Re: [Dovecot] Emails from invalid local accounts

[Noel]

On 10/18/2012 8:59 PM, Steven Kiehl wrote:
> This is great information on some options I should look into
> further, however adding the "smtpd_reject_unlisted_sender"
> option doesn't seem to eliminate the problem.

[This is OT for the dovecot list, and my last post in this thread. 
Please send all followups to the appropriate postfix, amavisd-new,
or spamassassin list in consideration of other list members.  Thank
you.]

smtpd_reject_unlisted_sender works with the envelope address; this
option has no effect on headers. 

>  What these spammers are doing is forging the "from" header to be
> a full address like "account...@mydomain.com
> "

Possible, but I doubt it.  The only way you'll ever see the more
likely original "From: accounting" header is by running postfix in
debug mode (which is not recommended) or by using a tcp sniffer in
front of postfix.  That's why I recommend setting
"remote_header_rewrite_domain = domain.invalid".  Also, this setting
requires a non-ancient postfix, but I don't remember which version;
if it shows up in "postconf -n" output, you're OK.

> and they are sending to a real address like
> "webmas...@mydomain.com ".  So even
> if the envelope sender is valid or coming from an outside domain,
> the visible originating from address is invalid and is in my own
> domain.  And I'm absolutely positive any mail received from these
> forged from addresses are spam that shouldn't even be delivered.

If there are a few frequently-abused addresses, you can add them to
a header_checks rule.  But don't get too tied up in wack-a-mole
header_checks; that's a great time waster for limited benefit.

> This is also complicated further by the use of virtual domains and
> virtual alias mapping (all sql based) in the Postfix
> configuration.  Some of my problem may be that Postfix might not
> be able to get a comprehensive list of valid mailboxes and aliases
> to deliver to the virtual transport.  I've tried to define the
> virtual mailbox maps, but every time I do that the aliases stop
> working.

If your postfix is not able to properly validate recipients, you
should ask about that on the postfix list.  That is a serious problem.
http://www.postfix.org/DEBUG_README.html#mail

The point you're missing is that there is no way to validate the
From: header.  Look at other features of the unwanted mail for ways
to reject it.



  -- Noel Jones

Re: [Dovecot] Emails from invalid local accounts

[Steven Kiehl]

This is great information on some options I should look into further,
however adding the "smtpd_reject_unlisted_sender" option doesn't seem to
eliminate the problem.  What these spammers are doing is forging the "from"
header to be a full address like "account...@mydomain.com" and they are
sending to a real address like "webmas...@mydomain.com".  So even if the
envelope sender is valid or coming from an outside domain, the visible
originating from address is invalid and is in my own domain.  And I'm
absolutely positive any mail received from these forged from addresses are
spam that shouldn't even be delivered.

This is also complicated further by the use of virtual domains and virtual
alias mapping (all sql based) in the Postfix configuration.  Some of my
problem may be that Postfix might not be able to get a comprehensive list
of valid mailboxes and aliases to deliver to the virtual transport.  I've
tried to define the virtual mailbox maps, but every time I do that the
aliases stop working.

On Thu, Oct 18, 2012 at 5:00 PM, Noel  wrote:

> On 10/18/2012 3:32 PM, Steven Kiehl wrote:
> > Hi,
> >
> > I'm using dovecot 1.2.9 in a postfix/dovecot setup and I'm having issues
> > with receiving spam where the "from" header contains an address like
> > account...@mydomain.com.  Is there some way I can filter out these
> emails
> > coming from outside our network with an account associated with our
> network
> > which doesn't exist?  Do I just need to configure some custom process to
> > evaluate these addresses, or is there some way either in dovecot or
> > spamassassin to do this?
> >
> > Thanks,
> >
> > Steve K
> >
>
> This should be dealt with in postfix or SpamAssassin, not dovecot,
> and there are likely other, better ways to detect this particular
> spam rather than mucking with the From: header.
>
> Sometimes mail arrives with a header something like
>   From: accounting
> and postfix appends @$myorigin to the unqualified address while
> passing the mail through your content_filter.
>
> The fix for that is to set in your postfix main.cf
>   remote_header_rewrite_domain = domain.invalid
> so that unqualified addresses will be rewritten with a known
> domain.  Don't be tempted to reject such mail outright since you'll
> reject a significant amount of non-spam mail.
>
> Another thing to consider setting in postfix main.cf is:
>   smtpd_reject_unlisted_sender = yes
> which will reject invalid envelope senders in your domain.  (Note
> the difference between envelope sender and the From: header.)
>
>
>
>   -- Noel Jones
>

Re: [Dovecot] how to best import Evolution/Thunderbird mail into dovecot?

[Christoph Anton Mitterer]

On Thu, 2012-10-18 at 14:34 +0200, Dennis Guhl wrote:
> [move through Evolution to IMAP]
Seriously... I can just suggest anyone to never trust this piece of
crap ;)
Don't know which daemons led me to using it...


> I think, like Rob suggested, you are in need of some serious
> scripting.
Yeah... guess that's what it will end up with.


Cheers,
Chris.


smime.p7s
Description: S/MIME cryptographic signature

Re: [Dovecot] how to best import Evolution/Thunderbird mail into dovecot?

[Christoph Anton Mitterer]

Hi Rick and Robert.

Thanks for the tools... I'll have a look over them. :)


On Wed, 2012-10-17 at 15:53 +, Rick Sanders wrote:
> Your best bet for a clean migration is to use an IMAP migration tool (assuming
> both of your servers support IMAP).  It avoids all of the issues surrounding 
> the
> underlying databases used to store the mailboxes and messages since everything
> is done through IMAP commands.
Well the problem is that
a) the mboxes are already mixed up (with respect to different formats),
which was basically my fault.
b) Evolution is severely broken, amongst others for this
https://bugzilla.gnome.org/show_bug.cgi?id=686258 reason.

So I cannot really trust that automatic migration will work.


> imapsync: http://imapsync.lamiral.info
> imap_tools: http://www.athensfbc.com/imap_tools
> offlineimap: https://github.com/nicolas33/offlineimap
> mbsync: http://isync.sourceforge.net/
> mailsync: http://mailsync.sourceforge.net/
> mailutil: http://www.washington.edu/imap/ part of the UW IMAP tookit.
> imaprepl: http://www.bl0rg.net/software/ 
> http://freecode.com/projects/imap-repl/
> imapcopy: http://home.arcor.de/armin.diehl/imapcopy/imapcopy.html
> migrationtool: http://sourceforge.net/projects/migrationtool/
> imapmigrate: http://sourceforge.net/projects/cyrus-utils/
> larch: https://github.com/rgrove/larch (derived from wonko_imapsync)
> wonko_imapsync: http://wonko.com/article/554
> pop2imap: http://www.linux-france.org/prj/pop2imap/
> exchange-away: http://exchange-away.sourceforge.net/
For most of them, I unfortunately didn't found information on whether
they support the different subformats of mbox... what about your
MboxtoIMAP.pl ?


Right now I tent to create my own converter based on mb2md... just that
I don't write out maildir but again mbox.




Timo, when you're reading this:
I'm not sure though, on which headers I must/should stripe for dovecot?
From http://wiki.dovecot.org/MailboxFormat/mbox#Dovecot.27s_Metadata
I'd guess that I have to drop all X-IMAPbase, X-IMAP and X-UID. (Will
dovcote recreate them, when it indexes the mbox file the first time?)

And I have to manually create/calculate, Status, X-Status, X-Keyword
(based on what either Evolution or Thunderbird set) and also
Content-Length... the "From_" lines in the mails need then to be _not_
quoted.



Thanks,
Chris.


smime.p7s
Description: S/MIME cryptographic signature

Re: [Dovecot] Clarifications on Pigeonhole and MySQL lookups

[Stephan Bosch]

On 10/15/2012 9:40 AM, Sandro Tosi wrote:

Hi Stephan,
thanks a lot for your reply.

On 10/11/2012 10:35 PM, Stephan Bosch wrote:

On 10/10/2012 11:23 AM, Sandro Tosi wrote:

Hello,
we're scouting if it's possible to use Pigeonhole (currently v0.3.1,
as this will be provided with an upcoming Debian package) with MySQL
dict lookups with the mail setup we're designing.

Our (main) goals are:

1. store the filters on the database

That is possible with some limitations.


Are the ones below the only limitatios (ie one script per user) or are 
there any other worth knowing?


You cannot currently use ManageSieve when the active script is located 
in a dict database.


And 'one script per user' is not an fully accurate description. It is 
technically possible to access multiple different scripts from the dict 
database. It is however not possible to use dict support combination 
with multiscript support ( 
http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration#Executing_Multiple_Scripts_Sequentially) 
to execute multiple scripts in a sequence. Multiscript currently only 
works for Sieve scripts that are located in the filesystem.


In our situation, what would you suggest? We're now thinking of 
keeping the scripts list on a separate table, and merge the "user 
selected ones" in a single script to write in the filters table. Is 
that what would you suggest? Is there a better solution?


You can use the include extension 
(https://tools.ietf.org/html/draft-ietf-sieve-include-05) to access 
scripts in a dict database from a main active script to combine them. I 
believe you could even dynamically construct that main script in SQL 
using some string manipulation in the query, but that is a bit ugly.


Could you send me an overview of your configuration, including your 
database layout? Provided that I have some time in the next week, I 
could investigate building a simple working configuration for the sake 
of example.


Regards,

Stephan.

Re: [Dovecot] Emails from invalid local accounts

[Ben Morrow]

At  4PM -0400 on 18/10/12 you (Steven Kiehl) wrote:
> 
> I'm using dovecot 1.2.9 in a postfix/dovecot setup and I'm having issues
> with receiving spam where the "from" header contains an address like
> account...@mydomain.com.  Is there some way I can filter out these emails
> coming from outside our network with an account associated with our network
> which doesn't exist?  Do I just need to configure some custom process to
> evaluate these addresses, or is there some way either in dovecot or
> spamassassin to do this?

You want to do this in Postfix, with either the
smtpd_reject_unlisted_sender parameter or the reject_unlisted_sender
policy in smtpd_sender_restrictions. You will need to make sure Postfix
has access to the list of valid mailboxes at your domain, which it
should have already for recipient checking.

Ben

Re: [Dovecot] Emails from invalid local accounts

[Noel]

On 10/18/2012 3:32 PM, Steven Kiehl wrote:
> Hi,
>
> I'm using dovecot 1.2.9 in a postfix/dovecot setup and I'm having issues
> with receiving spam where the "from" header contains an address like
> account...@mydomain.com.  Is there some way I can filter out these emails
> coming from outside our network with an account associated with our network
> which doesn't exist?  Do I just need to configure some custom process to
> evaluate these addresses, or is there some way either in dovecot or
> spamassassin to do this?
>
> Thanks,
>
> Steve K
>

This should be dealt with in postfix or SpamAssassin, not dovecot,
and there are likely other, better ways to detect this particular
spam rather than mucking with the From: header.

Sometimes mail arrives with a header something like
  From: accounting
and postfix appends @$myorigin to the unqualified address while
passing the mail through your content_filter.

The fix for that is to set in your postfix main.cf
  remote_header_rewrite_domain = domain.invalid
so that unqualified addresses will be rewritten with a known
domain.  Don't be tempted to reject such mail outright since you'll
reject a significant amount of non-spam mail.

Another thing to consider setting in postfix main.cf is:
  smtpd_reject_unlisted_sender = yes
which will reject invalid envelope senders in your domain.  (Note
the difference between envelope sender and the From: header.)



  -- Noel Jones

[Dovecot] Emails from invalid local accounts

[Steven Kiehl]

Hi,

I'm using dovecot 1.2.9 in a postfix/dovecot setup and I'm having issues
with receiving spam where the "from" header contains an address like
account...@mydomain.com.  Is there some way I can filter out these emails
coming from outside our network with an account associated with our network
which doesn't exist?  Do I just need to configure some custom process to
evaluate these addresses, or is there some way either in dovecot or
spamassassin to do this?

Thanks,

Steve K

Re: [Dovecot] Add S= to maildirfile

[Jack Bates]

On 10/18/2012 11:22 AM, Robert Schetterer wrote:

Am 18.10.2012 16:29, schrieb Alessio Cecchi:

Hi,

in some old Maildir/ I have file without the S= in file name.

Is possibile to add the size to the file name with some tools like doveadm?

Are there other methods to update these file?

Thanks


perhaps this helps for ideas

http://wiki2.dovecot.org/HowTo/RefilterMail

perhaps you can use dsync also , but i am really not sure
if this works

http://wiki2.dovecot.org/Tools/Dsync

however its easy to test


Dsync would be the best option, I believe. It should work moving from 
maildir to maildir, but if necessary, you could also convert it to 
another format and then put it back to maildir.


Jack

Re: [Dovecot] Add S= to maildirfile

[Robert Schetterer]

Am 18.10.2012 16:29, schrieb Alessio Cecchi:
> Hi,
> 
> in some old Maildir/ I have file without the S= in file name.
> 
> Is possibile to add the size to the file name with some tools like doveadm?
> 
> Are there other methods to update these file?
> 
> Thanks
> 

perhaps this helps for ideas

http://wiki2.dovecot.org/HowTo/RefilterMail

perhaps you can use dsync also , but i am really not sure
if this works

http://wiki2.dovecot.org/Tools/Dsync

however its easy to test
-- 
Best Regards
MfG Robert Schetterer

sys4 AG
Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

[Dovecot] Add S= to maildirfile

[Alessio Cecchi]

Hi,

in some old Maildir/ I have file without the S= in file name.

Is possibile to add the size to the file name with some tools like doveadm?

Are there other methods to update these file?

Thanks

--
Alessio Cecchi is:
@ ILS -> http://www.linux.it/~alessice/
on LinkedIn -> http://www.linkedin.com/in/alessice
Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/
@ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it

Re: [Dovecot] dovecot-core, dovecot-mysql for Debian squeeze

[Dennis Guhl]

On Wed, Oct 17, 2012 at 08:47:09PM -0300, Ricardo wrote:
> Hello list

[..]

> I have problems installing the daemon dovecot-core, dovecot-mysql
> dovecot-imapd dovecot-pop3d

[..]

> to install dovecot-core, dovecot-mysql, install it without problems
> is the version (2.1.7-2 ~ bpo60 +1) of both packages, now wanting to
> install dovecot-imapd dovecot-pop3d (version 1.2.15-7) breaks the
> dovecot-core, dovecot-mysql, apparently must be the same version all
> packages.

Yea, of course you must use the same version for all packages.
Upstream there is only one package for dovecot. It's part of Debian's
philosophy to split monolithic packages into a bunch separate packages.

> Debian Wheezy, installs without problems but installs the version
> (dovecot-core_2.1.7-2 ~ ppa12.04 +1 _i386.deb) all packets are the
> same version.

This no Debian version schema but from Ubuntu 12.04. I don't know if
they work correct on Debian.

> What is the correct version for Debian squeeze?

Stock Squeeze ships Dovecot in Debian version 1.2.15-7. Squeeze
Backports offers version 2.1.7-2~bpo60+1.

To install Dovecot 2.1 for Debian Squeeze:

% sudo apt-get update
% apt-get -s -t squeeze-backports install dovecot-imapd dovecot-pop3d 
dovecot-mysql

The '-s' switch simulates the installation and works without root
privileges. If you get no error and apt shows to install version
2.1.7-2~bpo60+1 repeat the command with a preceding 'sudo ' and no
'-s'.

Dennis

Re: [Dovecot] how to best import Evolution/Thunderbird mail into dovecot?

[Dennis Guhl]

On Wed, Oct 17, 2012 at 07:57:38PM +0200, Christoph Anton Mitterer wrote:
> On Wed, 2012-10-17 at 16:51 +0200, Dennis Guhl wrote:

[move through Evolution to IMAP]

> Well as I've mentioned... on looses the info in the From_ lines (that is
> the RCPT TO address and the date of arrival) because Evolution does not

The date and time of arrival can be concluded from the last Received:
header. The RCPT TO need to be converted to a X-Original-To: header.

[..]

> > If they bug you remove them with sed or awk or perl or python or ...
> Yeah... but sed alone is not enough... cause such lines may also appear
> in the body... and I mustn't remove them...
> So in principle I'm looking for a smart parser of mbox which already
> gives me headers and body and I can modify either.

I think, like Rob suggested, you are in need of some serious
scripting.

Dennis

Re: [Dovecot] lmtp proxy logging

[Timo Sirainen]

On 18.10.2012, at 14.22, Charles Marcus wrote:

> On 2012-10-18 12:07 AM, Timo Sirainen  wrote:
>> I'm planning to implement SMTP submission server and it should share the 
>> code with LMTP. (Also I've already written a completely separate tiny SMTP 
>> server implementation, which should be merged with both of those. So I guess 
>> it needs to become a bit more generic lib-smtp-server.)
> 
> Hey Timo,
> 
> I hope this means what it sounds like it means...
> 
> Can you confirm that this 'submission server' would support the ability to 
> automatically add a copy of all emails sent using it to the designated 'Sent' 
> folder, so that email clients could simply disable the 'Save a copy to Sent 
> folder' feature (that causes the client to upload the message to the server 
> twice, once to send the message, and again to save the Sent copy)?

That's not the intended reason for creating it, but easy enough to add as an 
option, assuming \Sent SPECIAL-USE mailbox is defined.

Anyway, I don't know when I'll actually start implementing it. Mainly just a 
"would be nice to have some day" thing to support LEMONADE SMTP extensions.

Re: [Dovecot] CAS Authentication

[Angel L. Mateo]

El 18/10/12 10:33, b m escribió:

Thanks for the configuration files. I have a question. In pam_cas.conf I don't know what to put in 
"proxy ". In some examples I have seen something like 
http:///proxy.php
Do I need a php file in my webmail to handle the cas tickets and if so where 
can I find it?

	You need this script at your webmail server. This script depend on the 
webmail you are using.


--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 86337

Re: [Dovecot] lmtp proxy logging

[Charles Marcus]

On 2012-10-18 12:07 AM, Timo Sirainen  wrote:

I'm planning to implement SMTP submission server and it should share the code 
with LMTP. (Also I've already written a completely separate tiny SMTP server 
implementation, which should be merged with both of those. So I guess it needs 
to become a bit more generic lib-smtp-server.)


Hey Timo,

I hope this means what it sounds like it means...

Can you confirm that this 'submission server' would support the ability 
to automatically add a copy of all emails sent using it to the 
designated 'Sent' folder, so that email clients could simply disable the 
'Save a copy to Sent folder' feature (that causes the client to upload 
the message to the server twice, once to send the message, and again to 
save the Sent copy)?


This is one feature of gmail that I simply love...

Thanks as always,

--

Best regards,

Charles

Re: [Dovecot] Problem with process_limit

[FABIO FERRARI]

Yes, thanks, it seems that this configuration changed something, but I
think there is something else.

Now this particular warning in the dovecot.log disappeared, but it shows
these lines instead:

Oct 17 10:55:57 imap-login: Error: net_connect_unix(anvil) failed:
Resource temporarily unavailable
Oct 17 10:55:57 imap-login: Fatal: Couldn't connect to anvil
Oct 17 10:56:12 pop3-login: Error: net_connect_unix(anvil) failed:
Resource temporarily unavailable
Oct 17 10:56:12 pop3-login: Fatal: Couldn't connect to anvil

the result is quite the same, I have to reload the dovecot because it
does'n accept connections.

I tried to add these lines in /etc/dovecot/conf.d/10-master.conf:

service anvil {
  client_limit = 5000
}

but without good results.

Any ideas?

thanks in advance

Fabio Ferrari


> On 1.10.2012, at 12.15, FABIO FERRARI wrote:
>
>> Occasionally, it happens that the dovecot.log shows this line:
>> master: Warning: service(imap): process_limit reached, client
>> connections
>> are being dropped
> ..
>> Then, i edited the file /etc/dovecot/conf.d/10-master.conf and set the
>> line
>> process_limit = 1500
>
> But did you set it inside service imap {}? All of the services have
> process_limit parameter.
>
>

Re: [Dovecot] how to best import Evolution/Thunderbird mail into dovecot?

[Robert Schetterer]

Am 17.10.2012 20:21, schrieb Christoph Anton Mitterer:
> On Wed, 2012-10-17 at 13:12 -0500, /dev/rob0 wrote:
>>> Well as I've mentioned... on looses the info in the From_ lines 
>>> (that is the RCPT TO address and the date of arrival) because 
>>> Evolution does not correctly migrated them (actually I'm not sure 
>>> whether IMAP would allow that).
>> Perhaps you mean the "^From " mbox delimiter line.
> Yes I meant them (the _ should have denoted the space)
> 
> 
>>  You do not need 
>> mbox delimiters in maildir files.
> I know..
> 
> 
>> Did you mention whether or not 
>> you're using maildir?
> The reason is mainly that I have gazillions of mail in a ~ 60 GB
> archive... even with an fs optimised for small files I'd loose far too
> much space per mail than I want to afford.
> 
> Also, AFAIK full text search becomes much solver in maildir (as you need
> to open/close endless files). On the longterm view I want to have a look
> into things like dbmail/archiveopteryx... for the giant local archive...
> and keep dovecot "only" as the internet mail server.
> 
> Ideally dovecot would have such an SQL backend...or incorporate that
> part from Archiveopteryx.
> 
> 
> Cheers,
> Chris.
> 

this may help too

http://www.stchman.com/export_evolution.html
http://www.ubuntugeek.com/how-to-export-your-mails-from-evolution-to-thunderbird.html
http://ubuntuforums.org/showthread.php?t=1760469
http://ubuntuforums.org/showthread.php?t=1870445

http://jaisejames.wordpress.com/2012/03/15/to-activate-maildir-in-thunderbird/
http://realtechtalk.com/ThunderbirdMBOX_to_IMAPMaildir_migration_done_easy_with_mb2md-1134-articles



-- 
Best Regards
MfG Robert Schetterer

sys4 AG
Franziskanerstraße 15  Telefon +49 89 3090 4664
81669 München  Telefax +49 89 3090 4666

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

Re: [Dovecot] CAS Authentication

[b m]

Thanks for the configuration files. I have a question. In pam_cas.conf I don't 
know what to put in "proxy ". In some examples I have seen 
something like http:///proxy.php
Do I need a php file in my webmail to handle the cas tickets and if so where 
can I find it?




 From: Angel L. Mateo 
To: dovecot@dovecot.org 
Sent: Wednesday, October 17, 2012 10:24 AM
Subject: Re: [Dovecot] CAS Authentication
 
El 16/10/12 20:12, b m escribió:
> Thanks for the reply. I have already tried successfully the setup without 
> proxing the cas tickets and setting dovecot to login  with a master password. 
> The problem is that I need a password file with all the users and also I need 
> the proxy feature for other applications.
> 

    This is my config. In /etc/pam.d/dovecot I have:

auth    sufficient    pam_cas_ssh.so -simap://localhost -f/etc/pam_cas.conf
account sufficient    pam_permit.so
session sufficient    pam_permit.so

    and /etc/pam_cas.conf
host 
port 443
uriValidate /cas/proxyValidate
ssl on
debug off
proxy    
trusted_ca 

    in dovecot, I have these users dbs:

userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = session=yes cache_key=%n dovecot
  driver = pam
}

    With this, it works fine.

-- Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 86337

[Dovecot] trash plugin not doing it's job

[Jan-Frode Myklebust]

I enabled the trash plugin yesterday, adding "trash" to mail_plugins,
and configuring the plugin setting "trash =
/etc/dovecot/dovecot-trash.conf.ext".


But I still see users with lots of files in INBOX.Trash getting
bounced because of quota exceeded:


postfix/lmtp[26273]::  C89F490061: to=,
relay=loadbalancers.example.net[192.168.42.15]:24, delay=1.2,
delays=0.61/0.02/0/0.54, dsn=5.2.2, status=bounced (host
loadbalancers.example.net[192.168.42.15] said: 552 5.2.2
 Quota exceeded (mailbox for user is full)
(in reply to end of DATA command))

dovecot::  lmtp(19730, ...@example.no): Error:
BErxFCyrf1ASTQAAWNPRnw: sieve:
msgid=: failed to store
into mailbox 'INBOX': Quota exceeded (mailbox for user is full)


$ sudo doveadm quota get -u x...@example.no
Quota name  Type
   Value   Limit  %
UserQuota
STORAGE 1048559 1048576 99
UserQuota
MESSAGE4487   -  0


Postfix if delivering via LMTP trough dovecot director.


Anybody see anything obvious in my config:


# 2.0.14: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-194.26.1.el5 x86_64 Red Hat Enterprise Linux Server
release 5.5 (Tikanga)
auth_cache_size = 100 M
auth_verbose = yes
auth_verbose_passwords = sha1
disable_plaintext_auth = no
login_trusted_networks = 192.168.0.0/16 109.247.114.192/27
mail_gid = 3000
mail_home = /srv/mailstore/%256LRHu/%Ld/%Ln
mail_location = maildir:~/:INDEX=/indexes/%1u/%1.1u/%u
mail_max_userip_connections = 20
c = quota zlib trash
mail_uid = 3000
maildir_stat_dirs = yes
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date
mmap_disable = yes
namespace {
  inbox = yes
  location =
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  quota = dict:UserQuota::file:%h/dovecot-quota
  sieve = /sieve/%1Lu/%1.1Lu/%Lu/.dovecot.sieve
  sieve_before = /etc/dovecot/sieve/dovecot.sieve
  sieve_dir = /sieve/%1Lu/%1.1Lu/%Lu
  sieve_max_script_size = 1M
  trash = /etc/dovecot/dovecot-trash.conf.ext
  zlib_save = gz
  zlib_save_level = 6
}
postmaster_address = postmas...@example.net
protocols = imap pop3 lmtp sieve
service auth-worker {
  user = $default_internal_user
}
service auth {
  client_limit = 4521
  unix_listener auth-userdb {
group =
mode = 0600
user = atmail
  }
}
service imap-login {
  inet_listener imap {
address = *
port = 143
  }
  process_min_avail = 4
  service_count = 0
  vsz_limit = 1 G
}
service imap-postlogin {
  executable = script-login /usr/local/sbin/imap-postlogin.sh
}
service imap {
  executable = imap imap-postlogin
  process_limit = 2048
}
service lmtp {
  client_limit = 1
  inet_listener lmtp {
address = *
port = 24
  }
  process_limit = 25
  process_min_avail = 10
}
service managesieve-login {
  inet_listener sieve {
address = *
port = 4190
  }
  service_count = 1
}
service pop3-login {
  inet_listener pop3 {
address = *
port = 110
  }
  process_min_avail = 4
  service_count = 0
  vsz_limit = 1 G
}
service pop3-postlogin {
  executable = script-login /usr/local/sbin/pop3-postlogin.sh
}
service pop3 {
  executable = pop3 pop3-postlogin
  process_limit = 2048
}
ssl = no
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lmtp {
  mail_plugins = quota zlib trash sieve
}
protocol imap {
  imap_client_workarounds = delay-newmail
  mail_plugins = quota zlib trash imap_quota
}
protocol pop3 {
  mail_plugins = quota zlib trash
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = UID%u-%v
}
protocol sieve {
  managesieve_logout_format = bytes=%i/%o
}


and my trash config:

$ cat /etc/dovecot/dovecot-trash.conf.ext
# Spam mailbox is emptied before Trash
1 INBOX.Spam
# Trash mailbox is emptied before Sent
2 INBOX.Trash

Global sieve script:

$ cat /etc/dovecot/sieve/dovecot.sieve

require ["comparator-i;ascii-numeric","relational","fileinto","mailbox"];
if allof (
not header :matches "x-spam-score" "-*",
header :value "ge" :comparator "i;ascii-numeric" "x-spam-score" "10" )
{
discard;
stop;
}
elsif allof (
not header :matches "x-spam-score" "-*",
header :value "ge" :comparator "i;ascii-numeric" "x-spam-score" "6" )
{
fileinto :create "INBOX.Spam";
}


  -jf