On 7/29/2021 2:15 PM, dovecot@ptld.com wrote:
Plus Dovecot complains that the policy service is only supposed to be used in the RCPT stage. So clearly this is a bad approach.
I want to explore this more. I tried it and also see:
dovecot[1096]: quota-status(26164): Warning: Received policy query from MTA in unexpected state END-OF-MESSAGE (service can only be used for recipient restrictions)
Why? Why does dovecot even care? Quota plugin is sent a user and a size, it looks up quota for that user and computes if size will put the user over limit and returns an answer. Why does dovecot care or even know at what stage this is done? Why is it bad to check quota after getting the real size? Seems like its designed to allow spoofing from an evil mail client.
What is the harm being done that causes this log warning? What is the harm in ignoring the warning?
With multi-recipient mail, the recipient attribute is undefined at end-of-data.
So you have to pick your poison - during recipient restrictions the size may not be known or may not be accurate, at end-of-data the recipient may not be known *and* it's too late to reject a single recipient on a multi-recipient mail.
The only solution is to reject all mail for an over-quota recipient during recipient restrictions, and if the mail passes that stage, deliver it anyway even if it makes the user go over quota.
-- Noel Jones