Hi list,
I am attempting to get quota-status service working, so I can deny email
at the initial smtp dialog instead of generating bounces with lda.
I can't seem to get quota-status to return quota_status_overquota, even
when an email would put an account over quota.
Quota in general works fine:
Jan 22 06:39:23 mail dovecot: lda(x...@yy.dk):
msgid=<25c5bdb20d58fc4f649f716a94761...@zz.org>: save failed to INBOX:
Quota exceeded (mailbox for user is full)
Jan 22 06:39:23 mail dovecot: lda(x...@yy.dk):
msgid=<25c5bdb20d58fc4f649f716a94761...@zz.org>: rejected: Quota
exceeded (mailbox for user is full)
The system is a pretty standard debian 8 box running virtually on a
kvm/ovirt cluster:
root@mail:~# dpkg --list | grep dovec
ii dovecot-core 1:2.2.13-12~deb8u1 amd64
secure POP3/IMAP server - core files
ii dovecot-imapd 1:2.2.13-12~deb8u1 amd64
secure POP3/IMAP server - IMAP daemon
ii dovecot-lmtpd 1:2.2.13-12~deb8u1 amd64
secure POP3/IMAP server - LMTP server
ii dovecot-mysql 1:2.2.13-12~deb8u1 amd64
secure POP3/IMAP server - MySQL support
ii dovecot-pop3d 1:2.2.13-12~deb8u1 amd64
secure POP3/IMAP server - POP3 daemon
Mail storage is local XFS partitions as far as the dovecot server knows.
Behind the scene its actually raw disk images on NFS shares from a SAN
towards the kvm/ovirt cluster.
I test by using nc towards the quota-status instance:
root@mail:~# printf "recipient=kpt...@asom-net.dk\nsize=1000000000\n\n"
| nc -q1 localhost 12340
action=DUNNO
User has 500MB quota:
mysql> SELECT
CONCAT('/data/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1)))
AS home, 110 AS uid, 110 AS gid, CONCAT('*:storage=',mailquota,'M') AS
quota_rule FROM virtual_users WHERE email='kpt...@asom-net.dk';
+--------------------------------+-----+-----+----------------+
| home | uid | gid | quota_rule |
+--------------------------------+-----+-----+----------------+
| /data/vmail/asom-net.dk/kptest | 110 | 110 | *:storage=500M |
+--------------------------------+-----+-----+----------------+
1 row in set (0.00 sec)
maildirsize seems ok:
root@mail:~# cat /data/vmail/asom-net.dk/kptest/maildirsize
524288000S
685 1
690 1
Quota-status will return unknown user if that is the case:
root@mail:~# printf "recipient=kpte...@asom-net.dk\nsize=1000000000\n\n"
| nc -q1 localhost 12340
action=551 5.5.1 User not found
Log file (with mail_debug = yes):
Jan 12 16:52:21 mail dovecot: quota-status: Debug: auth input:
kpt...@asom-net.dk home=/data/vmail/asom-net.dk/kptest uid=110 gid=110
quota_rule=*:storage=500M
Jan 12 16:52:21 mail dovecot: quota-status: Debug: Added userdb setting:
plugin/quota_rule=*:storage=500M
Jan 12 16:52:21 mail dovecot: quota-status(kpt...@asom-net.dk): Debug:
Effective uid=110, gid=110, home=/data/vmail/asom-net.dk/kptest
Jan 12 16:52:21 mail dovecot: quota-status(kpt...@asom-net.dk): Debug:
Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no,
list=yes, subscriptions=yes location=maildir:/data/vmail/asom-net.dk/kptest/
Jan 12 16:52:21 mail dovecot: quota-status(kpt...@asom-net.dk): Debug:
maildir++: root=/data/vmail/asom-net.dk/kptest, index=, indexpvt=,
control=, inbox=/data/vmail/asom-net.dk/kptest, alt=
dovecot -n:
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 ext4
auth_default_realm = vejen-net.dk
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
first_valid_uid = 110
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_debug = yes
mail_location = maildir:/data/vmail/%d/%n/
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/local-sql.conf
driver = sql
}
plugin {
quota = maildir:User quota
quota_rule = *:storage=200M
quota_status_nouser = 551 5.5.1 User not found
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1024
process_limit = 256
process_min_avail = 8
service_count = 0
vsz_limit = 512 M
}
service imap {
process_limit = 10240
}
service pop3-login {
client_limit = 512
process_limit = 256
process_min_avail = 8
service_count = 0
vsz_limit = 512 M
}
service pop3 {
process_limit = 10240
}
service quota-status {
client_limit = 1
executable = /usr/lib/dovecot/quota-status -p postfix
inet_listener {
port = 12340
}
}
ssl_cert = </etc/letsencrypt/live/mail.asom-net.dk/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.asom-net.dk/privkey.pem
ssl_prefer_server_ciphers = yes
userdb {
args = /etc/dovecot/local-sql.conf
driver = sql
}
protocol lda {
auth_socket_path = /var/run/dovecot/auth-master
mail_plugins = quota
postmaster_address = postmas...@asom-net.dk
}
protocol imap {
mail_plugins = quota imap_quota
}
protocol pop3 {
mail_plugins = quota
pop3_uidl_format = %08Xu%08Xv
}
local-sql.conf:
driver = mysql
connect = host=xyz dbname=xyz user=xyz password=xyz
default_pass_scheme = CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE
email='%u';
user_query = SELECT
CONCAT('/data/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1)))
AS home, 110 AS uid, 110 AS gid, CONCAT('*:storage=',mailquota,'M') AS
quota_rule FROM virtual_users WHERE email='%u';
If I do a strace on the quota-status PID, it seems to do a stat on the
directory and then give up? Not sure Im interpreting it correct (only
including the last few lines):
...
lseek(14, 833, SEEK_SET) = 833
munmap(0x7f165d32a000, 833) = 0
close(14) = 0
geteuid() = 0
getegid() = 110
getgid() = 110
getegid() = 110
setgroups(1, [110]) = 0
setresuid(-1, 110, -1) = 0
prctl(PR_SET_DUMPABLE, 1) = 0
stat("/data/vmail/asom-net.dk/kptest", {st_mode=S_IFDIR|0700,
st_size=4096, ...}) = 0
prctl(PR_SET_DUMPABLE, 1) = 0
setsockopt(12, SOL_TCP, TCP_CORK, [1], 4) = 0
write(12, "action=DUNNO\n\n", 14) = 14
setsockopt(12, SOL_TCP, TCP_CORK, [0], 4) = 0
epoll_wait(11, {{EPOLLIN, {u32=1593554016, u64=139734059562080}}}, 5,
59999) = 1
read(12, "", 8146) = 0
epoll_ctl(11, EPOLL_CTL_DEL, 12, 7fff0be817a0) = 0
close(12) = 0
epoll_wait(11, {}, 5, 1000) = 0
write(5, "\35q\1\0007\10\0\0\1\0\0\0", 12) = 12
epoll_wait(11,
...
It seems like sort of permission issue?
root@mail:~# su - vmail
No directory, logging in with HOME=/
$ id -a
uid=110(vmail) gid=110(vmail) groups=110(vmail)
$ cat /data/vmail/asom-net.dk/kptest/maildirsize
524288000S
685 1
690 1
/data/vmail/asom-net.dk is actually a symlink, maybe that could be of
importance?:
root@mail:~# ls -ld /data/vmail/asom-net.dk
lrwxrwxrwx 1 root root 19 Jan 9 11:18 /data/vmail/asom-net.dk ->
../mnt1/asom-net.dk
root@mail:~# ls -ld /data/mnt1/asom-net.dk/
drwxrwx--- 45 vmail vmail 4096 Dec 15 10:54 /data/mnt1/asom-net.dk/
root@mail:~# ls -ld /data/mnt1/asom-net.dk/kptest/
drwx------ 9 vmail vmail 4096 Jan 23 08:55 /data/mnt1/asom-net.dk/kptest/
root@mail:~# ls -ld /data/mnt1/asom-net.dk/kptest/maildirsize
-rw------- 1 vmail vmail 23 Jan 12 16:50
/data/mnt1/asom-net.dk/kptest/maildirsize
Anyone have any idea what might be wrong here?
Regards,
--
Kristian Pedersen
ASOM-Net
Systemadministrator
www.asom-net.dk
Telefon: 44 400 970
