[Dovecot] Dovecot as a (quota) policy server for Postfix
Hi guys,
I'm currently experimenting with Postfix, Dovecot and OpenLDAP to setup a mail server hosting virtual users. The standard stuff works fine so far. The only thing that doesn't work as I'd like it to do is Quota.
Currently, Dovecot handles/enforces quota through the deliver LDA. When Postfix tries to deliver a mail to a mailbox that is over quota, the deliver LDA bounces the mail back to the sender.
I don't like that. I'd rather prefer Postfix to reject the mail right after receiving the '.' DATA termination line and having checked whether the users quota is or would be exceeded.
This could work by writing a small Postfix policy server/daemon that does exactly that Dovecot does:
- get the user quota limit from userdb (from LDAP in my case)
- get the user quota used (from maildirsize in my case) _ check whether the current mail size + quota used exceed the quota limit and if true, reject the mail
Of course this would only work for mails going to a single local recipient address, but most of the time, that's just the case.
Now I can re-implement that part of functionality from Dovecot in Perl and write such a small policy daemon that does exactly fit my setup (LDAP + maildirsize).
There's one thing I'd like much better, though:
What about extending Dovecot by a small policy server module for Postfix? Dovecot already has all the code to do the "over quota" checks and supports a great number of combinations for quota limit and used quota storage. My Postfix instance already kinda depends on a running Dovecot due to Dovecot-SASL for SMTP-Authentication and Dovecot-deliver for mail delivery, so it wouldn't introduce a completely new dependency either.
Timo (and all others), what do you think about such a Postfix policy server implemented as a part of Dovecot?
Regards, Wolfram Schlich wschlich@gentoo.org Gentoo Linux * http://dev.gentoo.org/~wschlich/
On Fri, 2009-06-12 at 17:54 +0200, Wolfram Schlich wrote:
Timo (and all others), what do you think about such a Postfix policy server implemented as a part of Dovecot?
Dovecot v2.0 makes this much easier, since it can be extended with any kind of external services without recompiling anything. Also v2.0 tries to be somewhat compatible with Postfix master. I've had in mind that perhaps Dovecot services could run also under Postfix master. So a quota service that could run either under Dovecot or Postfix could be useful.
I don't really have time to implement it though. You could take a look at how LMTP server is implemented and just copy&paste its important parts and make it report quota instead of doing the LMTP stuff.
What does Postfix's policy protocol look like anyway?
- Timo Sirainen dovecot@dovecot.org:
On Fri, 2009-06-12 at 17:54 +0200, Wolfram Schlich wrote:
Timo (and all others), what do you think about such a Postfix policy server implemented as a part of Dovecot?
Dovecot v2.0 makes this much easier, since it can be extended with any kind of external services without recompiling anything. Also v2.0 tries to be somewhat compatible with Postfix master. I've had in mind that perhaps Dovecot services could run also under Postfix master. So a quota service that could run either under Dovecot or Postfix could be useful.
I don't really have time to implement it though. You could take a look at how LMTP server is implemented and just copy&paste its important parts and make it report quota instead of doing the LMTP stuff.
What does Postfix's policy protocol look like anyway?
Quote from http://www.postfix.org/SMTPD_POLICY_README.html:
The Postfix policy delegation protocol is really simple. The client request is a sequence of name=value attributes separated by newline, and is terminated by an empty line. The server reply is one name=value attribute and it, too, is terminated by an empty line.
Here is an example of all the attributes that the Postfix SMTP server sends in a delegated SMTPD access policy request:
Postfix version 2.1 and later:
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
helo_name=some.domain.tld
queue_id=8045F2AB23
sender=foo@bar.tld
recipient=bar@foo.tld
recipient_count=0
client_address=1.2.3.4
client_name=another.domain.tld
reverse_client_name=another.domain.tld
instance=123.456.7
Postfix version 2.2 and later:
sasl_method=plain
sasl_username=you
sasl_sender=
size=12345
ccert_subject=solaris9.porcupine.org
ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
Postfix version 2.3 and later:
encryption_protocol=TLSv1/SSLv3
encryption_cipher=DHE-RSA-AES256-SHA
encryption_keysize=256
etrn_domain=
Postfix version 2.5 and later:
stress=
[empty line]p@rick
-- state of mind Digitale Kommunikation
Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
participants (3)
-
Patrick Ben Koetter
-
Timo Sirainen
-
Wolfram Schlich