Good morning list,
first of all: dovecot works really great, the performance is
overwhelming (especially compared to courier), the configuration
flexible as hell, it is good documented - I love this software.
But as things get complicated, I think I need some additional help.
I'm using dovecot to replace the currently used courier-mailserver in a
shared hosting environment based on the control panel Confixx.
Confixx uses per default filesystem-users, giving each mailuser a
filesystem-quota, mails are stored in ~/Maildir/. The imap-logins are
all in the form of "webxpy", being "webx" the customer (prefix 'web',
and a increasing number), and "py" the number of the pop account.
Because of the filesystem-quota we moved the indexes to another partition.
This basic setup with dovecot works great, with auth directly against
the confixx-database etc, imap_quota-plugin, quota-plugin working as
expected.
We now want to implement shared folders for each customer: all
mailaccounts of a customer should be able to subscribe to per-customer
shared folders in a specified maildir, thus I re-mapped the usernames
with a new user_query (and password_query) to the format of
"web...@webx" - being "webx" the virtual domain and "webxpy" the
mailaccount, but still using "webxpy" as the imap-login (no need for
customers to change the login).
This also works, we even can control with ACL-vfiles the permissions of
specified users, to enable or disable specific folders.
The shared folders are specified as a new public namespace and the
"domain" is part of the storage-path (see configuration at the end of
this mail).
To allow easier quota-management (no need to create a new system-user),
the quota of the shared folders is maildir-based, with a
mysql-quota-dictionary (later, all accounts will be migrated to a
virtual-user-mailstorage, with only maildir-quota and no fs-quotas).
But when things come to the shared quota, I currently don't know how to
solve the wishes of the customer:
The current solution for shared folders (at the customer's local site)
is based on mdaemon, every shared folder (of a customer, not a single
mail-account) has a quota assigned. This quota cannot be exceeded by the
users, no more mails can be saved into the shared folders if used space
exceeds the hard quota-value.
As my tests have shown, dovecot uses a different approach to the
quota-issue: users can always move their mails from local folders to the
shared namespace, regardless of the shared quota. The quota itself is
only checked when receiving new mails, where the combined quota (local +
shared) may not be exceeded. If it is, the mail is not delivered to the
mailbox.
Our quota-config is this:
quota_rule: *:storage=50M:messages=1000
quota_rule2: Trash:storage=50M:messages=100
quota_rule3: shared*:storage=100M:messages=1000
(also being altered by user_query, but the scheme is the same)
As of dovecot-wiki, this means:
Users can save "50M + 50M + 100M" of mails in all specified Folders, so
the storage-value for the "shared*"-folders works additionally to the
"*"-storage-value.
Different from this, we want the following to happen:
If the customer exceeds the shared folders-quota, his mail-users may not
move mails from INBOX to shared, this move-operation should fail with a
reasonable error-message.
If the local quota of a mail user is exceeded, new mails should be
rejected/delayed, regardless of the shared quota-value (e.g., shared
quota exceeded, but no local mails [new mail-account], mails should be
delivered to INBOX).
Sieve-filters are not a problem, we do not allow user-specific
sieve-rules (managesieve is disabled).
Hopefully, I could explain my issues to you.
Our current dovecot-configuration is attached to this mail, any help
would be gladly appreciated.
If additional configuration-values/information is needed, I'll happily
provide them, if possible.
best regards,
Anton Dollmaier
# 1.1.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-1-686 i686 Debian 5.0.1
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap imaps pop3s pop3
listen: *, [::]
ssl_cert_file: /etc/dovecot/dovecot.pem
ssl_key_file: /etc/dovecot/dovecot.pem
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
mail_max_userip_connections(default): 25
mail_max_userip_connections(imap): 25
mail_max_userip_connections(pop3): 10
first_valid_uid: 249
mail_access_groups: poponly
mail_privileged_group: poponly
mail_location: maildir:~/Maildir:INDEX=~/index:CONTROL=~/control
mail_debug: yes
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugins(default): quota imap_quota acl
mail_plugins(imap): quota imap_quota acl
mail_plugins(pop3): quota acl
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
imap_client_workarounds(default): netscape-eoh
imap_client_workarounds(imap): netscape-eoh
imap_client_workarounds(pop3):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
namespace:
type: private
separator: .
inbox: yes
list: yes
subscriptions: yes
namespace:
type: private
prefix: INBOX.
hidden: yes
subscriptions: yes
namespace:
type: public
separator: .
prefix: shared.
location: maildir:/var/mail/shared/%d/:INDEX=~/shared
list: yes
auth default:
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 432
user: vmail
group: vmail
plugin:
quota: dict:::proxy::quotadict
quota2: dict::%d:proxy::quota2dict
quota_rule: *:storage=50M:messages=1000
quota_rule2: Trash:storage=50M:messages=100
quota_rule3: shared*:storage=100M:messages=1000
acl: vfile
expire: Trash 7 Spam 30
expire_dict: proxy::expire
dict:
quotadict: mysql:/etc/dovecot/dovecot-dict-quota.conf
quota2dict: mysql:/etc/dovecot/dovecot-dict-quota2.conf
(the two quota-dicts could probably be merged into one)
/etc/dovecot/dovecot-sql.conf:
driver = mysql
connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd
default_pass_scheme = CRYPT
password_query = SELECT CONCAT(account, '@', kunde) as user, longpw as password
FROM pop3 WHERE (account='%u' and gesperrt='0'
user_query = SELECT CONCAT('/var/mail/vmail/', p.kunde, '/', p.account,'/') as
home, 249 as uid, 249 as gid, CONCAT('*:storage=', p.maxkbhard) AS quota_rule,
CONCAT('shared.*:storage=', k.shared_maxkb) as quota2_rule FROM pop3 AS p,
kunden AS k WHERE k.kunde = p.kunde AND CONCAT(p.account, '@', p.kunde) = '%u'
(quota-values in kilobytes)
/etc/dovecot/dovecot-dict-quota.conf:
connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd
table = dovecot_quota
select_field = current
where_field = path
username_field = username
/etc/dovecot/dovecot-dict-quota2.conf:
connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd
table = dovecot_quota_shared
select_field = current
where_field = path
username_field = username
(tables are exactly as specified in dovecot-wiki)
