2013.08.06 18:15: Now the real problem along the road is the submitting server. If that server does not indicate the message size during handshake the pre-queue rejection simply can not work. quota_grace was meant to solve that. You'll allow the user to become a bit over quota. What I meant is before the mail enters the Postfix queues. If the SIZE extension is not used during MAIL FROM by the remote server, then there's no way to reject an over-quota mail upfront, losing the benefit of the policy service. dovecot dict sql qouta, then in postfix smtpd_end_of_data_restricttions check sql qoutas in policy deamons or just simple sql qoury will not solve it ?, correct if sender need to send data first to get sizes it begins to be impraktical since if there is just 1 byte free last sender can still send more then 1 byte, but next sender cant
Re: [Dovecot] Postfix aliases with quota-status service
* /dev/rob0 2013.08.06 20:49: > Personally, I'd much rather allow the last overquota mail, even in > cases where the user goes far over the quota. Apparently Thomas > intends to have a solid, inflexible quota. The point I'm trying to make is mail being queued by Postfix because it has no means to validate the mail would take the user over quota. In the scenarios I tested with SIZE being part of MAIL FROM the mail gets rejected at SMTPD stage, while without SIZE supplied it will get queued and eventually be rejected by the MDA. AFAIK the whole endeavour was undertaken to avoid queue injection of mails knowing they would bounce. This seems to work when the SMTPD receives enough detail. As to Timo's example: This also seems to work given the quota is *over* the limit incl. grace: $ doveadm quota get -u ph...@trashheap.net Quota name TypeValue Limit % user STORAGE 10914 10240 106 user MESSAGE 5 - 0 Aug 6 20:56:31 spectre postfix/smtpd[27201]: connect from mail-oa0-f44.google.com[209.85.219.44] Aug 6 20:56:32 spectre postfix/smtpd[27201]: Anonymous TLS connection established from mail-oa0-f44.google.com[209.85.219.44]: TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits) Aug 6 20:56:32 spectre postfix/smtpd[27201]: NOQUEUE: reject: RCPT from mail-oa0-f44.google.com[209.85.219.44]: 554 5.2.2 : Recipient address rejected: Quota exceeded (mailbox for user is full); from= to= proto=ESMTP helo= Now everything in between seems to create SMTPD rejections in some cases _or_ queue the mail and let it hit the quota in other cases. That's my whole point... signature.asc Description: Digital signature
Re: [Dovecot] Postfix aliases with quota-status service
On 2013-08-06 2:49 PM, /dev/rob0 wrote: Another way, in Postfix, is to wait for end-of-DATA. Regardless of SIZE being given, at that point, the actual size is known. Of course as Thomas would probably point out, such a rejection is unsafe, because ANY overquota recipient would cause rejection for EVERY recipient; SMTP cannot have per-recipient results except at "RCPT TO:". But LMTP can... right? Personally, I'd much rather allow the last overquota mail, even in cases where the user goes far over the quota. I agree - but it could never go over more than the max mail size allowed so that shouldn't be a problem - unless you don't set a max mail size, in which case you're nuts... :)
Re: [Dovecot] Postfix aliases with quota-status service
Am 06.08.2013 20:27, schrieb Timo Sirainen: > On 6.8.2013, at 20.57, Thomas Leuxner wrote: > >> * Timo Sirainen 2013.08.06 19:42: >> >>> The idea behind quota_grace is that the last mail would be allowed to take >>> the user somewhat over quota (e.g. up to 109% quota usage). On the next >>> mail delivery user is already over quota, so the size of the mail is >>> irrelevant because a mail of any size will be rejected. The initial >>> quota-status implementation didn't even support SIZE extension since I >>> didn't remember it existed. >> >> I'm referring to the Postfix side _only_ or the initial SMTP Handshake if >> you like. My point is that there is no safe way to reject mails at this >> level *if* the remote server doesn't play nice. I think this was the whole >> point of writing a policy service for Postfix. I'm not *talking* about >> quotas that will be handled by the delivery agents... > > Either you're still misunderstanding me, or vice versa. The quota rejections > can be done complete in SMTP side even without SIZE: > > 1) quota at 99% : > > MAIL FROM: > 250 2.1.0 Ok > RCPT TO: > 250 2.1.0 Ok > DATA > ... > . > 250 2.0.0 Ok: queued as 12345 > > 2) quota is now at 103% : > > MAIL FROM: > 250 2.1.0 Ok > RCPT TO: > 554 5.2.2 User is over quota > Thomas is right in general, thats a general problem with mail quota, that was the reason why there wasnt some good solution out for long times, but the dove policy server does i.e reject mail in smtp session if its allready "assured" that the mailbox is definite ... percent over quota ( configurable by grace parameter ), at that point it does not mater which size the incomming mail has, it will be i.e rejected anyway also it honors ( some kind overides ) other quota setting in i.e lmtp or lda, cause if it wouldnt, a mailbox would never become overquota by rejecting mail before by lmtp/lda settings Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: [Dovecot] Postfix aliases with quota-status service
On Tue, Aug 06, 2013 at 09:27:20PM +0300, Timo Sirainen wrote: > On 6.8.2013, at 20.57, Thomas Leuxner wrote: > > * Timo Sirainen 2013.08.06 19:42: > > > >> The idea behind quota_grace is that the last mail would be > >> allowed to take the user somewhat over quota (e.g. up to 109% > >> quota usage). On the next mail delivery user is already over > >> quota, so the size of the mail is irrelevant because a mail > >> of any size will be rejected. The initial quota-status > >> implementation didn't even support SIZE extension since I > >> didn't remember it existed. > > > > I'm referring to the Postfix side _only_ or the initial SMTP > > Handshake if you like. My point is that there is no safe way > > to reject mails at this level *if* the remote server doesn't > > play nice. I think this was the whole point of writing a > > policy service for Postfix. I'm not *talking* about quotas > > that will be handled by the delivery agents... > > Either you're still misunderstanding me, or vice versa. The quota > rejections can be done complete in SMTP side even without SIZE: Another way, in Postfix, is to wait for end-of-DATA. Regardless of SIZE being given, at that point, the actual size is known. Of course as Thomas would probably point out, such a rejection is unsafe, because ANY overquota recipient would cause rejection for EVERY recipient; SMTP cannot have per-recipient results except at "RCPT TO:". Personally, I'd much rather allow the last overquota mail, even in cases where the user goes far over the quota. Apparently Thomas intends to have a solid, inflexible quota. In that case I'd suggest going for a lower quota and adding quota_grace. Let quota_grace plus quota be the most you can tolerate in your users' mailboxes. > 1) quota at 99% : > > MAIL FROM: > 250 2.1.0 Ok > RCPT TO: > 250 2.1.0 Ok > DATA > ... > . > 250 2.0.0 Ok: queued as 12345 > > 2) quota is now at 103% : > > MAIL FROM: > 250 2.1.0 Ok > RCPT TO: > 554 5.2.2 User is over quota > -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Re: [Dovecot] Postfix aliases with quota-status service
On 6.8.2013, at 20.57, Thomas Leuxner wrote: > * Timo Sirainen 2013.08.06 19:42: > >> The idea behind quota_grace is that the last mail would be allowed to take >> the user somewhat over quota (e.g. up to 109% quota usage). On the next mail >> delivery user is already over quota, so the size of the mail is irrelevant >> because a mail of any size will be rejected. The initial quota-status >> implementation didn't even support SIZE extension since I didn't remember it >> existed. > > I'm referring to the Postfix side _only_ or the initial SMTP Handshake if you > like. My point is that there is no safe way to reject mails at this level > *if* the remote server doesn't play nice. I think this was the whole point of > writing a policy service for Postfix. I'm not *talking* about quotas that > will be handled by the delivery agents... Either you're still misunderstanding me, or vice versa. The quota rejections can be done complete in SMTP side even without SIZE: 1) quota at 99% : MAIL FROM: 250 2.1.0 Ok RCPT TO: 250 2.1.0 Ok DATA ... . 250 2.0.0 Ok: queued as 12345 2) quota is now at 103% : MAIL FROM: 250 2.1.0 Ok RCPT TO: 554 5.2.2 User is over quota
Re: [Dovecot] Postfix aliases with quota-status service
* Timo Sirainen 2013.08.06 19:42: > The idea behind quota_grace is that the last mail would be allowed to take > the user somewhat over quota (e.g. up to 109% quota usage). On the next mail > delivery user is already over quota, so the size of the mail is irrelevant > because a mail of any size will be rejected. The initial quota-status > implementation didn't even support SIZE extension since I didn't remember it > existed. I'm referring to the Postfix side _only_ or the initial SMTP Handshake if you like. My point is that there is no safe way to reject mails at this level *if* the remote server doesn't play nice. I think this was the whole point of writing a policy service for Postfix. I'm not *talking* about quotas that will be handled by the delivery agents... signature.asc Description: Digital signature
Re: [Dovecot] Postfix aliases with quota-status service
On 6.8.2013, at 19.25, Thomas Leuxner wrote: > * Timo Sirainen 2013.08.06 18:15: > >>> Now the real problem along the road is the submitting server. If that >>> server does not indicate the message size during handshake the pre-queue >>> rejection simply can not work. >> >> quota_grace was meant to solve that. You'll allow the user to become a bit >> over quota. > > What I meant is before the mail enters the Postfix queues. If the SIZE > extension is not used during MAIL FROM by the remote server, then there's no > way to reject an over-quota mail upfront, losing the benefit of the policy > service. The idea behind quota_grace is that the last mail would be allowed to take the user somewhat over quota (e.g. up to 109% quota usage). On the next mail delivery user is already over quota, so the size of the mail is irrelevant because a mail of any size will be rejected. The initial quota-status implementation didn't even support SIZE extension since I didn't remember it existed.
Re: [Dovecot] Postfix aliases with quota-status service
* Timo Sirainen 2013.08.06 18:15: > > Now the real problem along the road is the submitting server. If that > > server does not indicate the message size during handshake the pre-queue > > rejection simply can not work. > > quota_grace was meant to solve that. You'll allow the user to become a bit > over quota. What I meant is before the mail enters the Postfix queues. If the SIZE extension is not used during MAIL FROM by the remote server, then there's no way to reject an over-quota mail upfront, losing the benefit of the policy service. signature.asc Description: Digital signature
Re: [Dovecot] Postfix aliases with quota-status service
On 6.8.2013, at 18.49, Thomas Leuxner wrote: > Now the real problem along the road is the submitting server. If that server > does not indicate the message size during handshake the pre-queue rejection > simply can not work. quota_grace was meant to solve that. You'll allow the user to become a bit over quota.
Re: [Dovecot] Postfix aliases with quota-status service
* Ulrich Zehl 2013.08.01 16:39: > If you store your mailbox and alias information in the same data source > (LDAP, SQL, ...), you should be able to do the same. Thanks. I did address this using a restriction class which works fine for my scenario and allows selective quota checking. /etc/postfix/main.cf: smtpd_restriction_classes = quota_users quota_users = check_policy_service unix:private/quota-status smtpd_recipient_restrictions = ... reject_unverified_recipient, check_recipient_access hash:/etc/postfix/quota_users /etc/postfix/quota_users: some...@example.com quota_users ... Now the real problem along the road is the submitting server. If that server does not indicate the message size during handshake the pre-queue rejection simply can not work. MAIL FROM: SIZE=2924764 Google for instance is not doing this... Thomas signature.asc Description: Digital signature
Re: [Dovecot] Postfix aliases with quota-status service
On Tue, Jul 30, 2013 at 03:20:47PM +0200, Thomas Leuxner wrote: > This is probably intended behaviour, just want to make sure that I'm not > missing a point here. For now the only fix that comes to my mind to create > "quota aware" aliases - is creating 'dummy' users in Dovecot which point to > the same mailbox rather than performing aliasing on the Postfix end. Open > to suggestions... It depends on your user and/or alias database (i.e. how and where they're stored). I use LDAP, and configured Dovecot's userdb lookup to handle both "main" and "alias" addresses, like so: user_filter = (|(mail=%u)(mailAlternateAddress=%u)) (As far as Dovecot is concerned, there's actually no difference between "main" and "alias".) If you store your mailbox and alias information in the same data source (LDAP, SQL, ...), you should be able to do the same.
[Dovecot] Postfix aliases with quota-status service
The latest HG commits seem to have fixed some underlying problems with the 'quota-status' service. Now doing some quick tests I wonder if this can be used with aliases on the Postfix side. Appears the 'check_policy_service' used in the example below will query existing users via Dovecot's Auth Backend: http://sys4.de/en/blog/2013/04/05/dovecot-quota-mit-postfix-abfragen/ http://www.postfix.org/SMTPD_POLICY_README.html This works fine for Dovecot user 'philo' where the mail is rejected upfront before it enters the queue: ==> /var/log/mail.log <== Jul 30 13:41:18 spectre postfix/smtpd[31072]: NOQUEUE: reject: RCPT from host.example.com[1.2.3.4]: 554 5.2.2 : Recipient address rejected: Quota exceeded (mailbox for use r is full); from= to= proto=ESMTP helo= Now user 'gunge' is an alias for 'philo' in Postfix, thus the quota check will not recognize the user, will queue the message and reject it at the MDA stage: ==> /var/log/mail.log <== Jul 30 14:41:02 spectre postfix/lmtp[31460]: 3c4HSD5ZkBzBP: to=, orig_to=, relay=spectre.leuxner.net[private/dovecot-lmtp], delay=1.2, delays=1.1/0.01/0/0.13, dsn=4.2.2, status=deferred (host spectre.leuxner.net[private/dovecot-lmtp] said: 452 4.2.2 Quota exceeded (mailbox for user is full) (in reply to end of DATA command)) This is probably intended behaviour, just want to make sure that I'm not missing a point here. For now the only fix that comes to my mind to create "quota aware" aliases - is creating 'dummy' users in Dovecot which point to the same mailbox rather than performing aliasing on the Postfix end. Open to suggestions... Regards Thomas signature.asc Description: Digital signature
