Skip to content

GitLab

Closed
Created by Jesse Norell@jnorellDeveloper

implement dovecot quota-status policy daemon

Dovecot v2.x includes the quota-status policy daemon which should be used to check user quota in smtp, rather than generating bounces later.

Implementation is straightforward. There should be a test for dovecot v2 and not run this for v1. The policy daemon will need a tcp port, maybe 10060. Enable quota-status in dovecot config (currently all config in /etc/dovecot/dovecot.conf):

service quota-status {
  executable = quota-status -p postfix
  inet_listener {
    address = 127.0.0.1
    port = 10060
  }
  client_limit = 1
}
plugin {
  quota_status_success = DUNNO
  quota_status_nouser = DUNNO
  quota_status_overquota = "552 5.2.2 Mailbox is full"
}
# add 'quota' to global mail_plugins
mail_plugins = $mail_plugins quota

Then need to check that policy daemon both in smtpd_recipient_restrictions and smtpd_end_of_data_restrictions, so main.cf looks similar to:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, {reject_rbl_client various rbls ...}, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service inet:127.0.0.1:10060

# dovecot quota check on 10060
#
# note: also checked in smtpd_recipient_restrictions,
# because sometimes you know the message size then (which saves bandwidth if rejecting),
# sometimes you don't until after end of DATA.  also the smtpd_recipient_restrictions
# one is skipped for mynetworks, this catches those, too.
#
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060

Then just clear smtpd_end_of_data_restrictions in master.cf everywhere smtpd_recipient_restrictions is overridden (port 10025 and 10027):

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

127.0.0.1:10027 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
        -o milter_default_action=accept
        -o milter_macro_daemon_name=ORIGINATING
        -o disable_dns_lookups=yes

And lastly, add a disablequota-status the to mail_user table, as all defined dovecot services must have since iterate_query uses disable%L%s (see #3548 (closed)):

alter table mail_user add `disablequota-status` enum('n','y') default 'n';