Re: Enforcing quotas on shared mailboxes

...

On 07/02/2024 12:31 EET dovecot--- via dovecotdovecot@dovecot.org wrote:

I have configured a shared private namespace in dovecot so that, via ACLs, users can access other users' mailboxes.

I set up a quota for each user and this also works well. The quota is monitored and new messages are denied if the quota is exceeded.

There is one problem though: apparently dovecot treats shared mailboxes in relation to the current user's quota, it does not consider (as would be appropriate) the shared mailbox owner's quota.

I will try to explain better with a couple of examples.

==============

Consider the following case:

 user1 has a quota of 1MB, totally available
 user2 has a quota of 10MB, totally available
 user1 shares the "Sales" mailbox with user2
 user2 copies a 500KB message to the shared "Sales" mailbox
 user1's quota will be correctly deducted by 500KB, thus resulting in 0.5MB available

At this point, however, let's try another operation:

 user2 copies an 800KB message to the shared "Sales" mailbox.

The server should return error because this way user1 exceeds the allocated quota of 1MB (500KB + 800KB), but instead the copy operation succeeds.

This happens because at the time of the copy operation, dovecot considers the quota limit of user2 instead of considering the quota limit of user1.

==============

Let us consider another case, performing the same operations but where the user quota limits are reversed (user1 has a larger quota than user2):

 user1 has a quota of 10MB, totally available
 user2 has a quota of 1MB, totally available
 user1 shares the "Sales" mailbox with user2
 user2 copies a 500KB message to the shared mailbox "Sales"

The operation fails by overquota, because again dovecot considers user2's quota limit instead of considering user1's quota limit. Therefore, it is as if user2, with a 1MB limit, tries to write to a "larger" area (10MB).

As a counterevidence, setting user1 and user2 with the same quota limit, the operation succeeds perfectly.

==============

Can anyone help me solve the problem? Is this a problem that is related to my configuration? Below I attach the output of dovecot -n

Try

plugin { quota_rule=Shared/*:ignore }

Aki

Thanks Aki, your suggestion definitely fixed the error of copying messages to a shared mailbox, great!

But it is not clear to me whether this way the quota of the shared mailbox is still taken into account, or ignored completely. If it were ignored completely, in theory it would be possible for another account to copy or move messages to a shared folder without any limit, exceeding the quota that should be enforced on the main account.

What are your thoughts on this?

Gabriele

      On 07/02/2024 12:31 EET dovecot--- via dovecot
      <dovecot@dovecot.org> wrote:


      I have configured a shared private namespace in dovecot so
      that, via ACLs, users can access other users' mailboxes.

      I set up a quota for each user and this also works well.
      The quota is monitored and new messages are denied if the
      quota is exceeded.

      There is one problem though: apparently dovecot treats
      shared mailboxes in relation to the current user's quota,
      it does not consider (as would be appropriate) the shared
      mailbox owner's quota.

      I will try to explain better with a couple of examples.

      ==============

      Consider the following case:

          user1 has a quota of 1MB, totally available
          user2 has a quota of 10MB, totally available
          user1 shares the "Sales" mailbox with user2
          user2 copies a 500KB message to the shared "Sales"
      mailbox
          user1's quota will be correctly deducted by 500KB, thus
      resulting in 0.5MB available

      At this point, however, let's try another operation:

          user2 copies an 800KB message to the shared "Sales"
      mailbox.

      The server should return error because this way user1
      exceeds the allocated quota of 1MB (500KB + 800KB), but
      instead the copy operation succeeds.

      This happens because at the time of the copy operation,
      dovecot considers the quota limit of user2 instead of
      considering the quota limit of user1.

      ==============

      Let us consider another case, performing the same
      operations but where the user quota limits are reversed
      (user1 has a larger quota than user2):

          user1 has a quota of 10MB, totally available
          user2 has a quota of 1MB, totally available
          user1 shares the "Sales" mailbox with user2
          user2 copies a 500KB message to the shared mailbox
      "Sales"

      The operation fails by overquota, because again dovecot
      considers user2's quota limit instead of considering
      user1's quota limit. Therefore, it is as if user2, with a
      1MB limit, tries to write to a "larger" area (10MB).

      As a counterevidence, setting user1 and user2 with the same
      quota limit, the operation succeeds perfectly.

      ==============

      Can anyone help me solve the problem? Is this a problem
      that is related to my configuration?
      Below I attach the output of dovecot -n
 Try

 plugin {
   quota_rule=Shared/*:ignore
 }

 Aki

Thanks Aki, your suggestion definitely fixed the error of copying messages to a shared mailbox, great!

But it is not clear to me whether this way the quota of the shared mailbox is still taken into account, or ignored completely. If it were ignored completely, in theory it would be possible for another account to copy or move messages to a shared folder without any limit, exceeding the quota that should be enforced on the main account.

What are your thoughts on this?

Gabriele