Quota Config With Prefetch Creating Alias Directories
Using Dovecot 2.3.8 with Postfix & MySQL on Centos.
I have a sql table with account info, email addresses, password, quotas, etc I have another sql table for aliases containing which alias points to what email address. For imap access im using passdb password_query with prefetch.
I setup quotas using count and configured postfix to check quotas with check_policy_service before accepting email.
Discovered that it wont lookup quotas using prefetch. Added a second userdb so quota request can use user_query instead of the imap password_query prefetch version.
userdb {
driver = sql
args = /etc/dovecot/mysql_quota.include
skip = found
result_success = return-ok
result_failure = return-ok
}
This worked for existing email addresses in the accounts table. But any email sent to an alias was rejected because user not found. Not by postfix, postfix can see its an alias, but when postfix does check_policy_service dovecot issued the rejection because its not finding the alias in the accounts table per the userdb user_query.
I added "result_failure = return-ok" to the userdb so if user_query doesn't find the address postfix is asking to accept mail for, it will fall back on quota default values. Then dovecot isn't forcing the mail to be rejected and postfix knows if its a valid user or alias. This seems to solve the issue, dovecot will return per user quotas or if not found then the global quota and let postfix decided whats a valid address to accept or reject.
But now there is a side effect. Every time you ask dovecot for a quota, and if its a first time use of a newly created account dovecot creates the index directories and index files on disk. Because im using result_failure=return-ok which tells dovecot the user was found to prevent aliases from being rejected, dovecot is also creating directories and indexes for those aliases postfix is sending over check_policy_service.
First question: Is this the best way to configure dovecot using quota verification for postfix to work will aliases?
Second question: How can i prevent directories and indexes being created for non found user (aliases) accounts?
Thank you.
On 06-26-2021 7:39 pm, dovecot@ptld.com wrote:
First question: Is this the best way to configure dovecot using quota verification for postfix to work will aliases?
Second question: How can i prevent directories and indexes being created for non found user (aliases) accounts?
I figured out i was doing it wrong, i removed the "result_failure = return-ok" and used "quota_status_nouser = DUNNO" instead. However, now i have another concern.
- I setup an email account for user@example.com
- I setup an alias alias@example.com to forward to user@example.com
- I filled up user@example.com inbox so it would fail quota.
- I sent an email to alias@example.com
Postfix did not reject the email, it accepted it and tried to deliver to dovecot/lmtp which then rejected the message for being over quota. This caused postfix to have to send a back splatter bounce email. Anyway to solve that?
But worse, the bounce email exposed the forwarded to address of user@example.com saying mailbox full. "<user@example.com> (expanded from <alias@example.com>)"
What can be done about that? Keep the bounce notice from exposing the forward to address? Or is there still a better way to set this up?
For the first part of the issue maybe you could use Postfix's smtpd_restriction_classes combined with Dovecot's quota_grace, as described in this older thread: https://dovecot.markmail.org/thread/5sa563icpv2os2nb#query:+page:1+mid:gkhwg...
I haven't tried it though.
Cheers,
Kevin
On 27/06/2021 05:32, dovecot@ptld.com wrote:
On 06-26-2021 7:39 pm, dovecot@ptld.com wrote:
First question: Is this the best way to configure dovecot using quota verification for postfix to work will aliases?
Second question: How can i prevent directories and indexes being created for non found user (aliases) accounts?
I figured out i was doing it wrong, i removed the "result_failure = return-ok" and used "quota_status_nouser = DUNNO" instead. However, now i have another concern.
- I setup an email account for user@example.com
- I setup an alias alias@example.com to forward to user@example.com
- I filled up user@example.com inbox so it would fail quota.
- I sent an email to alias@example.com
Postfix did not reject the email, it accepted it and tried to deliver to dovecot/lmtp which then rejected the message for being over quota. This caused postfix to have to send a back splatter bounce email. Anyway to solve that?
But worse, the bounce email exposed the forwarded to address of user@example.com saying mailbox full. "<user@example.com> (expanded from <alias@example.com>)"
What can be done about that? Keep the bounce notice from exposing the forward to address? Or is there still a better way to set this up?
On a second thought, the previous suggestion doesn't seem to be what you are looking for. It looks like it only performs selective quota checking.
Sorry.
On 27/06/2021 10:45, Kevin N. wrote:
For the first part of the issue maybe you could use Postfix's smtpd_restriction_classes combined with Dovecot's quota_grace, as described in this older thread: https://dovecot.markmail.org/thread/5sa563icpv2os2nb#query:+page:1+mid:gkhwg...
I haven't tried it though.
Cheers,
Kevin
On 27/06/2021 05:32, dovecot@ptld.com wrote:
On 06-26-2021 7:39 pm, dovecot@ptld.com wrote:
First question: Is this the best way to configure dovecot using quota verification for postfix to work will aliases?
Second question: How can i prevent directories and indexes being created for non found user (aliases) accounts?
I figured out i was doing it wrong, i removed the "result_failure = return-ok" and used "quota_status_nouser = DUNNO" instead. However, now i have another concern.
- I setup an email account for user@example.com
- I setup an alias alias@example.com to forward to user@example.com
- I filled up user@example.com inbox so it would fail quota.
- I sent an email to alias@example.com
Postfix did not reject the email, it accepted it and tried to deliver to dovecot/lmtp which then rejected the message for being over quota. This caused postfix to have to send a back splatter bounce email. Anyway to solve that?
But worse, the bounce email exposed the forwarded to address of user@example.com saying mailbox full. "<user@example.com> (expanded from <alias@example.com>)"
What can be done about that? Keep the bounce notice from exposing the forward to address? Or is there still a better way to set this up?
participants (2)
-
dovecot@ptld.com
-
Kevin N.