Quota - frustrated trying to configure ...
Hi,
after fighting Dovecot almost every step of the way, I have finally gotten most of the functions configured on a customer box (used Cyrus on a previous install, but it was dropped from SLES 12 ...)
The mail server setup uses LDAP for user authentication, has a central maildir tree (.../dovecot/maildir/<USER>/...) that is used for all users' mail, sieve is also running well. The users themselves are just virtual users, they do not have a local home directory or anything.
I was now trying to get Quota to work ... Looking at the Wiki more or less showed the same "spotty" results of the rest of the Wiki. Fine for anybody that needs the documentation just as a reference, but somewhat lacking for someone that does not have experience in setting up Dovecot. I tried following the wiki, as well as checking on other web pages I came across.
In order to keep the setup simple, and not have to jump through hoops to set up any SQL backup etc., I tried using a file-based storage of the quota entries, as in:
dict { quota = file:/data/dovecot/db/quota.db }
I also added quota entries in the other places I believe are necessary, and set up a rule like this:
plugin { quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M }
I got through dovecot restart without errors, and IMAP still answers. But attempting to do a recalculation of the current quota usage ends up with this error:
doveadm(root): Error: chdir(/root/) failed: Permission denied (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned by 0:0 mode=0700) doveadm(root): Error: chdir(/root) failed: Permission denied
It looks like dovecot doesn't actually attempt to look at the central maildir, but instead seems to attempt to enter the current user's homedir (which, in this case, is root).
What am I (possibly) missing here? Is this way of setting it up even viable? While I need a general per-user-quota, I also need the ability to overwrite each user's default quota ... is there any recommendable more detailed documentation on how to set up quota?
Thanks, -garry
On 25 Sep 2017, at 21.19, Garry Glendown <garry@glendown.de> wrote:
doveadm(root): Error: chdir(/root/) failed: Permission denied (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned by 0:0 mode=0700) doveadm(root): Error: chdir(/root) failed: Permission denied
It looks like dovecot doesn't actually attempt to look at the central maildir, but instead seems to attempt to enter the current user's homedir (which, in this case, is root).
what was the command line you used to test this? As this looks a lot like you just tried to check root users quota.
try: doveadm quota get -u <uid>
and try if ‘doveadm user <uid>’ returns any quota rules.
Sami
On 25.09.2017 20:28, Sami Ketola wrote:
On 25 Sep 2017, at 21.19, Garry Glendown <garry@glendown.de> wrote:
doveadm(root): Error: chdir(/root/) failed: Permission denied (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned by 0:0 mode=0700) doveadm(root): Error: chdir(/root) failed: Permission denied
It looks like dovecot doesn't actually attempt to look at the central maildir, but instead seems to attempt to enter the current user's homedir (which, in this case, is root).
what was the command line you used to test this? As this looks a lot like you just tried to check root users quota. Actually no, I tried "doveadm quote recalc" without any parameters ... I found the command in the wiki, which - as with most other information - might be helpful if you already know what you are doing ...
"If your quotas are out of sync, you can use doveadm quota recalc command to recalculate them. "
I assumed it would recalculate all users' quotas ... using the -u argument with an account actually does seem to work, at least I do not get any errors. Also, the get command seems to be accurate from what I can tell. Further tests show that the system already checks the quota correctly ... and hard-rejects any mails to users with full quota ...
So with that part already working, I have new problems to solve:
- how do I keep mails from being rejected and kept in the local mailqueue instead? (which is the old system's behavior)?
- what's the best (or simplest or recommended) way of setting up per-user-quotas in this setup?
- how can I get an overview/list of all users and their quota usage? (I guess I just solved that - "doveadm quota get -A" seems to work)
thanks, -garry
- how do I keep mails from being rejected and kept in the local mailqueue instead? (which is the old system's behavior)?
- You can set a quota grace to basically have a soft-limit - allowing the user to go slightly above their allocated quota.
- what's the best (or simplest or recommended) way of setting up per-user-quotas in this setup?
- I'm not sure if this is considered the "simplest", but like you I am also using LDAP auth. With this setup, I have LDAP manage per-user quotas. The primary mail schema I use is equipped with a mailQuota attribute. I have this quota attribute set as part of user_attrs in dovecot-ldap.conf.ext. For example, per user quotas in LDAP:
user_attrs = ....,mailQuota=quota_rule=*:bytes=%$
- how can I get an overview/list of all users and their quota usage? (I guess I just solved that - "doveadm quota get -A" seems to work)
- It helps to set up aliases unless you don't mind typing a lot. To get an overview/list of all users and their quota usage I have a couple quota aliases defined:
alias quotaa='doveadm quota get -A | sort -h ' $ quotaa
alias quota='doveadm quota get -u $1 ' $ quota <username>
IMHO the official Dovecot docs are great, but I also battled with quotas for a short duration, so hopefully this will help a bit more.
Cheers, TC
On 9/25/17 11:51 AM, Garry Glendown wrote:
On 25.09.2017 20:28, Sami Ketola wrote:
On 25 Sep 2017, at 21.19, Garry Glendown <garry@glendown.de> wrote:
doveadm(root): Error: chdir(/root/) failed: Permission denied (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned by 0:0 mode=0700) doveadm(root): Error: chdir(/root) failed: Permission denied
It looks like dovecot doesn't actually attempt to look at the central maildir, but instead seems to attempt to enter the current user's homedir (which, in this case, is root).
what was the command line you used to test this? As this looks a lot like you just tried to check root users quota. Actually no, I tried "doveadm quote recalc" without any parameters ... I found the command in the wiki, which - as with most other information - might be helpful if you already know what you are doing ...
"If your quotas are out of sync, you can use doveadm quota recalc command to recalculate them. "
I assumed it would recalculate all users' quotas ... using the -u argument with an account actually does seem to work, at least I do not get any errors. Also, the get command seems to be accurate from what I can tell. Further tests show that the system already checks the quota correctly ... and hard-rejects any mails to users with full quota ...
So with that part already working, I have new problems to solve:
- how do I keep mails from being rejected and kept in the local mailqueue instead? (which is the old system's behavior)?
- what's the best (or simplest or recommended) way of setting up per-user-quotas in this setup?
- how can I get an overview/list of all users and their quota usage? (I guess I just solved that - "doveadm quota get -A" seems to work)
thanks, -garry
On 25 Sep 2017, at 21.51, Garry Glendown <garry@glendown.de> wrote:
On 25.09.2017 20:28, Sami Ketola wrote:
On 25 Sep 2017, at 21.19, Garry Glendown <garry@glendown.de> wrote:
doveadm(root): Error: chdir(/root/) failed: Permission denied (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned by 0:0 mode=0700) doveadm(root): Error: chdir(/root) failed: Permission denied
It looks like dovecot doesn't actually attempt to look at the central maildir, but instead seems to attempt to enter the current user's homedir (which, in this case, is root).
what was the command line you used to test this? As this looks a lot like you just tried to check root users quota. Actually no, I tried "doveadm quote recalc" without any parameters ... I found the command in the wiki, which - as with most other information - might be helpful if you already know what you are doing …
"If your quotas are out of sync, you can use doveadm quota recalc command to recalculate them. “
I agree that this might happen. We must remember that the wiki is written mostly by people that have been working with dovecot for many years. I think you referred to this page: https://wiki2.dovecot.org/Quota so I fixed the syntax. The correct syntax was in the https://wiki2.dovecot.org/Tools/Doveadm/Quota page already.
I assumed it would recalculate all users' quotas ... using the -u argument with an account actually does seem to work, at least I do not get any errors. Also, the get command seems to be accurate from what I can tell. Further tests show that the system already checks the quota correctly ... and hard-rejects any mails to users with full quota ...
So with that part already working, I have new problems to solve:
- how do I keep mails from being rejected and kept in the local mailqueue instead? (which is the old system's behavior)?
you can change this setting:
plugin { quota_status_overquota = "552 5.2.2 Mailbox is full” }
to give 4xx SMTP error code instead to force the MTA to retry for up to 48 hours as mandated by the RFC.
- what's the best (or simplest or recommended) way of setting up per-user-quotas in this setup?
you can also return quota_rules from usertb. The simplest way depends on what kind if userdb setup you have.
- how can I get an overview/list of all users and their quota usage? (I guess I just solved that - "doveadm quota get -A" seems to work)
User iteration must work in order for that command to work. Making user iteration to work once again depends on what kind of userdb/passdb setup you have.
Sami
Hi,
had the quota info added to the AD in an unused field, and it seems to work ...
On 25 Sep 2017, at 21.51, Garry Glendown <garry@glendown.de> wrote:
On 25.09.2017 20:28, Sami Ketola wrote:
On 25 Sep 2017, at 21.19, Garry Glendown <garry@glendown.de> wrote:
doveadm(root): Error: chdir(/root/) failed: Permission denied (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned by 0:0 mode=0700) doveadm(root): Error: chdir(/root) failed: Permission denied
It looks like dovecot doesn't actually attempt to look at the central maildir, but instead seems to attempt to enter the current user's homedir (which, in this case, is root).
what was the command line you used to test this? As this looks a lot like you just tried to check root users quota. Actually no, I tried "doveadm quote recalc" without any parameters ... I found the command in the wiki, which - as with most other information - might be helpful if you already know what you are doing … "If your quotas are out of sync, you can use doveadm quota recalc command to recalculate them. “
I agree that this might happen. We must remember that the wiki is written mostly by people that have been working with dovecot for many years. I think you referred to this page: https://wiki2.dovecot.org/Quota so I fixed the syntax. The correct syntax was in the https://wiki2.dovecot.org/Tools/Doveadm/Quota page already.
I assumed it would recalculate all users' quotas ... using the -u argument with an account actually does seem to work, at least I do not get any errors. Also, the get command seems to be accurate from what I can tell. Further tests show that the system already checks the quota correctly ... and hard-rejects any mails to users with full quota ...
So with that part already working, I have new problems to solve:
- how do I keep mails from being rejected and kept in the local mailqueue instead? (which is the old system's behavior)?
you can change this setting:
plugin { quota_status_overquota = "552 5.2.2 Mailbox is full” }
to give 4xx SMTP error code instead to force the MTA to retry for up to 48 hours as mandated by the RFC.
Except for this ... I added the entry to the 20-lmtp.conf file, but dovecot/lmtp still uses the 552 message ...
tnx, Garry
--
PGP Fingerprint: A79F A33F 5B13 BEB7 A51D 274F F99C 3AE2 4BCB 7015
On 2 Oct 2017, at 16.11, Garry Glendown <garry@glendown.de> wrote:
On 25 Sep 2017, at 21.51, Garry Glendown <garry@glendown.de> wrote: On 25.09.2017 20:28, Sami Ketola wrote:
you can change this setting:
plugin { quota_status_overquota = "552 5.2.2 Mailbox is full” }
to give 4xx SMTP error code instead to force the MTA to retry for up to 48 hours as mandated by the RFC.
Except for this ... I added the entry to the 20-lmtp.conf file, but dovecot/lmtp still uses the 552 message ...
Are you sure you did put it inside plugin {} section? As looking at the code it does search for plugin/quota_status_overquota string and only if not defined it uses the default one.
can you see it in 'doveconf -nS | grep quota'
Sami
participants (3)
-
Garry Glendown
-
Sami Ketola
-
Tony