On 2013-05-04, Robert Schetterer wrote:
Am 03.05.2013 23:34, schrieb Daniel Luttermann:
Zum Einsatz kommt aktuell Postfix 2.10.0 und Dovecot 2.2.1.
Die Dovecot Quota Konfiguration sieht so aus, wie bei sys4 beschrieben:
service quota-status { executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } client_limit = 1 }
Mittlerweile habe ich schon einige Optionen und Berechtigungen ausprobiert, aber der Fehler bleibt leider der gleiche.
Hat vielleicht jemand noch einen Tip?
Danke schon mal.
besser hier nicht in deutsch....
sorry - I wanted to ask on the german Dovecot mailing list but sent this mail to the english list.
du solltest nur Dovecot 2.2.1 verwenden der quota code in 2.1 ist "nicht voellig vollstaendig" das setup sieht auf den ersten Blick ok aus
Current I'm using Dovecot 2.2.1 and Postfix 2.10.0.
hast du es schon mal alternativ exakt wie beschrieben in http://sys4.de/de/blog/2013/04/05/dovecot-quota-mit-postfix-abfragen/ vor allem
quota_grace = 10%% quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full / Mailbox ist voll"
etc nicht vergessen
getestet ?
yes, I've tried this (see doveconf/postconf below).
alternativ versuch mal mode = 0666 fuer mich sieht es wie ein permission Problem aus, das könnte unterschiedlich sein je nach setup, user / group postfix muessen existieren usw
When I use
service config { unix_listener config { group = mode = 0666 user = } }
then the error "permission denied" doesn't occur anymore but the error
warning: access table unix:private/quota-status entry has empty value
is the same. The verbose logging shows this:
===== May 4 14:01:52 mail dovecot: quota-status(daniel@dlutt.de): Debug: acl vfile: Global ACL directory: /etc/dovecot/global-acls May 4 14:01:52 mail dovecot: quota-status(daniel@dlutt.de): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=mdbox:%h/sdbox May 4 14:01:52 mail dovecot: quota-status(daniel@dlutt.de): Debug: shared: root=/usr/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= May 4 14:01:52 mail dovecot: quota-status(daniel@dlutt.de): Debug: acl: initializing backend with data: vfile:/etc/dovecot/global-acls:cache_secs=300 May 4 14:01:52 mail dovecot: quota-status(daniel@dlutt.de): Debug: acl: acl username = daniel@dlutt.de May 4 14:01:52 mail dovecot: quota-status(daniel@dlutt.de): Debug: acl: owner = 0 May 4 14:01:52 mail dovecot: quota-status(daniel@dlutt.de): Debug: acl vfile: Global ACL directory: /etc/dovecot/global-acls May 4 14:01:52 mail postfix/smtpd[26993]: private/quota-status: wanted attribute: action May 4 14:01:52 mail postfix/smtpd[26993]: input attribute name: action May 4 14:01:52 mail postfix/smtpd[26993]: input attribute value: (end) May 4 14:01:52 mail postfix/smtpd[26993]: private/quota-status: wanted attribute: (list terminator) May 4 14:01:52 mail postfix/smtpd[26993]: input attribute name: (end) May 4 14:01:52 mail postfix/smtpd[26993]: check_table_result: unix:private/quota-status policy query May 4 14:01:52 mail postfix/smtpd[26993]: warning: access table unix:private/quota-status entry has empty value May 4 14:01:52 mail postfix/smtpd[26993]: generic_checks: name=check_policy_service status=1 May 4 14:01:52 mail postfix/smtpd[26993]: >>> END Recipient address RESTRICTIONS <<< May 4 14:01:52 mail postfix/smtpd[26993]: >>> CHECKING RECIPIENT MAPS <<< May 4 14:01:52 mail postfix/smtpd[26993]: ctable_locate: move existing entry key daniel@dlutt.de .... .... May 4 14:01:53 mail dovecot: lmtp(27012): Debug: auth input: daniel@dlutt.de home=/home/vmail/dlutt.de/daniel uid=5000 gid=5000 quota_rule=*:bytes=900000000 May 4 14:01:53 mail dovecot: lmtp(27012): Debug: Added userdb setting: plugin/quota_rule=*:bytes=900000000 May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: Effective uid=5000, gid=5000, home=/home/vmail/dlutt.de/daniel May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: Quota root: name=User quota backend=dict args=:proxy::quota May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: Quota rule: root=User quota mailbox=* bytes=900000000 messages=0 May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: Quota rule: root=User quota mailbox=Trash bytes=+104857600 messages=0 May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: Quota warning: bytes=855000000 (95%) messages=0 reverse=no command=quota-warning 95 daniel@dlutt.de May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: Quota warning: bytes=720000000 (80%) messages=0 reverse=no command=quota-warning 80 daniel@dlutt.de May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: Quota grace: root=User quota bytes=90000000 (10%) May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: dict quota: user=daniel@dlutt.de, uri=proxy::quota, noenforcing=0 May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: fs: root=/home/vmail/dlutt.de/daniel/mdbox, index=, indexpvt=, control=, inbox=, alt= May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: acl: initializing backend with data: vfile:/etc/dovecot/global-acls:cache_secs=300 May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: acl: acl username = daniel@dlutt.de May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: acl: owner = 1 May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: acl vfile: Global ACL directory: /etc/dovecot/global-acls May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: Namespace : type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children, subscriptions=no location=mdbox:%h/sdbox May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: shared: root=/usr/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt= May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: acl: initializing backend with data: vfile:/etc/dovecot/global-acls:cache_secs=300 May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: acl: acl username = daniel@dlutt.de May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: acl: owner = 0 May 4 14:01:53 mail dovecot: lmtp(27012, daniel@dlutt.de): Debug: acl vfile: Global ACL directory: /etc/dovecot/global-acls
When I use the Dovecot default for the service "config" which is root:root, then I get this error (permission denied):
May 4 14:46:51 mail postfix/postscreen[29225]: CONNECT from [2607:f8b0:4001:c02::229]:41474 to [2a00:1828:2000:206::2]:25 May 4 14:46:57 mail postfix/postscreen[29225]: PASS NEW [2607:f8b0:4001:c02::229]:41474 May 4 14:46:57 mail postfix/smtpd[29240]: connect from mail-ia0-x229.google.com[2607:f8b0:4001:c02::229] May 4 14:46:58 mail postfix/smtpd[29240]: NOQUEUE: reject: RCPT from mail-ia0-x229.google.com[2607:f8b0:4001:c02::229]: 450 4.7.1 <daniel@dlutt.de>: Recipient address rejected: Internal error occurred. Refer to server log for more information.; from=<free4cd@googlemail.com> to=<daniel@dlutt.de> proto=ESMTP helo=<mail-ia0-x229.google.com> May 4 14:46:58 mail dovecot: quota-status(daniel@dlutt.de): Error: user daniel@dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied May 4 14:46:58 mail postfix/smtpd[29240]: disconnect from mail-ia0-x229.google.com[2607:f8b0:4001:c02::229]
My Dovecot and Postfix config:
doveconf -n
# 2.2.1: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 dict { acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } hostname = mail.dlutt.de listen = 217.11.53.7 mail_debug = yes mail_location = mdbox:~/mdbox mail_plugins = acl quota expire mail_privileged_group = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = mdbox:%%h/sdbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / subscriptions = yes type = private } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = proxy::acl expire = Trash expire2 = Junk expire_dict = proxy::expire mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size quota = dict:User quota::proxy::quota quota_grace = 10%% quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Recipient mailbox is is full quota_status_success = DUNNO quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } postmaster_address = postmaster@dlutt.de protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service dict { unix_listener dict { group = vmail mode = 0600 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { address = 127.0.0.1 port = 4190 } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } user = vmail } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.key userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = acl quota expire sieve } protocol imap { mail_plugins = acl quota expire imap_acl imap_quota }
postconf -n
address_verify_map = memcache:/etc/postfix/verify-memcache.cf address_verify_negative_expire_time = 3d address_verify_negative_refresh_time = 3h address_verify_positive_expire_time = 31d address_verify_positive_refresh_time = 7d alias_maps = hash:/etc/aliases body_checks = pcre:/etc/postfix/body_checks bounce_queue_lifetime = 1d command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix disable_vrfy_command = yes header_checks = pcre:/etc/postfix/header_checks html_directory = no mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man maximal_queue_lifetime = 1d mydestination = $myhostname, localhost.$mydomain, localhost mydomain = dlutt.de myhostname = mail.dlutt.de mynetworks_style = host myorigin = $myhostname newaliases_path = /usr/bin/newaliases postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr postscreen_blacklist_action = enforce postscreen_cache_map = memcache:/etc/postfix/memcache-postscreen.cf postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = zen.spamhaus.org, ix.dnsbl.manitu.net proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps proxy:btree:/var/lib/postfix/postscreen_cache_map proxy:btree:/var/lib/postfix/verify_cache_map proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map proxy:btree:/var/lib/postfix/postscreen_cache_map proxy:btree:/var/lib/postfix/verify_cache_map queue_directory = /var/spool/postfix readme_directory = no recipient_delimiter = + relay_domains = hash:/etc/postfix/relay_domains sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop show_user_unknown_table_name = no smtp_bind_address = 217.11.53.6 smtp_bind_address6 = 2a00:1828:2000:206::2 smtpd_discard_ehlo_keywords = silent-discard, dsn smtpd_helo_required = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_maps smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem smtpd_tls_key_file = /etc/ssl/private/postfix.key smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache strict_rfc821_envelopes = yes transport_maps = hash:/etc/postfix/transport_maps unverified_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps
master.cf
217.11.53.6:25 pass - - n - - smtpd -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_non_fqdn_sender,reject_unknown_recipient_domain,reject_unknown_sender_domain,permit_mynetworks,reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname,reject_unverified_recipient,check_policy_service,unix:private/quota-status -o smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination -o content_filter=klms_postfix-afterqueue:127.0.0.1:10025 -o receive_override_options=no_address_mappings
[2a00:1828:2000:206::2]:25 pass - - n - - smtpd -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_non_fqdn_sender,reject_unknown_recipient_domain,reject_unknown_sender_domain,permit_mynetworks,reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname,reject_unverified_recipient,check_policy_service,unix:private/quota-status -o smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination -o content_filter=klms_postfix-afterqueue:127.0.0.1:10025 -o receive_override_options=no_address_mappings
-- Daniel