Re: [Dovecot] Quota for Shared Folders

[Anton Dollmaier]

Hi Timo,



Actually virtual Dovecot quota completely ignores shared/public
namespaces currently. The only reason why you seem to notice a combined
quota is most likely because of filesystem quota limit exceeding.


Or the local quota was exceeded too, so the mail was deferred anyway.


So I suppose there needs to be some kind of a per-namespace quota that
could be defined.. Maybe something like:

quota = maildir:Shared quota:ns=shared/
quota_rule = *:storage=200M

Yes, that looked like an easy thing to implement.


this works really great, I only needed to figure out the right 
namespace-setting: it must match the prefix-definition in the 
namespace, so with prefix = shared. (courier-migration) it has to be 
ns=shared.. The quotadict also reports diskusage really fast to the 
database, with the right amounts for the shared quotas.



imap_quota shows shared quotas too, thunderbird displays a nice 
percentage-graph with different local and shared-values.



thanks for the really fast response and implementation!


best regards,

Anton

Re: [Dovecot] Quota for Shared Folders

[Timo Sirainen]

On Wed, 2009-04-15 at 02:39 +0200, Anton Dollmaier wrote:
 As my tests have shown, dovecot uses a different approach to the 
 quota-issue: users can always move their mails from local folders to the 
 shared namespace, regardless of the shared quota. The quota itself is 
 only checked when receiving new mails, where the combined quota (local + 
 shared) may not be exceeded. If it is, the mail is not delivered to the 
 mailbox.

Actually virtual Dovecot quota completely ignores shared/public
namespaces currently. The only reason why you seem to notice a combined
quota is most likely because of filesystem quota limit exceeding.

So I suppose there needs to be some kind of a per-namespace quota that
could be defined.. Maybe something like:

quota = maildir:Shared quota:ns=shared/
quota_rule = *:storage=200M

Yes, that looked like an easy thing to implement. Added to v1.2:

http://hg.dovecot.org/dovecot-1.2/rev/16c286aee307


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] Quota for Shared Folders

[Timo Sirainen]

On Thu, 2009-04-16 at 21:33 -0400, Timo Sirainen wrote:
 Yes, that looked like an easy thing to implement. Added to v1.2:
 
 http://hg.dovecot.org/dovecot-1.2/rev/16c286aee307

Actually a couple of more commits after that were also needed.



signature.asc
Description: This is a digitally signed message part

[Dovecot] Quota for Shared Folders

[Anton Dollmaier]

Good morning list,


first of all: dovecot works really great, the performance is 
overwhelming (especially compared to courier), the configuration 
flexible as hell, it is good documented - I love this software.



But as things get complicated, I think I need some additional help.


I'm using dovecot to replace the currently used courier-mailserver in a 
shared hosting environment based on the control panel Confixx.



Confixx uses per default filesystem-users, giving each mailuser a 
filesystem-quota, mails are stored in ~/Maildir/. The imap-logins are 
all in the form of webxpy, being webx the customer (prefix 'web', 
and a increasing number), and py the number of the pop account. 
Because of the filesystem-quota we moved the indexes to another partition.


This basic setup with dovecot works great, with auth directly against 
the confixx-database etc, imap_quota-plugin, quota-plugin working as 
expected.



We now want to implement shared folders for each customer: all 
mailaccounts of a customer should be able to subscribe to per-customer 
shared folders in a specified maildir, thus I re-mapped the usernames 
with a new user_query (and password_query) to the format of 
web...@webx - being webx the virtual domain and webxpy the 
mailaccount, but still using webxpy as the imap-login (no need for 
customers to change the login).


This also works, we even can control with ACL-vfiles the permissions of 
specified users, to enable or disable specific folders.


The shared folders are specified as a new public namespace and the 
domain is part of the storage-path (see configuration at the end of 
this mail).


To allow easier quota-management (no need to create a new system-user), 
the quota of the shared folders is maildir-based, with a 
mysql-quota-dictionary (later, all accounts will be migrated to a 
virtual-user-mailstorage, with only maildir-quota and no fs-quotas).



But when things come to the shared quota, I currently don't know how to 
solve the wishes of the customer:


The current solution for shared folders (at the customer's local site) 
is based on mdaemon, every shared folder (of a customer, not a single 
mail-account) has a quota assigned. This quota cannot be exceeded by the 
users, no more mails can be saved into the shared folders if used space 
exceeds the hard quota-value.


As my tests have shown, dovecot uses a different approach to the 
quota-issue: users can always move their mails from local folders to the 
shared namespace, regardless of the shared quota. The quota itself is 
only checked when receiving new mails, where the combined quota (local + 
shared) may not be exceeded. If it is, the mail is not delivered to the 
mailbox.


Our quota-config is this:


  quota_rule: *:storage=50M:messages=1000
  quota_rule2: Trash:storage=50M:messages=100
  quota_rule3: shared*:storage=100M:messages=1000


(also being altered by user_query, but the scheme is the same)

As of dovecot-wiki, this means:

Users can save 50M + 50M + 100M of mails in all specified Folders, so 
the storage-value for the shared*-folders works additionally to the 
*-storage-value.




Different from this, we want the following to happen:

If the customer exceeds the shared folders-quota, his mail-users may not 
move mails from INBOX to shared, this move-operation should fail with a 
reasonable error-message.


If the local quota of a mail user is exceeded, new mails should be 
rejected/delayed, regardless of the shared quota-value (e.g., shared 
quota exceeded, but no local mails [new mail-account], mails should be 
delivered to INBOX).



Sieve-filters are not a problem, we do not allow user-specific 
sieve-rules (managesieve is disabled).




Hopefully, I could explain my issues to you.

Our current dovecot-configuration is attached to this mail, any help 
would be gladly appreciated.



If additional configuration-values/information is needed, I'll happily 
provide them, if possible.




best regards,

Anton Dollmaier



# 1.1.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-1-686 i686 Debian 5.0.1 
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imap imaps pop3s pop3

listen: *, [::]
ssl_cert_file: /etc/dovecot/dovecot.pem
ssl_key_file: /etc/dovecot/dovecot.pem
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
mail_max_userip_connections(default): 25
mail_max_userip_connections(imap): 25
mail_max_userip_connections(pop3): 10
first_valid_uid: 249
mail_access_groups: poponly
mail_privileged_group: poponly
mail_location: maildir:~/Maildir:INDEX=~/index:CONTROL=~/control
mail_debug: yes
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugins(default): quota imap_quota acl
mail_plugins(imap): quota imap_quota acl
mail_plugins(pop3): quota acl