On Sat, 25 Jan 2003, John A. Tamplin wrote: > Why did you delete the quota file in the first place? If you want to > remove the quota, do it via IMAP. You can't expect to just go delete > files maintained by Cyrus and have everything continue to work (see the > long discussion on virus scanners deleting message files from the > mailstore).
Fair enough, but based on recent experience I share Denis's feeling that quota handling is somewhat fragile. What happened locally was a blatant case of administrator error: one of my colleagues (not me!) tried to clean out a particularly large mailbox hierarchy by manually deleting it then doing a reconstruct. Yes, I know, no comment required... Historical practice here (which dates from 1.5.19 days and may no longer be appropriate) is to run a nightly quota -f over our ~27000 mailboxes. The molested mailbox was still in the mailboxes db, and when quota discovered that its expected subfolders were missing it immediately died. One could argue it should have skipped the problem entry and kept going, but OTOH perhaps it is better to say "oi! something's broken!" and bail out. Problem is, in bailing out it lost ALL the quota files for the remaining unprocessed users - but only the quota files, not whatever magic flag says "this mailbox has a quota file". The resulting inconsistency led to all sorts of problems, the cutest of which was POP clients repeatedly downloading the same messages because pop3d couldn't close cleanly. In the end we fixed things by shutting Cyrus down, doing a mailboxes export/edit/import to expunge the broken mailbox, then doing a complete quota rebuild. As I said, the root cause was meatware failure. I fully agree that it's unreasonable to mess with the spool and not expect things to break. However, IMAO the original mistake was amplified out of all proportion by the quota program's response - a single corrupt mailbox shouldn't lead to it losing half the quota files. Humans will do dumb things. Third-party software will run amok. Smelly stuff will happen. I'm quite happy for Cyrus to shut down when it detects a "this can't happen" situation, but personally I wish quota could have done so in a less drastic fashion. Maybe it's worth considering how quota management can be made more robust? -- Simon Brady mailto:[EMAIL PROTECTED] ITS Technical Services University of Otago, Dunedin, New Zealand
