[Dovecot] Dovecot Postfix Quota Policy Service

[Ulrich Zehl]

I was able to replicate your problem with 2.1.16 rev 0fa68f3a8f6c (from
Stephan's auto-built packages).

I have the following configuration in 10-master.conf, and no special
configuration for the service in 90-quota.conf.

| service quota-status {
|   executable = quota-status -p postfix
|   inet_listener {
|     port = 12340
|   }
|   client_limit = 1
|   user = root
| }

When I first query the quota-status service, I get the correct response:

| $ printf "recipient=test at example.org\nsize=1234\n\n" | nc 127.0.0.1 12340
| action=OK
|

But on every subsequent try, I always receive a response like this:

| $ printf "recipient=test at example.org\nsize=1234\n\n" | nc 127.0.0.1 12340
| action=DEFER_IF_PERMIT Internal error occurred. Refer to server log for more information.
|

Where the server log only says

| May  7 11:59:45 minna dovecot: quota-status(test at example.org): Error: user test at example.org: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied

Looking at the quota-status process, I notice it is not running as root,
but rather as $mail_uid. It seems the service drops / changes its
privileges at some point, which would explains the permission error on
subsequent requests.

Setting service_count=1 for the service is not a viable workaround, as
Postfix sends all policy requests for one SMTP session via one TCP
connection.