Hi
I have implemented Quota status to postfix in our setup. I have an imap
server (dovecot) and mail server (postfix) in every node. I am able to send
quota status to postfix and mails are rejected after 100% mail quota is
crossed. This rejection is happening both in across the nodes and within
the nodes.
The problem is if I am sending mails to any node and if any other node's
dovecot is down, mails are not going. For example, I am sending an email
within the system but if some other node's dovecot is down then email
within the system also will not go.
My dovecot version is 2.2.10.
My postfix version is 2.1.10.
*doveconf -n output is below:-*
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-514.el7.x86_64 x86_64 Red Hat Enterprise Linux Server
release 7.3 (Maipo) xfs
auth_debug = yes
base_dir = /var/run/dovecot/
first_valid_gid = 5000
first_valid_uid = 5000
hostname = CmdHQ
login_greeting = ^^^^^^^^^^Dovecot ready^^^^^^^^^^
mail_debug = yes
mail_gid = 6000
mail_location = Maildir:/var/mail/vmail/tcs.mil.in/%n
mail_plugins = " quota"
mail_uid = 6000
mbox_write_locks = fcntl
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
quota = maildir:User quota
quota_rule = *:storage=8KB
quota_rule2 = *:messages=12B
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is over quota / mailbox is full
quota_status_success = DUNNO
quota_warning = storage=80%% quota-warning 80 %u
}
postmaster_address = postmaster(a)tcs.mil.in
service auth {
unix_listener auth-userdb {
mode = 0600
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 54317
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
group = postfix
mode = 0666
user = postfix
}
user = postfix
}
ssl = required
ssl_ca = </etc/dovecot/certs/cacert.pem
ssl_cert = </etc/dovecot/certs/1CorpHQ_IMAP_Admin(a)tcs.mil.in.pem
ssl_key = </etc/dovecot/certs/1CorpHQ_IMAP_Admin(a)tcs.mil.in.key
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
verbose_ssl = yes
protocol lmtp {
info_log_path = /var/log/dovecot-lmtp.log
mail_plugins = " quota"
}
protocol lda {
info_log_path = /var/log/dovecot-lda.log
log_path = /var/log/dovecot-lda-errors.log
mail_plugins = " quota"
}
protocol imap {
mail_plugins = " quota"
}
Here "service quota status" is the concerned section in conf file.
________________________________________________________________________________________________________
*Postfix configuration is below:- *
smtpd_relay_restrictions =
check_policy_service inet:201.123.80.9:54317
check_policy_service inet:201.123.80.23:54317
virtual_transport=lmtp:unix:private/dovecot-lmtp
Here, I am querying both two nodes. 201.123.80.9 is the other node.
201.123.80.23 is the node within which, email is sent.
___________________________________________________________________________________________________________
*logs while sending mail is below:-F*eb 22 12:43:24 1CorpHQ
postfix/proxymap[7327]: In dict_changed_name
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: initializing the server-side
TLS engine
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: In dict_changed_name
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 1CorpHQ: no
match
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 201.123.80.23:
no match
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 1CorpHQ: no
match
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 201.123.80.23:
no match
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 220
1CorpHQserver.tcs.mil.in ESMTP Postfix
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text EHLO 1CorpHQ
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 1CorpHQ: no
match
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 201.123.80.23:
no match
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text
250-1CorpHQserver.tcs.mil.in
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-PIPELINING
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-SIZE 10240000
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-VRFY
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-ETRN
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-STARTTLS
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-ENHANCEDSTATUSCODES
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-8BITMIME
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250 DSN
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text STARTTLS
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 220 2.0.0 Ready to start
TLS
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: setting up TLS connection from
1CorpHQ[201.123.80.23]
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: 1CorpHQ[201.123.80.23]: TLS
cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:before/accept
initialization
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 read client
hello A
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write server
hello A
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write
certificate A
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write key
exchange A
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write server
done A
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 flush data
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 read client
key exchange A
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 read finished
A
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write change
cipher spec A
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write
finished A
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 flush data
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: Anonymous TLS connection
established from 1corphq[201.123.80.23]: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text EHLO 1CorpHQ
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 1CorpHQ: no
match
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 201.123.80.23:
no match
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text
250-1CorpHQserver.tcs.mil.in
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-PIPELINING
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-SIZE 10240000
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-VRFY
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-ETRN
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-ENHANCEDSTATUSCODES
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-8BITMIME
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250 DSN
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text MAIL FROM:<
Cdr.1CorpHQ(a)tcs.mil.in>
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match:
transport_maps: no match
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match:
transport_maps: no match
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: In dict_changed_name
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match:
tcs.mil.in: no match
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match:
tcs.mil.in: no match
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match:
tcs.mil.in: no match
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match:
tcs.mil.in: no match
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: In valid verify sender addr
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250 2.1.0 Ok
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text RCPT TO:<
CO.1CorpHQ(a)tcs.mil.in>
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match:
tcs.mil.in: no match
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match:
tcs.mil.in: no match
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match:
tcs.mil.in: no match
Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match:
tcs.mil.in: no match
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: In valid verify sender addr
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match:
permit_mynetworks: no match
Feb 22 12:43:24 1CorpHQ dovecot: quota-status: Debug: Loading modules from
directory: /usr/lib64/dovecot
Feb 22 12:43:24 1CorpHQ dovecot: quota-status: Debug: Module loaded:
/usr/lib64/dovecot/lib10_quota_plugin.so
Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libdriver_sqlite.so
Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: Loading modules from
directory: /usr/lib64/dovecot/auth
Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libauthdb_ldap.so
Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: Read auth token secret from
/var/run/dovecot//auth-token-secret.dat
Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: master in: USER#0111#
011CO.1CorpHQ(a)tcs.mil.in#011service=quota-status
Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: ldap(co.1corphq(a)tcs.mil.in):
user search: base=dc=tcs,dc=mil,dc=in scope=subtree
filter=(&(objectClass=person)(uid=co.1corphq))
fields=homeDirectory,uidNumber,gidNumber
Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: ldap(co.1corphq(a)tcs.mil.in):
no fields returned by the server
Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: ldap(co.1corphq(a)tcs.mil.in):
result: homeDirectory missing; uidNumber missing; gidNumber missing
Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: userdb out: USER#0111#
011co.1corphq(a)tcs.mil.in
Feb 22 12:43:24 1CorpHQ dovecot: quota-status: Debug: auth input:
co.1corphq(a)tcs.mil.in
Feb 22 12:43:24 1CorpHQ dovecot: quota-status: Debug: changed username to
co.1corphq(a)tcs.mil.in
Feb 22 12:43:24 1CorpHQ dovecot: quota-status: Debug: Added userdb setting:
plugin/=yes
Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq(a)tcs.mil.in):
Debug: Effective uid=6000, gid=6000, home=
Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq(a)tcs.mil.in):
Debug: Quota root: name=User quota backend=maildir args=
Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq(a)tcs.mil.in):
Debug: Quota rule: root=User quota mailbox=* bytes=8192 messages=0
Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq(a)tcs.mil.in):
Debug: Quota rule: root=User quota mailbox=* bytes=8192 messages=12
Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq(a)tcs.mil.in):
Debug: Quota warning: bytes=6553 (80%) messages=0 reverse=no
command=quota-warning 80 co.1corphq(a)tcs.mil.in
Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq(a)tcs.mil.in):
Debug: Quota grace: root=User quota bytes=819 (10%)
Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq(a)tcs.mil.in):
Debug: maildir++: root=/var/mail/vmail/tcs.mil.in/co.1corphq, index=,
indexpvt=, control=, inbox=/var/mail/vmail/tcs.mil.in/co.1corphq, alt=
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: warning: connect to
201.123.80.9:54317: Connection refused
Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: warning: problem talking to
server 201.123.80.9:54317: Connection refused
Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: warning: connect to
201.123.80.9:54317: Connection refused
Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: warning: problem talking to
server 201.123.80.9:54317: Connection refused
Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: NOQUEUE: reject: RCPT from
1CorpHQ[201.123.80.23]: 451 4.3.5 Server configuration problem; from=<
Cdr.1CorpHQ(a)tcs.mil.in> to=<CO.1CorpHQ(a)tcs.mil.in> proto=ESMTP
helo=<1CorpHQ>
Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: text 451 4.3.5 Server
configuration problem
Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: text RSET
Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: text 250 2.0.0 Ok
Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: lost connection after RSET
from 1CorpHQ[201.123.80.23]
I am understanding what the logs are trying to say. But I am not able to
resolve the issue even after searching solution on internet and trying
different hit and trials by myself. I want that if i am sending email to
any node or within node, the configuration relating to "check
_policy_service" for other node does not interfere and mail goes properly.
At the same time I can also fetch quota status from other nodes.
If I can get any help regarding this it will be really appreciable as I
have tried a lot of options already.
Regards