Hi
I have implemented Quota status to postfix in our setup. I have an imap server (dovecot) and mail server (postfix) in every node. I am able to send quota status to postfix and mails are rejected after 100% mail quota is crossed. This rejection is happening both in across the nodes and within the nodes.
The problem is if I am sending mails to any node and if any other node's dovecot is down, mails are not going. For example, I am sending an email within the system but if some other node's dovecot is down then email within the system also will not go.
My dovecot version is 2.2.10. My postfix version is 2.1.10.
*doveconf -n output is below:-*
# 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 3.10.0-514.el7.x86_64 x86_64 Red Hat Enterprise Linux Server release 7.3 (Maipo) xfs auth_debug = yes base_dir = /var/run/dovecot/ first_valid_gid = 5000 first_valid_uid = 5000 hostname = CmdHQ login_greeting = ^^^^^^^^^^Dovecot ready^^^^^^^^^^ mail_debug = yes mail_gid = 6000 mail_location = Maildir:/var/mail/vmail/tcs.mil.in/%n mail_plugins = " quota" mail_uid = 6000 mbox_write_locks = fcntl passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { quota = maildir:User quota quota_rule = *:storage=8KB quota_rule2 = *:messages=12B quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is over quota / mailbox is full quota_status_success = DUNNO quota_warning = storage=80%% quota-warning 80 %u } postmaster_address = postmaster@tcs.mil.in service auth { unix_listener auth-userdb { mode = 0600 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 54317 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh unix_listener quota-warning { group = postfix mode = 0666 user = postfix } user = postfix } ssl = required ssl_ca = </etc/dovecot/certs/cacert.pem ssl_cert = </etc/dovecot/certs/1CorpHQ_IMAP_Admin@tcs.mil.in.pem ssl_key = </etc/dovecot/certs/1CorpHQ_IMAP_Admin@tcs.mil.in.key userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } verbose_ssl = yes protocol lmtp { info_log_path = /var/log/dovecot-lmtp.log mail_plugins = " quota" } protocol lda { info_log_path = /var/log/dovecot-lda.log log_path = /var/log/dovecot-lda-errors.log mail_plugins = " quota" } protocol imap { mail_plugins = " quota" }
Here "service quota status" is the concerned section in conf file.
*Postfix configuration is below:- *
smtpd_relay_restrictions = check_policy_service inet:201.123.80.9:54317 check_policy_service inet:201.123.80.23:54317
virtual_transport=lmtp:unix:private/dovecot-lmtp
Here, I am querying both two nodes. 201.123.80.9 is the other node. 201.123.80.23 is the node within which, email is sent.
*logs while sending mail is below:-F*eb 22 12:43:24 1CorpHQ postfix/proxymap[7327]: In dict_changed_name Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: initializing the server-side TLS engine Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: In dict_changed_name Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 1CorpHQ: no match Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 201.123.80.23: no match Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 1CorpHQ: no match Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 201.123.80.23: no match Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 220 1CorpHQserver.tcs.mil.in ESMTP Postfix Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text EHLO 1CorpHQ Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 1CorpHQ: no match Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 201.123.80.23: no match Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-1CorpHQserver.tcs.mil.in Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-PIPELINING Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-SIZE 10240000 Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-VRFY Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-ETRN Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-STARTTLS Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-ENHANCEDSTATUSCODES Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-8BITMIME Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250 DSN Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text STARTTLS Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 220 2.0.0 Ready to start TLS Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: setting up TLS connection from 1CorpHQ[201.123.80.23] Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: 1CorpHQ[201.123.80.23]: TLS cipher list "aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH" Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:before/accept initialization Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 read client hello A Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write server hello A Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write certificate A Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write key exchange A Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write server done A Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 flush data Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 read client key exchange A Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 read finished A Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write change cipher spec A Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 write finished A Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: SSL_accept:SSLv3 flush data Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: Anonymous TLS connection established from 1corphq[201.123.80.23]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text EHLO 1CorpHQ Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 1CorpHQ: no match Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: 201.123.80.23: no match Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-1CorpHQserver.tcs.mil.in Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-PIPELINING Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-SIZE 10240000 Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-VRFY Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-ETRN Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-ENHANCEDSTATUSCODES Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250-8BITMIME Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250 DSN Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text MAIL FROM:< Cdr.1CorpHQ@tcs.mil.in> Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match: transport_maps: no match Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match: transport_maps: no match Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: In dict_changed_name Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match: tcs.mil.in: no match Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match: tcs.mil.in: no match Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match: tcs.mil.in: no match Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match: tcs.mil.in: no match Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: In valid verify sender addr Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text 250 2.1.0 Ok Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: text RCPT TO:< CO.1CorpHQ@tcs.mil.in> Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match: tcs.mil.in: no match Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match: tcs.mil.in: no match Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match: tcs.mil.in: no match Feb 22 12:43:24 1CorpHQ postfix/trivial-rewrite[7330]: match_list_match: tcs.mil.in: no match Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: In valid verify sender addr Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: match_list_match: permit_mynetworks: no match Feb 22 12:43:24 1CorpHQ dovecot: quota-status: Debug: Loading modules from directory: /usr/lib64/dovecot Feb 22 12:43:24 1CorpHQ dovecot: quota-status: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: Read auth token secret from /var/run/dovecot//auth-token-secret.dat Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: master in: USER#0111# 011CO.1CorpHQ@tcs.mil.in#011service=quota-status Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: ldap(co.1corphq@tcs.mil.in): user search: base=dc=tcs,dc=mil,dc=in scope=subtree filter=(&(objectClass=person)(uid=co.1corphq)) fields=homeDirectory,uidNumber,gidNumber Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: ldap(co.1corphq@tcs.mil.in): no fields returned by the server Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: ldap(co.1corphq@tcs.mil.in): result: homeDirectory missing; uidNumber missing; gidNumber missing Feb 22 12:43:24 1CorpHQ dovecot: auth: Debug: userdb out: USER#0111# 011co.1corphq@tcs.mil.in Feb 22 12:43:24 1CorpHQ dovecot: quota-status: Debug: auth input: co.1corphq@tcs.mil.in Feb 22 12:43:24 1CorpHQ dovecot: quota-status: Debug: changed username to co.1corphq@tcs.mil.in Feb 22 12:43:24 1CorpHQ dovecot: quota-status: Debug: Added userdb setting: plugin/=yes Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq@tcs.mil.in): Debug: Effective uid=6000, gid=6000, home= Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq@tcs.mil.in): Debug: Quota root: name=User quota backend=maildir args= Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq@tcs.mil.in): Debug: Quota rule: root=User quota mailbox=* bytes=8192 messages=0 Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq@tcs.mil.in): Debug: Quota rule: root=User quota mailbox=* bytes=8192 messages=12 Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq@tcs.mil.in): Debug: Quota warning: bytes=6553 (80%) messages=0 reverse=no command=quota-warning 80 co.1corphq@tcs.mil.in Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq@tcs.mil.in): Debug: Quota grace: root=User quota bytes=819 (10%) Feb 22 12:43:24 1CorpHQ dovecot: quota-status(co.1corphq@tcs.mil.in): Debug: maildir++: root=/var/mail/vmail/tcs.mil.in/co.1corphq, index=, indexpvt=, control=, inbox=/var/mail/vmail/tcs.mil.in/co.1corphq, alt= Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: warning: connect to 201.123.80.9:54317: Connection refused Feb 22 12:43:24 1CorpHQ postfix/smtpd[7326]: warning: problem talking to server 201.123.80.9:54317: Connection refused Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: warning: connect to 201.123.80.9:54317: Connection refused Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: warning: problem talking to server 201.123.80.9:54317: Connection refused Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: NOQUEUE: reject: RCPT from 1CorpHQ[201.123.80.23]: 451 4.3.5 Server configuration problem; from=< Cdr.1CorpHQ@tcs.mil.in> to=<CO.1CorpHQ@tcs.mil.in> proto=ESMTP helo=<1CorpHQ> Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: text 451 4.3.5 Server configuration problem Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: text RSET Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: text 250 2.0.0 Ok Feb 22 12:43:25 1CorpHQ postfix/smtpd[7326]: lost connection after RSET from 1CorpHQ[201.123.80.23]
I am understanding what the logs are trying to say. But I am not able to resolve the issue even after searching solution on internet and trying different hit and trials by myself. I want that if i am sending email to any node or within node, the configuration relating to "check _policy_service" for other node does not interfere and mail goes properly. At the same time I can also fetch quota status from other nodes.
If I can get any help regarding this it will be really appreciable as I have tried a lot of options already.
Regards