Re: Quota - frustrated trying to configure ...

[Sami Ketola]

> On 2 Oct 2017, at 16.11, Garry Glendown  wrote:
>>> On 25 Sep 2017, at 21.51, Garry Glendown  wrote:
>>> On 25.09.2017 20:28, Sami Ketola wrote:
>> 
>> you can change this setting:
>> 
>> plugin {
>>  quota_status_overquota = "552 5.2.2 Mailbox is full”
>> }
>> 
>> to give 4xx SMTP error code instead to force the MTA to retry for up to 48 
>> hours as mandated
>> by the RFC.
> 
> Except for this ... I added the entry to the 20-lmtp.conf file, but
> dovecot/lmtp still uses the 552 message ...


Are you sure you did put it inside plugin {} section? As looking at the code it 
does search for
plugin/quota_status_overquota string and only if not defined it uses the 
default one.

can you see it in 'doveconf -nS | grep quota'

Sami

Re: Quota - frustrated trying to configure ...

[Garry Glendown]

Hi,

had the quota info added to the AD in an unused field, and it seems to
work ...

>> On 25 Sep 2017, at 21.51, Garry Glendown  wrote:
>>
>>
>>
>> On 25.09.2017 20:28, Sami Ketola wrote:
 On 25 Sep 2017, at 21.19, Garry Glendown  wrote:

 doveadm(root): Error: chdir(/root/) failed: Permission denied
 (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned
 by 0:0 mode=0700)
 doveadm(root): Error: chdir(/root) failed: Permission denied

 It looks like dovecot doesn't actually attempt to look at the central
 maildir, but instead seems to attempt to enter the current user's
 homedir (which, in this case, is root).
>>>
>>> what was the command line you used to test this? As this looks a lot like 
>>> you
>>> just tried to check root users quota.
>> Actually no, I tried "doveadm quote recalc" without any parameters ... I
>> found the command in the wiki, which - as with most other information -
>> might be helpful if you already know what you are doing …
>> "If your quotas are out of sync, you can use doveadm quota recalc
>> command to recalculate them. “
>
> I agree that this might happen. We must remember that the wiki is written 
> mostly by 
> people that have been working with dovecot for many years. I think you 
> referred to
> this page: https://wiki2.dovecot.org/Quota so I fixed the syntax. The correct 
> syntax
> was in the https://wiki2.dovecot.org/Tools/Doveadm/Quota page already.
>
>> I assumed it would recalculate all users' quotas ... using the -u
>> argument with an account actually does seem to work, at least I do not
>> get any errors. Also, the get command seems to be accurate from what I
>> can tell. Further tests show that the system already checks the quota
>> correctly ... and hard-rejects any mails to users with full quota ...
>>
>> So with that part already working, I have new problems to solve:
>>
>> * how do I keep mails from being rejected and kept in the local
>> mailqueue instead? (which is the old system's behavior)?
>
> you can change this setting:
>
> plugin {
>   quota_status_overquota = "552 5.2.2 Mailbox is full”
> }
>
> to give 4xx SMTP error code instead to force the MTA to retry for up to 48 
> hours as mandated
> by the RFC.

Except for this ... I added the entry to the 20-lmtp.conf file, but
dovecot/lmtp still uses the 552 message ...

tnx, Garry

--

PGP Fingerprint: A79F A33F 5B13 BEB7 A51D 274F F99C 3AE2 4BCB 7015

 

Re: Quota - frustrated trying to configure ...

[Sami Ketola]

> On 25 Sep 2017, at 21.51, Garry Glendown  wrote:
> 
> 
> 
> On 25.09.2017 20:28, Sami Ketola wrote:
>>> On 25 Sep 2017, at 21.19, Garry Glendown  wrote:
>>> 
>>> doveadm(root): Error: chdir(/root/) failed: Permission denied
>>> (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned
>>> by 0:0 mode=0700)
>>> doveadm(root): Error: chdir(/root) failed: Permission denied
>>> 
>>> It looks like dovecot doesn't actually attempt to look at the central
>>> maildir, but instead seems to attempt to enter the current user's
>>> homedir (which, in this case, is root).
>> 
>> 
>> what was the command line you used to test this? As this looks a lot like you
>> just tried to check root users quota.
> Actually no, I tried "doveadm quote recalc" without any parameters ... I
> found the command in the wiki, which - as with most other information -
> might be helpful if you already know what you are doing …

> 
> "If your quotas are out of sync, you can use doveadm quota recalc
> command to recalculate them. “


I agree that this might happen. We must remember that the wiki is written 
mostly by 
people that have been working with dovecot for many years. I think you referred 
to
this page: https://wiki2.dovecot.org/Quota so I fixed the syntax. The correct 
syntax
was in the https://wiki2.dovecot.org/Tools/Doveadm/Quota page already.

> I assumed it would recalculate all users' quotas ... using the -u
> argument with an account actually does seem to work, at least I do not
> get any errors. Also, the get command seems to be accurate from what I
> can tell. Further tests show that the system already checks the quota
> correctly ... and hard-rejects any mails to users with full quota ...
> 
> So with that part already working, I have new problems to solve:
> 
> * how do I keep mails from being rejected and kept in the local
> mailqueue instead? (which is the old system's behavior)?


you can change this setting:

plugin {
  quota_status_overquota = "552 5.2.2 Mailbox is full”
}

to give 4xx SMTP error code instead to force the MTA to retry for up to 48 
hours as mandated
by the RFC.

> * what's the best (or simplest or recommended) way of setting up
> per-user-quotas in this setup?

you can also return quota_rules from usertb. The simplest way depends on what 
kind
if userdb setup you have. 

> * how can I get  an overview/list of all users and their quota usage? (I
> guess I just solved that - "doveadm quota get -A" seems to work)

User iteration must work in order for that command to work. Making user 
iteration to work
once again depends on what kind of userdb/passdb setup you have.

Sami

Re: Quota - frustrated trying to configure ...

[Tony]

1. how do I keep mails from being rejected and kept in the local
mailqueue instead? (which is the old system's behavior)?

* You can set a quota grace to basically have a soft-limit - allowing the user 
to go slightly above their allocated quota.

2. what's the best (or simplest or recommended) way of setting up
per-user-quotas in this setup?

* I'm not sure if this is considered the "simplest", but like you I am also 
using LDAP auth. With this setup, I have LDAP manage per-user quotas. The 
primary mail schema I use is equipped with a mailQuota attribute. I have this 
quota attribute set as part of user_attrs in dovecot-ldap.conf.ext. For 
example, per user quotas in LDAP:

user_attrs = ,mailQuota=quota_rule=*:bytes=%$

3. how can I get  an overview/list of all users and their quota usage? (I
guess I just solved that - "doveadm quota get -A" seems to work)

* It helps to set up aliases unless you don't mind typing a lot. To get an 
overview/list of all users and their quota usage I have a couple quota aliases 
defined:

alias quotaa='doveadm quota get -A | sort -h '
$ quotaa

alias quota='doveadm quota get -u $1 '
$ quota 

IMHO the official Dovecot docs are great, but I also battled with quotas for a 
short duration, so hopefully this will help a bit more.


Cheers,
TC

On 9/25/17 11:51 AM, Garry Glendown wrote:
>
> On 25.09.2017 20:28, Sami Ketola wrote:
>>> On 25 Sep 2017, at 21.19, Garry Glendown  wrote:
>>>
>>> doveadm(root): Error: chdir(/root/) failed: Permission denied
>>> (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned
>>> by 0:0 mode=0700)
>>> doveadm(root): Error: chdir(/root) failed: Permission denied
>>>
>>> It looks like dovecot doesn't actually attempt to look at the central
>>> maildir, but instead seems to attempt to enter the current user's
>>> homedir (which, in this case, is root).
>>
>> what was the command line you used to test this? As this looks a lot like you
>> just tried to check root users quota.
> Actually no, I tried "doveadm quote recalc" without any parameters ... I
> found the command in the wiki, which - as with most other information -
> might be helpful if you already know what you are doing ...
>
> "If your quotas are out of sync, you can use doveadm quota recalc
> command to recalculate them. "
>
> I assumed it would recalculate all users' quotas ... using the -u
> argument with an account actually does seem to work, at least I do not
> get any errors. Also, the get command seems to be accurate from what I
> can tell. Further tests show that the system already checks the quota
> correctly ... and hard-rejects any mails to users with full quota ...
>
> So with that part already working, I have new problems to solve:
>
> * how do I keep mails from being rejected and kept in the local
> mailqueue instead? (which is the old system's behavior)?
> * what's the best (or simplest or recommended) way of setting up
> per-user-quotas in this setup?
> * how can I get  an overview/list of all users and their quota usage? (I
> guess I just solved that - "doveadm quota get -A" seems to work)
>
> thanks, -garry




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Quota - frustrated trying to configure ...

[Garry Glendown]

On 25.09.2017 20:28, Sami Ketola wrote:
>> On 25 Sep 2017, at 21.19, Garry Glendown  wrote:
>>
>> doveadm(root): Error: chdir(/root/) failed: Permission denied
>> (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned
>> by 0:0 mode=0700)
>> doveadm(root): Error: chdir(/root) failed: Permission denied
>>
>> It looks like dovecot doesn't actually attempt to look at the central
>> maildir, but instead seems to attempt to enter the current user's
>> homedir (which, in this case, is root).
>
>
> what was the command line you used to test this? As this looks a lot like you
> just tried to check root users quota.
Actually no, I tried "doveadm quote recalc" without any parameters ... I
found the command in the wiki, which - as with most other information -
might be helpful if you already know what you are doing ...

"If your quotas are out of sync, you can use doveadm quota recalc
command to recalculate them. "

I assumed it would recalculate all users' quotas ... using the -u
argument with an account actually does seem to work, at least I do not
get any errors. Also, the get command seems to be accurate from what I
can tell. Further tests show that the system already checks the quota
correctly ... and hard-rejects any mails to users with full quota ...

So with that part already working, I have new problems to solve:

* how do I keep mails from being rejected and kept in the local
mailqueue instead? (which is the old system's behavior)?
* what's the best (or simplest or recommended) way of setting up
per-user-quotas in this setup?
* how can I get  an overview/list of all users and their quota usage? (I
guess I just solved that - "doveadm quota get -A" seems to work)

thanks, -garry

Re: Quota - frustrated trying to configure ...

[Sami Ketola]

> On 25 Sep 2017, at 21.19, Garry Glendown  wrote:
> 
> doveadm(root): Error: chdir(/root/) failed: Permission denied
> (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned
> by 0:0 mode=0700)
> doveadm(root): Error: chdir(/root) failed: Permission denied
> 
> It looks like dovecot doesn't actually attempt to look at the central
> maildir, but instead seems to attempt to enter the current user's
> homedir (which, in this case, is root).



what was the command line you used to test this? As this looks a lot like you
just tried to check root users quota.

try: doveadm quota get -u 

and try if ‘doveadm user ’ returns any quota rules.

Sami

Quota - frustrated trying to configure ...

[Garry Glendown]

Hi,

after fighting Dovecot almost every step of the way, I have finally
gotten most of the functions configured on a customer box (used Cyrus on
a previous install, but it was dropped from SLES 12 ...)

The mail server setup uses LDAP for user authentication, has a central
maildir tree (.../dovecot/maildir//...) that is used for all
users' mail, sieve is also running well. The users themselves are just
virtual users, they do not have a local home directory or anything.

I was now trying to get Quota to work ... Looking at the Wiki more or
less showed the same "spotty" results of the rest of the Wiki. Fine for
anybody that needs the documentation just as a reference, but somewhat
lacking for someone that does not have experience in setting up Dovecot.
I tried following the wiki, as well as checking on other web pages I
came across.

In order to keep the setup simple, and not have to jump through hoops to
set up any SQL backup etc., I tried using a file-based storage of the
quota entries, as in:

dict {
    quota = file:/data/dovecot/db/quota.db
}

I also added quota entries in the other places I believe are necessary,
and set up a rule like this:

plugin {
  quota_rule = *:storage=1G
  quota_rule2 = Trash:storage=+100M
}

I got through dovecot restart without errors, and IMAP still answers.
But attempting to do a recalculation of the current quota usage ends up
with this error:

doveadm(root): Error: chdir(/root/) failed: Permission denied
(euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned
by 0:0 mode=0700)
doveadm(root): Error: chdir(/root) failed: Permission denied

It looks like dovecot doesn't actually attempt to look at the central
maildir, but instead seems to attempt to enter the current user's
homedir (which, in this case, is root).

What am I (possibly) missing here? Is this way of setting it up even
viable? While I need a general per-user-quota, I also need the ability
to overwrite each user's default quota ... is there any recommendable
more detailed documentation on how to set up quota?

Thanks, -garry