[Dovecot] quota using wrong limits in user shared mailboxes

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Thu Mar 13 09:59:23 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have setup a shared namespace to expose user's mailboxes to other users. 
That works well. Via ACLs users can access other users mailboxes.

I have setup a quota for each user, that works well, too. The quota is 
tracked and new messages are denied, if the quota is exceeded. I do not 
find hints, if you need to setup something special for shared namespaces.
http://wiki2.dovecot.org/Quota/Configuration shows how to track the quota 
and http://wiki2.dovecot.org/SharedMailboxes/Shared shows how to setup 
the namespace and ACL.

If user1 shares "mailbox" to user2 and user2 copies a message there, the 
quota is tracked in the quota of user1 correctly.

But to calculate if

* LOGIN user2
...
* COPY 1 users.user1.mailbox

fails with overquota or succeed, the quota limit of user2 is used instead 
of the quota of user1, whom "mailbox" belongs to.

I have tested it with
a. limit(user2) < limit(user1)
b. quota(user1) + sizeof(message) < limit(user1)
if quota(user1) + sizeof(message) > limit(user2), COPY fails with 
overquota. If I raise the quota of user2, the COPY succeeds.

That means, although the target user's quota is not exceeded and won't 
after the copy, COPY fails. That seems to be wrong for me.

The same will apply to the other way round, I guess: If the target user is 
over quota, but copying user's quota limit is greater than that, the COPY 
succeeds. [I have not tested it.] Hence, if you enable sharing, you 
undermine quota, because the other user can copy messages into a mailbox 
of an user overquota.

Does other people see the same issue?

My config:
# 2.2.10 (5432b55a2b87): /usr/local/dovecot-2.2.10/etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.9 
auth_cache_size = 30 M
auth_mechanisms = plain login
auth_verbose = yes
auth_worker_max_count = 100
base_dir = /var/run/dovecot2.2/
default_vsz_limit = 512 M
deliver_log_format = msgid=%m: %$ %p/%w "%f" "%s"
dict {
   acl = pgsql:/usr/local/dovecot-2.2.10/etc/dovecot/dovecot-dict-sql.conf.ext
   quota = pgsql:/usr/local/dovecot-2.2.10/etc/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
instance_name = dovecot2.2
lda_mailbox_autocreate = yes
lmtp_save_to_detail_mailbox = yes
log_path = /var/log/dovecot/dovecot2.2.log
log_timestamp = "%F %H:%M:%S "
mail_gid = vmail
mail_log_prefix = "%Us(%u) [%p]: "
mail_max_userip_connections = 0
mail_plugins = " quota notify mail_log zlib acl stats"
mail_shared_explicit_inbox = yes
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags
namespace {
   list = children
   location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
   prefix = users.%%u.
   separator = .
   type = shared
}
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix = 
}
passdb {
   args = /usr/local/dovecot-2.2.10/etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
plugin {
   acl = vfile
   acl_shared_dict = proxy::acl
   antispam_allow_append_to_spam = yes
   antispam_backend = spool2dir
   antispam_spam = SPAM+ReportAsSPAM
   antispam_spool2dir_notspam = /tmp/spamspool/%%020lu-%%05lu-%u-H
   antispam_spool2dir_spam = /tmp/spamspool/%%020lu-%%05lu-%u-S
   antispam_trash = trash;TRASH;Trash;spam;SPAM;Spam;junk;JUNK;Junk;Deleted Items;Deleted Messages;Gel&APY-schte Elemente;Gel&APY-schte Objekte;Junk E-mail;Junk-E-Mail;INBOX.Trash;INBOX.TRASH;INBOX.trash
   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
   mail_log_fields = uid box msgid size vsize from subject
   quota = dict:User quota::proxy::quota
   quota_rule = *:storage=300MB
   quota_rule2 = Trash:storage=+30M
   recipient_delimiter = +
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
   sieve_extensions = +imapflags
   sieve_max_actions = 0
   sieve_quota_max_storage = 3M
   stats_command_min_time = 1 mins
   stats_domain_min_time = 12 hours
   stats_ip_min_time = 12 hours
   stats_memory_limit = 128 M
   stats_refresh = 30 secs
   stats_session_min_time = 15 mins
   stats_track_cmds = yes
   stats_user_min_time = 1 hours
}
postmaster_address = postmaster at inf.h-brs.de
protocols = imap pop3 lmtp sieve
quota_full_tempfail = yes
service auth {
   unix_listener auth-client {
     mode = 0766
   }
   unix_listener auth-userdb {
     mode = 0766
     user = vmail
   }
}
service dict {
   unix_listener dict {
     group = vmail
     mode = 0660
     user = vmail
   }
}
service doveadm {
   unix_listener doveadm-server {
     mode = 0666
   }
}
service imap-login {
   process_min_avail = 4
   service_count = 0
   vsz_limit = 768 M
}
service imap {
   process_limit = 1000
   vsz_limit = 768 M
}
service lmtp {
   vsz_limit = 768 M
}
service managesieve-login {
   inet_listener sieve {
     port = 4190
   }
   inet_listener sieve_deprecated {
     port = 2000
   }
}
service pop3-login {
   process_min_avail = 5
   service_count = 0
   vsz_limit = 512 M
}
service stats {
   fifo_listener stats-mail {
     mode = 0600
     user = vmail
   }
}
ssl_ca = </etc/ssl/certs/ca.crt
ssl_cert = </etc/ssl/certs/imap.pem
ssl_key = </etc/ssl/private/imap.key
userdb {
   driver = prefetch
}
userdb {
   args = /usr/local/dovecot-2.2.10/etc/dovecot/dovecot-ldap.conf.ext
   default_fields = home=/home/%u uid=vmail gid=vmail
   driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
   mail_plugins = " quota notify mail_log zlib acl stats quota sieve"
}
protocol lda {
   mail_plugins = " quota notify mail_log zlib acl quota sieve"
}
protocol imap {
   mail_plugins = " quota notify mail_log zlib acl stats imap_quota imap_zlib imap_acl antispam imap_stats"
}

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUyGBe3D1/YhP6VMHAQJXzggAl5WaaTkOS3cVWqv/MQWaKBMQef8EEX2y
VIT9Gx/W+QMcozTF1l5BQwis1fLDD8tNd86fuk82s/4yAVH+LUFFJsbnC6FaMGr+
9sDKG4I22mKLMFpI2H19tbUoFTcMCebv93qcdBwH2aLEUVUPpRTxPTDoVkDotDk+
omu547sFWMkeNb/7fkaZM9quHne6EyJQa94URcVt8TtSEGa+y/xbmE16gShH9QPG
LSz8dWtfk+hw2po9dKtHG6tPLNQC/zuJSsSdJoEh1PtyZUwmhxwMnE6n6u54GPLk
LesSLfD3MH8Tz/TBD6lYgHhrj5WCdXRYibnaDd4fV22QnEK+IsST8Q==
=vDet
-----END PGP SIGNATURE-----


More information about the dovecot mailing list