On 2018-02-26 16:28, SAAHIL IFTEKHAR wrote:
Hi
I have implemented Quota status to postfix in our setup. I have an imap server (dovecot) and mail server (postfix) in every node. I am able to send quota status to postfix and mails are rejected after 100% mail quota is crossed. This rejection is happening both in across the nodes and within the nodes.
The problem is if I am sending mails to any node and if any other node's dovecot is down, mails are not going. For example, I am sending an email within the system but if some other node's dovecot is down then email within the system also will not go.
My dovecot version is 2.2.10. My postfix version is 2.1.10.
doveconf -n output is below:-
[snap]
Here "service quota status" is the concerned section in conf file.
Postfix configuration is below:- smtpd_relay_restrictions = check_policy_service inet:201.123.80.9:54317 check_policy_service inet:201.123.80.23:54317
virtual_transport=lmtp:unix:private/dovecot-lmtp
Here, I am querying both two nodes. 201.123.80.9 is the other node. 201.123.80.23 is the node within which, email is sent.
logs while sending mail is below:-
[snap]
I am understanding what the logs are trying to say. But I am not able to resolve the issue even after searching solution on internet and trying different hit and trials by myself. I want that if i am sending email to any node or within node, the configuration relating to "check _policy_service" for other node does not interfere and mail goes properly. At the same time I can also fetch quota status from other nodes.
If I can get any help regarding this it will be really appreciable as I have tried a lot of options already.
Your problem is that if the dovecot is unreachable Postfix can't check the quota for the user.
http://www.postfix.org/SMTPD_POLICY_README.html explains how to resolve this problem: smtpd_policy_service_default_action (default: 451 4.3.5 Server configuration problem): The default action when an SMTPD policy service request fails. Available with Postfix 3.0 and later.
The default action when an SMTPD policy service request fails. Specify "DUNNO" to behave as if the failed SMTPD policy service request was not sent, and to continue processing other access restrictions, if any. You can configure it per policy also.
The issue you might encounter with this setup is that if both of your dovecot nodes are unreachable Postfix will accept the e-mail and try to deliver it. When the nodes come online it will fail if the user is over quota and generate bounce to the envelope sender of the message, which might produce backscatter.
I resolved this problem by keeping quota information in Mysql table and using custom policy server to check if user is allowed to receive more e-mail.
Also this approach might not work with aliases and other redirections, the e-mail address checked by smtpd policy is the one before alias expansion. You should check if it suits your environment.
Best, Karol
-- Karol Augustin karol@augustin.pl http://karolaugustin.pl/ +353 85 775 5312