implement dovecot quota-status policy daemon (#4649) · Issues · ISPConfig / ISPConfig 3

implement dovecot quota-status policy daemon

Dovecot v2.x includes the quota-status policy daemon which should be used to check user quota in smtp, rather than generating bounces later.

Implementation is straightforward. There should be a test for dovecot v2 and not run this for v1. The policy daemon will need a tcp port, maybe 10060. Enable quota-status in dovecot config (currently all config in /etc/dovecot/dovecot.conf):

service quota-status {
  executable = quota-status -p postfix
  inet_listener {
    address = 127.0.0.1
    port = 10060
  }
  client_limit = 1
}
plugin {
  quota_status_success = DUNNO
  quota_status_nouser = DUNNO
  quota_status_overquota = "552 5.2.2 Mailbox is full"
}
# add 'quota' to global mail_plugins
mail_plugins = $mail_plugins quota

Then need to check that policy daemon both in smtpd_recipient_restrictions and smtpd_end_of_data_restrictions, so main.cf looks similar to:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, {reject_rbl_client various rbls ...}, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service inet:127.0.0.1:10060

# dovecot quota check on 10060
#
# note: also checked in smtpd_recipient_restrictions,
# because sometimes you know the message size then (which saves bandwidth if rejecting),
# sometimes you don't until after end of DATA.  also the smtpd_recipient_restrictions
# one is skipped for mynetworks, this catches those, too.
#
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060

Then just clear smtpd_end_of_data_restrictions in master.cf everywhere smtpd_recipient_restrictions is overridden (port 10025 and 10027):

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

127.0.0.1:10027 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
        -o milter_default_action=accept
        -o milter_macro_daemon_name=ORIGINATING
        -o disable_dns_lookups=yes

And lastly, add a disablequota-status the to mail_user table, as all defined dovecot services must have since iterate_query uses disable%L%s (see #3548):

alter table mail_user add `disablequota-status` enum('n','y') default 'n';

Dovecot v2.x includes the `quota-status` policy daemon which should be used to check user quota in smtp, rather than generating bounces later.

Implementation is straightforward.  There should be a test for dovecot v2 and not run this for v1.  The policy daemon will need a tcp port, maybe 10060.  Enable quota-status in dovecot config (currently all config in /etc/dovecot/dovecot.conf):

```
service quota-status {
  executable = quota-status -p postfix
  inet_listener {
    address = 127.0.0.1
    port = 10060
  }
  client_limit = 1
}
plugin {
  quota_status_success = DUNNO
  quota_status_nouser = DUNNO
  quota_status_overquota = "552 5.2.2 Mailbox is full"
}
# add 'quota' to global mail_plugins
mail_plugins = $mail_plugins quota
```

Then need to check that policy daemon both in `smtpd_recipient_restrictions` and `smtpd_end_of_data_restrictions`, so `main.cf` looks similar to:

```
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, {reject_rbl_client various rbls ...}, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service inet:127.0.0.1:10060

# dovecot quota check on 10060
#
# note: also checked in smtpd_recipient_restrictions,
# because sometimes you know the message size then (which saves bandwidth if rejecting),
# sometimes you don't until after end of DATA.  also the smtpd_recipient_restrictions
# one is skipped for mynetworks, this catches those, too.
#
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060

```

Then just clear `smtpd_end_of_data_restrictions` in `master.cf` everywhere `smtpd_recipient_restrictions` is overridden (port 10025 and 10027):

```
127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

127.0.0.1:10027 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtp_send_xforward_command=yes
        -o milter_default_action=accept
        -o milter_macro_daemon_name=ORIGINATING
        -o disable_dns_lookups=yes
```

And lastly, add a `disablequota-status` the to `mail_user` table, as all defined dovecot services must have since iterate_query uses `disable%L%s` (see https://git.ispconfig.org/ispconfig/ispconfig3/issues/3548):
```
alter table mail_user add `disablequota-status` enum('n','y') default 'n';
```

Discussion
Designs

The one place for your designs

To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.