[Dovecot] Quota for Shared Folders

[Anton Dollmaier]

Good morning list,


first of all: dovecot works really great, the performance is 
overwhelming (especially compared to courier), the configuration 
flexible as hell, it is good documented - I love this software.


But as things get complicated, I think I need some additional help.


I'm using dovecot to replace the currently used courier-mailserver in a 
shared hosting environment based on the control panel Confixx.


Confixx uses per default filesystem-users, giving each mailuser a 
filesystem-quota, mails are stored in ~/Maildir/. The imap-logins are 
all in the form of "webxpy", being "webx" the customer (prefix 'web', 
and a increasing number), and "py" the number of the pop account. 
Because of the filesystem-quota we moved the indexes to another partition.

This basic setup with dovecot works great, with auth directly against 
the confixx-database etc, imap_quota-plugin, quota-plugin working as 
expected.


We now want to implement shared folders for each customer: all 
mailaccounts of a customer should be able to subscribe to per-customer 
shared folders in a specified maildir, thus I re-mapped the usernames 
with a new user_query (and password_query) to the format of 
"webxpy at webx" - being "webx" the virtual domain and "webxpy" the 
mailaccount, but still using "webxpy" as the imap-login (no need for 
customers to change the login).

This also works, we even can control with ACL-vfiles the permissions of 
specified users, to enable or disable specific folders.

The shared folders are specified as a new public namespace and the 
"domain" is part of the storage-path (see configuration at the end of 
this mail).

To allow easier quota-management (no need to create a new system-user), 
the quota of the shared folders is maildir-based, with a 
mysql-quota-dictionary (later, all accounts will be migrated to a 
virtual-user-mailstorage, with only maildir-quota and no fs-quotas).


But when things come to the shared quota, I currently don't know how to 
solve the wishes of the customer:

The current solution for shared folders (at the customer's local site) 
is based on mdaemon, every shared folder (of a customer, not a single 
mail-account) has a quota assigned. This quota cannot be exceeded by the 
users, no more mails can be saved into the shared folders if used space 
exceeds the hard quota-value.

As my tests have shown, dovecot uses a different approach to the 
quota-issue: users can always move their mails from local folders to the 
shared namespace, regardless of the shared quota. The quota itself is 
only checked when receiving new mails, where the combined quota (local + 
shared) may not be exceeded. If it is, the mail is not delivered to the 
mailbox.

Our quota-config is this:

>   quota_rule: *:storage=50M:messages=1000
>   quota_rule2: Trash:storage=50M:messages=100
>   quota_rule3: shared*:storage=100M:messages=1000

(also being altered by user_query, but the scheme is the same)

As of dovecot-wiki, this means:

Users can save "50M + 50M + 100M" of mails in all specified Folders, so 
the storage-value for the "shared*"-folders works additionally to the 
"*"-storage-value.



Different from this, we want the following to happen:

If the customer exceeds the shared folders-quota, his mail-users may not 
move mails from INBOX to shared, this move-operation should fail with a 
reasonable error-message.

If the local quota of a mail user is exceeded, new mails should be 
rejected/delayed, regardless of the shared quota-value (e.g., shared 
quota exceeded, but no local mails [new mail-account], mails should be 
delivered to INBOX).


Sieve-filters are not a problem, we do not allow user-specific 
sieve-rules (managesieve is disabled).



Hopefully, I could explain my issues to you.

Our current dovecot-configuration is attached to this mail, any help 
would be gladly appreciated.


If additional configuration-values/information is needed, I'll happily 
provide them, if possible.



best regards,

Anton Dollmaier


> # 1.1.13: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.26-1-686 i686 Debian 5.0.1 
> log_timestamp: %Y-%m-%d %H:%M:%S 
> protocols: imap imaps pop3s pop3
> listen: *, [::]
> ssl_cert_file: /etc/dovecot/dovecot.pem
> ssl_key_file: /etc/dovecot/dovecot.pem
> disable_plaintext_auth: no
> login_dir: /var/run/dovecot/login
> login_executable(default): /usr/lib/dovecot/imap-login
> login_executable(imap): /usr/lib/dovecot/imap-login
> login_executable(pop3): /usr/lib/dovecot/pop3-login
> mail_max_userip_connections(default): 25
> mail_max_userip_connections(imap): 25
> mail_max_userip_connections(pop3): 10
> first_valid_uid: 249
> mail_access_groups: poponly
> mail_privileged_group: poponly
> mail_location: maildir:~/Maildir:INDEX=~/index:CONTROL=~/control
> mail_debug: yes
> mail_executable(default): /usr/lib/dovecot/imap
> mail_executable(imap): /usr/lib/dovecot/imap
> mail_executable(pop3): /usr/lib/dovecot/pop3
> mail_plugins(default): quota imap_quota acl
> mail_plugins(imap): quota imap_quota acl
> mail_plugins(pop3): quota acl
> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
> imap_client_workarounds(default): netscape-eoh
> imap_client_workarounds(imap): netscape-eoh
> imap_client_workarounds(pop3): 
> pop3_client_workarounds(default): 
> pop3_client_workarounds(imap): 
> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
> namespace:
>   type: private
>   separator: .
>   inbox: yes
>   list: yes
>   subscriptions: yes
> namespace:
>   type: private
>   prefix: INBOX.
>   hidden: yes
>   subscriptions: yes
> namespace:
>   type: public
>   separator: .
>   prefix: shared.
>   location: maildir:/var/mail/shared/%d/:INDEX=~/shared
>   list: yes
> auth default:
>   verbose: yes
>   debug: yes
>   debug_passwords: yes
>   passdb:
>     driver: sql
>     args: /etc/dovecot/dovecot-sql.conf
>   userdb:
>     driver: sql
>     args: /etc/dovecot/dovecot-sql.conf
>   socket:
>     type: listen
>     client:
>       path: /var/spool/postfix/private/auth
>       mode: 432
>       user: postfix
>       group: postfix
>     master:
>       path: /var/run/dovecot/auth-master
>       mode: 432
>       user: vmail
>       group: vmail
> plugin:
>   quota: dict:::proxy::quotadict
>   quota2: dict::%d:proxy::quota2dict
>   quota_rule: *:storage=50M:messages=1000
>   quota_rule2: Trash:storage=50M:messages=100
>   quota_rule3: shared*:storage=100M:messages=1000
>   acl: vfile
>   expire: Trash 7 Spam 30
>   expire_dict: proxy::expire
> dict:
>   quotadict: mysql:/etc/dovecot/dovecot-dict-quota.conf
>   quota2dict: mysql:/etc/dovecot/dovecot-dict-quota2.conf

(the two quota-dicts could probably be merged into one)

/etc/dovecot/dovecot-sql.conf:

> driver = mysql
> connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd
> default_pass_scheme = CRYPT
> password_query = SELECT CONCAT(account, '@', kunde) as user, longpw as password FROM pop3 WHERE (account='%u' and gesperrt='0'
> user_query = SELECT CONCAT('/var/mail/vmail/', p.kunde, '/', p.account,'/') as home, 249 as uid, 249 as gid, CONCAT('*:storage=', p.maxkbhard) AS quota_rule, CONCAT('shared.*:storage=', k.shared_maxkb) as quota2_rule FROM pop3 AS p, kunden AS k WHERE k.kunde = p.kunde AND CONCAT(p.account, '@', p.kunde) = '%u'

(quota-values in kilobytes)


/etc/dovecot/dovecot-dict-quota.conf:

> connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd
> table = dovecot_quota
> select_field = current
> where_field = path
> username_field = username

/etc/dovecot/dovecot-dict-quota2.conf:

> connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd
> table = dovecot_quota_shared
> select_field = current
> where_field = path
> username_field = username

(tables are exactly as specified in dovecot-wiki)