implement dovecot quota-status policy daemon
Dovecot v2.x includes the quota-status
policy daemon which should be used to check user quota in smtp, rather than generating bounces later.
Implementation is straightforward. There should be a test for dovecot v2 and not run this for v1. The policy daemon will need a tcp port, maybe 10060. Enable quota-status in dovecot config (currently all config in /etc/dovecot/dovecot.conf):
service quota-status {
executable = quota-status -p postfix
inet_listener {
address = 127.0.0.1
port = 10060
}
client_limit = 1
}
plugin {
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
# add 'quota' to global mail_plugins
mail_plugins = $mail_plugins quota
Then need to check that policy daemon both in smtpd_recipient_restrictions
and smtpd_end_of_data_restrictions
, so main.cf
looks similar to:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, {reject_rbl_client various rbls ...}, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service inet:127.0.0.1:10060
# dovecot quota check on 10060
#
# note: also checked in smtpd_recipient_restrictions,
# because sometimes you know the message size then (which saves bandwidth if rejecting),
# sometimes you don't until after end of DATA. also the smtpd_recipient_restrictions
# one is skipped for mynetworks, this catches those, too.
#
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10060
Then just clear smtpd_end_of_data_restrictions
in master.cf
everywhere smtpd_recipient_restrictions
is overridden (port 10025 and 10027):
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
127.0.0.1:10027 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtp_send_xforward_command=yes
-o milter_default_action=accept
-o milter_macro_daemon_name=ORIGINATING
-o disable_dns_lookups=yes
And lastly, add a disablequota-status
the to mail_user
table, as all defined dovecot services must have since iterate_query uses disable%L%s
(see #3548 (closed)):
alter table mail_user add `disablequota-status` enum('n','y') default 'n';