Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
I
ISPConfig 3
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 482
    • Issues 482
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 23
    • Merge Requests 23
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • ISPConfig
  • ISPConfig 3
  • Issues
  • #4649

Closed
Open
Opened May 03, 2017 by Jesse Norell@jnorellDeveloper

implement dovecot quota-status policy daemon

Dovecot v2.x includes the quota-status policy daemon which should be used to check user quota in smtp, rather than generating bounces later.

Implementation is straightforward. There should be a test for dovecot v2 and not run this for v1. The policy daemon will need a tcp port, maybe 10060. Enable quota-status in dovecot config (currently all config in /etc/dovecot/dovecot.conf):

service quota-status {
  executable = quota-status -p postfix
  inet_listener {
    address = 127.0.0.1
    port = 10060
  }
  client_limit = 1
}
plugin {
  quota_status_success = DUNNO
  quota_status_nouser = DUNNO
  quota_status_overquota = "552 5.2.2 Mailbox is full"
}
# add 'quota' to global mail_plugins
mail_plugins = $mail_plugins quota

Then need to check that policy daemon both in smtpd_recipient_restrictions and smtpd_end_of_data_restrictions, so main.cf looks similar to:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, {reject_rbl_client various rbls ...}, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service inet:127.0.0.1:10060

# dovecot quota check on 10060
#
# note: also checked in smtpd_recipient_restrictions,
# because sometimes you know the message size then (which saves bandwidth if rejecting),
# sometimes you don't until after end of DATA.  also the smtpd_recipient_restrictions
# one is skipped for mynetworks, this catches those, too.
#
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060

Then just clear smtpd_end_of_data_restrictions in master.cf everywhere smtpd_recipient_restrictions is overridden (port 10025 and 10027):

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

127.0.0.1:10027 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
        -o milter_default_action=accept
        -o milter_macro_daemon_name=ORIGINATING
        -o disable_dns_lookups=yes

And lastly, add a disablequota-status the to mail_user table, as all defined dovecot services must have since iterate_query uses disable%L%s (see #3548 (closed)):

alter table mail_user add `disablequota-status` enum('n','y') default 'n';
Assignee
Assign to
3.2
Milestone
3.2
Assign milestone
Time tracking
None
Due date
None
Reference: ispconfig/ispconfig3#4649