Good morning list,
first of all: dovecot works really great, the performance is overwhelming (especially compared to courier), the configuration flexible as hell, it is good documented - I love this software.
But as things get complicated, I think I need some additional help.
I'm using dovecot to replace the currently used courier-mailserver in a shared hosting environment based on the control panel Confixx.
Confixx uses per default filesystem-users, giving each mailuser a filesystem-quota, mails are stored in ~/Maildir/. The imap-logins are all in the form of "webxpy", being "webx" the customer (prefix 'web', and a increasing number), and "py" the number of the pop account. Because of the filesystem-quota we moved the indexes to another partition.
This basic setup with dovecot works great, with auth directly against the confixx-database etc, imap_quota-plugin, quota-plugin working as expected.
We now want to implement shared folders for each customer: all mailaccounts of a customer should be able to subscribe to per-customer shared folders in a specified maildir, thus I re-mapped the usernames with a new user_query (and password_query) to the format of "webxpy@webx" - being "webx" the virtual domain and "webxpy" the mailaccount, but still using "webxpy" as the imap-login (no need for customers to change the login).
This also works, we even can control with ACL-vfiles the permissions of specified users, to enable or disable specific folders.
The shared folders are specified as a new public namespace and the "domain" is part of the storage-path (see configuration at the end of this mail).
To allow easier quota-management (no need to create a new system-user), the quota of the shared folders is maildir-based, with a mysql-quota-dictionary (later, all accounts will be migrated to a virtual-user-mailstorage, with only maildir-quota and no fs-quotas).
But when things come to the shared quota, I currently don't know how to solve the wishes of the customer:
The current solution for shared folders (at the customer's local site) is based on mdaemon, every shared folder (of a customer, not a single mail-account) has a quota assigned. This quota cannot be exceeded by the users, no more mails can be saved into the shared folders if used space exceeds the hard quota-value.
As my tests have shown, dovecot uses a different approach to the quota-issue: users can always move their mails from local folders to the shared namespace, regardless of the shared quota. The quota itself is only checked when receiving new mails, where the combined quota (local + shared) may not be exceeded. If it is, the mail is not delivered to the mailbox.
Our quota-config is this:
quota_rule: *:storage=50M:messages=1000 quota_rule2: Trash:storage=50M:messages=100 quota_rule3: shared*:storage=100M:messages=1000
(also being altered by user_query, but the scheme is the same)
As of dovecot-wiki, this means:
Users can save "50M + 50M + 100M" of mails in all specified Folders, so the storage-value for the "shared*"-folders works additionally to the "*"-storage-value.
Different from this, we want the following to happen:
If the customer exceeds the shared folders-quota, his mail-users may not move mails from INBOX to shared, this move-operation should fail with a reasonable error-message.
If the local quota of a mail user is exceeded, new mails should be rejected/delayed, regardless of the shared quota-value (e.g., shared quota exceeded, but no local mails [new mail-account], mails should be delivered to INBOX).
Sieve-filters are not a problem, we do not allow user-specific sieve-rules (managesieve is disabled).
Hopefully, I could explain my issues to you.
Our current dovecot-configuration is attached to this mail, any help would be gladly appreciated.
If additional configuration-values/information is needed, I'll happily provide them, if possible.
best regards,
Anton Dollmaier
# 1.1.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.26-1-686 i686 Debian 5.0.1 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3s pop3 listen: *, [::] ssl_cert_file: /etc/dovecot/dovecot.pem ssl_key_file: /etc/dovecot/dovecot.pem disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_max_userip_connections(default): 25 mail_max_userip_connections(imap): 25 mail_max_userip_connections(pop3): 10 first_valid_uid: 249 mail_access_groups: poponly mail_privileged_group: poponly mail_location: maildir:~/Maildir:INDEX=~/index:CONTROL=~/control mail_debug: yes mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota acl mail_plugins(imap): quota imap_quota acl mail_plugins(pop3): quota acl mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): netscape-eoh imap_client_workarounds(imap): netscape-eoh imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh namespace: type: private separator: . inbox: yes list: yes subscriptions: yes namespace: type: private prefix: INBOX. hidden: yes subscriptions: yes namespace: type: public separator: . prefix: shared. location: maildir:/var/mail/shared/%d/:INDEX=~/shared list: yes auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 432 user: vmail group: vmail plugin: quota: dict:::proxy::quotadict quota2: dict::%d:proxy::quota2dict quota_rule: *:storage=50M:messages=1000 quota_rule2: Trash:storage=50M:messages=100 quota_rule3: shared*:storage=100M:messages=1000 acl: vfile expire: Trash 7 Spam 30 expire_dict: proxy::expire dict: quotadict: mysql:/etc/dovecot/dovecot-dict-quota.conf quota2dict: mysql:/etc/dovecot/dovecot-dict-quota2.conf
(the two quota-dicts could probably be merged into one)
/etc/dovecot/dovecot-sql.conf:
driver = mysql connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd default_pass_scheme = CRYPT password_query = SELECT CONCAT(account, '@', kunde) as user, longpw as password FROM pop3 WHERE (account='%u' and gesperrt='0' user_query = SELECT CONCAT('/var/mail/vmail/', p.kunde, '/', p.account,'/') as home, 249 as uid, 249 as gid, CONCAT('*:storage=', p.maxkbhard) AS quota_rule, CONCAT('shared.*:storage=', k.shared_maxkb) as quota2_rule FROM pop3 AS p, kunden AS k WHERE k.kunde = p.kunde AND CONCAT(p.account, '@', p.kunde) = '%u'
(quota-values in kilobytes)
/etc/dovecot/dovecot-dict-quota.conf:
connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd table = dovecot_quota select_field = current where_field = path username_field = username
/etc/dovecot/dovecot-dict-quota2.conf:
connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd table = dovecot_quota_shared select_field = current where_field = path username_field = username
(tables are exactly as specified in dovecot-wiki)