[Dovecot] 2.0.5: quota warning failing
From the log:
Oct 6 09:54:10 postamt dovecot: imap(hkunte): Error: quota:
connect(/usr/local/scripts/quota-warning2) failed: Permission denied
From the config:
quota = maildir
quota_rule = INBOX.Trash:storage=+2048M
quota_warning = storage=99%% /usr/local/scripts/quota-warning2 99 %u
quota_warning2 = storage=95%% /usr/local/scripts/quota-warning2 95 %u
quota_warning3 = storage=90%% /usr/local/scripts/quota-warning2 90 %u
quota_warning4 = storage=85%% /usr/local/scripts/quota-warning2 85 %u
service quota-warning {
executable = script /usr/local/scripts/quota-warning2
# use some unprivileged user for executing the quota warnings
user = vmail
unix_listener quota-warning {
}
}
But how exactly does this work? the user vmail cannot write to the
users' mailboxes, so I'd have to run /usr/local/scripts/quota-warning2
as root, don't I?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] 2.0.5: quota warning failing
Ralf Hildebrandt wrote on 06.10.2010:
From the log:
Oct 6 09:54:10 postamt dovecot: imap(hkunte): Error: quota:
connect(/usr/local/scripts/quota-warning2) failed: Permission denied
From the config:
quota = maildir
quota_rule = INBOX.Trash:storage=+2048M
quota_warning = storage=99%% /usr/local/scripts/quota-warning2 99 %u
quota_warning2 = storage=95%% /usr/local/scripts/quota-warning2 95 %u
quota_warning3 = storage=90%% /usr/local/scripts/quota-warning2 90 %u
quota_warning4 = storage=85%% /usr/local/scripts/quota-warning2 85 %u
service quota-warning {
executable = script /usr/local/scripts/quota-warning2
# use some unprivileged user for executing the quota warnings
user = vmail
unix_listener quota-warning {
}
}
But how exactly does this work? the user vmail cannot write to the
users' mailboxes, so I'd have to run /usr/local/scripts/quota-warning2
as root, don't I?
Personally I use this:
service quota-warning {
executable = script /usr/bin/quota-warning.sh
user = vmail
unix_listener quota-warning {
mode = 0660
user = vmail
group = vmail
}
}
Same for some other sockets like dict...
--
Daniel
Re: [Dovecot] 2.0.5: quota warning failing
* Daniel Luttermann dan...@dlutt.de:
Personally I use this:
service quota-warning {
executable = script /usr/bin/quota-warning.sh
user = vmail
unix_listener quota-warning {
mode = 0660
user = vmail
group = vmail
}
}
What is the meaning of the unix_listener?
Can I run the script as user root or will dovecot deny this?
Why do I need to specify the user twice?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] 2.0.5: quota warning failing
On Wed, 2010-10-06 at 15:33 +0200, Ralf Hildebrandt wrote:
service quota-warning {
executable = script /usr/bin/quota-warning.sh
user = vmail
The process is run as this user.
unix_listener quota-warning {
mode = 0660
user = vmail
group = vmail
This is the socket permissions, i.e. specifying what other processes can
connect to it.
Can I run the script as user root or will dovecot deny this?
Yeah, you can make the service user=root, but give only vmail user
permission to it so only processes running as vmail can connect to it.
Do you use multiple UIDs for users? An alternative to running as root
would be to use LMTP to deliver the over quota mail to user and use
some trick to disable quota for this. Maybe something like:
protocol lmtp {
local_ip 127.0.0.1 {
plugin {
quota = maildir:user:noenforcing
}
}
}
Re: [Dovecot] 2.0.5: quota warning failing
* Timo Sirainen t...@iki.fi:
On Wed, 2010-10-06 at 15:33 +0200, Ralf Hildebrandt wrote:
service quota-warning {
executable = script /usr/bin/quota-warning.sh
user = vmail
The process is run as this user.
unix_listener quota-warning {
mode = 0660
user = vmail
group = vmail
This is the socket permissions, i.e. specifying what other processes can
connect to it.
Can I run the script as user root or will dovecot deny this?
Yeah, you can make the service user=root, but give only vmail user
permission to it so only processes running as vmail can connect to it.
Good. The question is: which user will connect to the socket?
dovecot-lda will assume the UID of the user it's trying to deliver to.
So any user must be able to connect to the socket?
Do you use multiple UIDs for users?
Yes! Every user has his/her own UID.
An alternative to running as root would be to use LMTP to deliver the
over quota mail to user and use some trick to disable quota for this.
Maybe something like:
protocol lmtp {
local_ip 127.0.0.1 {
plugin {
quota = maildir:user:noenforcing
}
}
}
Ugh.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] 2.0.5: quota warning failing
On Wed, 2010-10-06 at 16:19 +0200, Ralf Hildebrandt wrote:
Yeah, you can make the service user=root, but give only vmail user
permission to it so only processes running as vmail can connect to it.
Good. The question is: which user will connect to the socket?
dovecot-lda will assume the UID of the user it's trying to deliver to.
So any user must be able to connect to the socket?
Yes. Although you could also play with groups, like make deliver always
run with dovemail group enabled for the process
(mail_access_groups=dovemail from deliver's side, but might be
problematic from Postfix's side).
An alternative to running as root would be to use LMTP to deliver the
over quota mail to user and use some trick to disable quota for this.
Maybe something like:
protocol lmtp {
local_ip 127.0.0.1 {
plugin {
quota = maildir:user:noenforcing
}
}
}
Ugh.
You're already using dovecot-lda to deliver the out-of-quota mails? How
do you do this there then?
Re: [Dovecot] 2.0.5: quota warning failing
* Timo Sirainen t...@iki.fi:
On Wed, 2010-10-06 at 16:19 +0200, Ralf Hildebrandt wrote:
Yeah, you can make the service user=root, but give only vmail user
permission to it so only processes running as vmail can connect to it.
Good. The question is: which user will connect to the socket?
dovecot-lda will assume the UID of the user it's trying to deliver to.
So any user must be able to connect to the socket?
Yes. Although you could also play with groups, like make deliver always
run with dovemail group enabled for the process
(mail_access_groups=dovemail from deliver's side, but might be
problematic from Postfix's side).
In my setup I still have my users in /etc/passwd, thus everybody has
their own ID.
An alternative to running as root would be to use LMTP to deliver the
over quota mail to user and use some trick to disable quota for this.
Maybe something like:
protocol lmtp {
local_ip 127.0.0.1 {
plugin {
quota = maildir:user:noenforcing
}
}
}
Ugh.
You're already using dovecot-lda to deliver the out-of-quota mails?
No, I'm trying. I migrated from 1.2.4, where I used a script that
delivered the Over quota infomail by writing into the Maildir
DIRECTLY.
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] 2.0.5: quota warning failing
On Wed, 2010-10-06 at 15:29 +0100, Timo Sirainen wrote:
protocol lmtp {
local_ip 127.0.0.1 {
plugin {
quota = maildir:user:noenforcing
}
}
}
Ugh.
You're already using dovecot-lda to deliver the out-of-quota mails? How
do you do this there then?
Oh, another simpler idea:
service lmtp-noquota {
executable = lmtp -o plugin/quota=maildir:user:noenforcing
unix_listener lmtp-noquota {
mode = 0660
group = ..
}
}
Re: [Dovecot] 2.0.5: quota warning failing
* Timo Sirainen t...@iki.fi:
On Wed, 2010-10-06 at 15:29 +0100, Timo Sirainen wrote:
protocol lmtp {
local_ip 127.0.0.1 {
plugin {
quota = maildir:user:noenforcing
}
}
}
Ugh.
You're already using dovecot-lda to deliver the out-of-quota mails? How
do you do this there then?
Oh, another simpler idea:
service lmtp-noquota {
executable = lmtp -o plugin/quota=maildir:user:noenforcing
unix_listener lmtp-noquota {
mode = 0660
group = ..
}
}
Right now I have:
Oct 6 16:38:54 postamt dovecot: lda(ghinrich): save: box=INBOX, uid=993,
msgid=20101006143814.gp19...@charite.de, size=11165930
Oct 6 16:38:54 postamt dovecot: lda(ghinrich): Error: quota:
connect(/usr/local/scripts/quota-warning2) failed: Permission denied
Oct 6 16:38:56 postamt dovecot: lda(ghinrich):
msgid=20101006143814.gp19...@charite.de: saved mail to INBOX
# groups ghinrich
ghinrich : users
But what is uid=993 ?
# grep :993: /etc/passwd
yields no result
The socket:
srw-rw-rw- 1 vmail users 0 Okt 6 16:44
/usr/dovecot-2/var/run/dovecot/quota-warning
service quota-warning {
executable = script /usr/local/scripts/quota-warning2
user = root
unix_listener quota-warning {
mode = 0666
user = vmail
group = users
}
}
The permissions are ok:
drwxr-xr-x 4 root root 4096 Okt 6 16:44 /usr/dovecot-2/var/run/dovecot
drwxr-xr-x 3 root root 4096 Okt 5 23:52 /usr/dovecot-2/var/run
drwxr-xr-x 4 root root 4096 Okt 5 23:52 /usr/dovecot-2/var
drwxr-xr-x 11 root root 4096 Okt 5 23:52 /usr/dovecot-2
drwxr-xr-x 16 root root 4096 Okt 5 21:13 /usr
drwxr-xr-x 23 root root 4096 Sep 9 12:49 /
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] 2.0.5: quota warning failing
On Wed, 2010-10-06 at 16:48 +0200, Ralf Hildebrandt wrote: Right now I have: Oct 6 16:38:54 postamt dovecot: lda(ghinrich): save: box=INBOX, uid=993, msgid=20101006143814.gp19...@charite.de, size=11165930 Oct 6 16:38:54 postamt dovecot: lda(ghinrich): Error: quota: connect(/usr/local/scripts/quota-warning2) failed: Permission denied Oct 6 16:38:56 postamt dovecot: lda(ghinrich): msgid=20101006143814.gp19...@charite.de: saved mail to INBOX # groups ghinrich ghinrich : users But what is uid=993 ? Yeah, it's a bit confusing to have both IMAP and UNIX UIDs referred to as only UIDs. So the 993 above means the message's IMAP UID. The socket: srw-rw-rw- 1 vmail users 0 Okt 6 16:44 /usr/dovecot-2/var/run/dovecot/quota-warning Note that above it's trying to connect to /usr/local/scripts/quota-warning2, which is a completely different directory. So your quota_warning setting shouldn't have the executable path, but only quota-warning.
Re: [Dovecot] 2.0.5: quota warning failing
* Timo Sirainen t...@iki.fi: On Wed, 2010-10-06 at 16:48 +0200, Ralf Hildebrandt wrote: Right now I have: Oct 6 16:38:54 postamt dovecot: lda(ghinrich): save: box=INBOX, uid=993, msgid=20101006143814.gp19...@charite.de, size=11165930 Oct 6 16:38:54 postamt dovecot: lda(ghinrich): Error: quota: connect(/usr/local/scripts/quota-warning2) failed: Permission denied Oct 6 16:38:56 postamt dovecot: lda(ghinrich): msgid=20101006143814.gp19...@charite.de: saved mail to INBOX # groups ghinrich ghinrich : users But what is uid=993 ? Yeah, it's a bit confusing to have both IMAP and UNIX UIDs referred to as only UIDs. So the 993 above means the message's IMAP UID. I noticed, since the next delivery had 994 :) The socket: srw-rw-rw- 1 vmail users 0 Okt 6 16:44 /usr/dovecot-2/var/run/dovecot/quota-warning Note that above it's trying to connect to /usr/local/scripts/quota-warning2, which is a completely different directory. So your quota_warning setting shouldn't have the executable path, but only quota-warning. FCK. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] 2.0.5: quota warning failing
* Ralf Hildebrandt ralf.hildebra...@charite.de:
Note that above it's trying to connect
to /usr/local/scripts/quota-warning2, which is a completely different
directory. So your quota_warning setting shouldn't have the executable
path, but only quota-warning.
FCK.
Ok, better. Not working, but better
Oct 6 17:06:24 postamt dovecot: quota-warning: Error: lda: Fatal: Unknown
argument: plugin/quota=maildir:User quota:noenforcing
Oct 6 17:06:24 postamt quota-warning2(ghinrich): writing message failed
Oct 6 17:06:24 postamt dovecot: master: Error: service(quota-warning): child
18837 returned error 1
The actual dovecot-lda invocation is:
${BIN_CAT} EOF | /usr/dovecot-2/libexec/dovecot/dovecot-lda -d $USER -o
plugin/quota=maildir:User quota:noenforcing
some text
EOF
dovecot.conf says:
quota = maildir
so should I just use plugin/quota=maildir:noenforcing?
I also tried that and got:
Oct 6 17:11:26 postamt dovecot: quota-warning: Error: lda: Fatal: Unknown
argument: plugin/quota=maildir:noenforcing
Oct 6 17:11:26 postamt quota-warning2(ghinrich): writing message failed
Oct 6 17:11:26 postamt dovecot: master: Error: service(quota-warning): child
23274 returned error 1
Bloody hell, am I acting stupid?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] 2.0.5: quota warning failing
* Ralf Hildebrandt ralf.hildebra...@charite.de:
The actual dovecot-lda invocation is:
${BIN_CAT} EOF | /usr/dovecot-2/libexec/dovecot/dovecot-lda -d $USER -o
plugin/quota=maildir:User quota:noenforcing
some text
EOF
dovecot.conf says:
quota = maildir
so should I just use plugin/quota=maildir:noenforcing?
I also tried that and got:
Oct 6 17:11:26 postamt dovecot: quota-warning: Error: lda: Fatal: Unknown
argument: plugin/quota=maildir:noenforcing
Oct 6 17:11:26 postamt quota-warning2(ghinrich): writing message failed
Oct 6 17:11:26 postamt dovecot: master: Error: service(quota-warning): child
23274 returned error 1
Bloody hell, am I acting stupid?
# /usr/dovecot-2/libexec/dovecot/dovecot-lda -?
/usr/dovecot-2/libexec/dovecot/dovecot-lda: invalid option -- '?'
Usage: dovecot-lda [-c config file] [-a address] [-d username] [-p path]
[-f envelope sender] [-m mailbox] [-e] [-k]
-o is not being mentioned anywhere. WTF?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
Re: [Dovecot] 2.0.5: quota warning failing
On Wed, 2010-10-06 at 17:14 +0200, Ralf Hildebrandt wrote:
Oct 6 17:06:24 postamt dovecot: quota-warning: Error: lda: Fatal: Unknown
argument: plugin/quota=maildir:User quota:noenforcing
This looks as if it's missing -o parameter..
The actual dovecot-lda invocation is:
${BIN_CAT} EOF | /usr/dovecot-2/libexec/dovecot/dovecot-lda -d $USER -o
plugin/quota=maildir:User quota:noenforcing
some text
EOF
Looks right. Works with me:
[...@kurkku] ~/cvs/dovecot-2.0/src/lda% echo hello|./dovecot-lda -d $USER -o
plugin/quota=maildir:User quota:noenforcing
[...@kurkku] ~/cvs/dovecot-2.0/src/lda% echo $?
0
dovecot.conf says:
quota = maildir
so should I just use plugin/quota=maildir:noenforcing?
plugin/quota=maildir::noenforcing
The second parameter between ':' is quota root name (default is empty).
# /usr/dovecot-2/libexec/dovecot/dovecot-lda -?
/usr/dovecot-2/libexec/dovecot/dovecot-lda: invalid option -- '?'
Usage: dovecot-lda [-c config file] [-a address] [-d username] [-p
path]
[-f envelope sender] [-m mailbox] [-e] [-k]
-o is not being mentioned anywhere. WTF?
Yeah, the parameters that work with all Dovecot binaries aren't shown in
help currently..
Re: [Dovecot] 2.0.5: quota warning failing
* Timo Sirainen t...@iki.fi:
On Wed, 2010-10-06 at 17:14 +0200, Ralf Hildebrandt wrote:
Oct 6 17:06:24 postamt dovecot: quota-warning: Error: lda: Fatal: Unknown
argument: plugin/quota=maildir:User quota:noenforcing
This looks as if it's missing -o parameter..
The actual dovecot-lda invocation is:
${BIN_CAT} EOF | /usr/dovecot-2/libexec/dovecot/dovecot-lda -d $USER -o
plugin/quota=maildir:User quota:noenforcing
some text
EOF
Looks right. Works with me:
[...@kurkku] ~/cvs/dovecot-2.0/src/lda% echo hello|./dovecot-lda -d $USER -o
plugin/quota=maildir:User quota:noenforcing
[...@kurkku] ~/cvs/dovecot-2.0/src/lda% echo $?
0
It must be
/usr/dovecot-2/libexec/dovecot/dovecot-lda -d $MAIL_TO -o
plugin/quota=maildir:User quota:noenforcing
since $USER was empty...
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de | http://www.charite.de
