[Oops. Sorry for the delay.]
On Sun, 11 Nov 2007, Matt wrote:
I think I'd avoid actually disabling the account through the MTA, especially if it's for security considerations and your accounts have shell access. But it wouldn't be that hard:
My actual goal is to reduce load on the server. These are simply email users and have no shell or any other access. If there not using the account I do not want Exim wasting resources virus scanning, spam scanning(spamd) and storing messages for them.
I want to add all email users that have not checked email through pop3 or imap in ~6 months to /etc/virtual/suspended_email. Exim will reject messages to these accounts with error message: "Account suspended due to inactivity". I do not want to suspend pop3 or imap access in fact if they start using the account again I want to automatically re-enable. Likely will run a script in cron.daily to check all this.
I think that better explains what I am after.
Yes. And it all sounds pretty reasonable.
I guess the issues I still think are important:
- You shouldn't use dovecot.index as your marker file.
As mentioned before, dovecot's deliver _might_ update it, and special-casing its existence might be annoying. Plus, its location is harder to determine than either the user's home or some chosen central directory.
e.g. Running env | sort > $HOME/.dovecot-env in the login script, the only place I see mention of an index file is: MAIL=maildir:/home/bhaskell/Maildir:INBOX=/var/mail/.bhaskell:INDEX=/var/mail/.bhaskell/dovecot
And even after IMAP'ing in and FETCHing some message headers, there's no dovecot.index in /var/mail/.bhaskell/dovecot.
[ed. I think it was a problem with permissions actually. I change my config quite a bit to test various dovecot settings. Even so, the problem remains. dovecot.index's location can even vary by namespace.]
- I would use a centralized directory.
I've written cron jobs in the past to do stuff with files in home directories. e.g.
getent passwd | cut -d: -f6 | sort | uniq |
xargs -iI find I -maxdepth 1 -name [...etc.]
The alternative is much simpler:
cd /var/lastlogins for l in * do [...etc.]
- I would use the login script to inform users that they'd been disabled.
If they're logging in through IMAP, you can [ALERT] them to the fact, so they don't wonder about a gap in mail delivery.
Best, Ben