[Dovecot] dovecot.index mtime

Benjamin R. Haskell dovecot at benizi.com
Wed Nov 14 22:39:08 EET 2007 

[Oops. Sorry for the delay.]

On Sun, 11 Nov 2007, Matt wrote:

>> I think I'd avoid actually disabling the account through the MTA,
>> especially if it's for security considerations and your accounts have
>> shell access. But it wouldn't be that hard:
>
> My actual goal is to reduce load on the server.  These are simply
> email users and have no shell or any other access.  If there not using
> the account I do not want Exim wasting resources virus scanning, spam
> scanning(spamd) and storing messages for them.
>
> I want to add all email users that have not checked email through pop3
> or imap in ~6 months to /etc/virtual/suspended_email.  Exim will
> reject messages to these accounts with error message: "Account
> suspended due to inactivity".  I do not want to suspend pop3 or imap
> access in fact if they start using the account again I want to
> automatically re-enable.  Likely will run a script in cron.daily to
> check all this.
>
> I think that better explains what I am after.

Yes. And it all sounds pretty reasonable.


I guess the issues I still think are important:


1. You shouldn't use dovecot.index as your marker file.

As mentioned before, dovecot's deliver _might_ update it, and 
special-casing its existence might be annoying. Plus, its location is 
harder to determine than either the user's home or some chosen central 
directory.

e.g. Running env | sort > $HOME/.dovecot-env in the login script, the only 
place I see mention of an index file is:
MAIL=maildir:/home/bhaskell/Maildir:INBOX=/var/mail/.bhaskell:INDEX=/var/mail/.bhaskell/dovecot

And even after IMAP'ing in and FETCHing some message headers, there's no 
dovecot.index in /var/mail/.bhaskell/dovecot.

[ed. I think it was a problem with permissions actually. I change my 
config quite a bit to test various dovecot settings. Even so, the problem 
remains. dovecot.index's location can even vary by namespace.]


2. I would use a centralized directory.

I've written cron jobs in the past to do stuff with files in home 
directories. e.g.

getent passwd | cut -d: -f6 | sort | uniq | \
xargs -iI find I -maxdepth 1 -name [...etc.]

The alternative is much simpler:

cd /var/lastlogins
for l in *
do [...etc.]


3. I would use the login script to inform users that they'd been disabled.

If they're logging in through IMAP, you can [ALERT] them to the fact, so 
they don't wonder about a gap in mail delivery.


Best,
Ben

More information about the dovecot mailing list