quota-status returns quota_status_success when email would put user over quota

Kristian Pedersen kp at asom-net.dk
Tue Jan 31 15:36:35 UTC 2017 

Hi list,

We still did not manage to get quota-status working.
We're hoping someone can provide some feedback/ideas on how we may 
investigate this issue further?
Is it likely to be a bug fixed in a newer version?

Regards,

Kristian


On 2017-01-24 09:25, Kristian Pedersen wrote:
> Hi list,
>
> I am attempting to get quota-status service working, so I can deny 
> email at the initial smtp dialog instead of generating bounces with lda.
>
> I can't seem to get quota-status to return quota_status_overquota, 
> even when an email would put an account over quota.
>
> Quota in general works fine:
> Jan 22 06:39:23 mail dovecot: lda(xx at yy.dk): 
> msgid=<25c5bdb20d58fc4f649f716a947613dc at zz.org>: save failed to INBOX: 
> Quota exceeded (mailbox for user is full)
> Jan 22 06:39:23 mail dovecot: lda(xx at yy.dk): 
> msgid=<25c5bdb20d58fc4f649f716a947613dc at zz.org>: rejected: Quota 
> exceeded (mailbox for user is full)
>
> The system is a pretty standard debian 8 box running virtually on a 
> kvm/ovirt cluster:
> root at mail:~# dpkg --list | grep dovec
> ii  dovecot-core                   1:2.2.13-12~deb8u1 amd64 secure 
> POP3/IMAP server - core files
> ii  dovecot-imapd                  1:2.2.13-12~deb8u1 amd64 secure 
> POP3/IMAP server - IMAP daemon
> ii  dovecot-lmtpd                  1:2.2.13-12~deb8u1 amd64 secure 
> POP3/IMAP server - LMTP server
> ii  dovecot-mysql                  1:2.2.13-12~deb8u1 amd64 secure 
> POP3/IMAP server - MySQL support
> ii  dovecot-pop3d                  1:2.2.13-12~deb8u1 amd64 secure 
> POP3/IMAP server - POP3 daemon
>
> Mail storage is local XFS partitions as far as the dovecot server 
> knows. Behind the scene its actually raw disk images on NFS shares 
> from a SAN towards the kvm/ovirt cluster.
>
> I test by using nc towards the quota-status instance:
> root at mail:~# printf 
> "recipient=kptest at asom-net.dk\nsize=1000000000\n\n" | nc -q1 localhost 
> 12340
> action=DUNNO
>
> User has 500MB quota:
> mysql> SELECT 
> CONCAT('/data/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1))) 
> AS home, 110 AS uid, 110 AS gid, CONCAT('*:storage=',mailquota,'M') AS 
> quota_rule FROM virtual_users WHERE email='kptest at asom-net.dk';
> +--------------------------------+-----+-----+----------------+
> | home                           | uid | gid | quota_rule     |
> +--------------------------------+-----+-----+----------------+
> | /data/vmail/asom-net.dk/kptest | 110 | 110 | *:storage=500M |
> +--------------------------------+-----+-----+----------------+
> 1 row in set (0.00 sec)
>
> maildirsize seems ok:
> root at mail:~# cat /data/vmail/asom-net.dk/kptest/maildirsize
> 524288000S
> 685 1
> 690 1
>
> Quota-status will return unknown user if that is the case:
> root at mail:~# printf 
> "recipient=kptest2 at asom-net.dk\nsize=1000000000\n\n" | nc -q1 
> localhost 12340
> action=551 5.5.1 User not found
>
>
> Log file (with mail_debug = yes):
> Jan 12 16:52:21 mail dovecot: quota-status: Debug: auth input: 
> kptest at asom-net.dk home=/data/vmail/asom-net.dk/kptest uid=110 gid=110 
> quota_rule=*:storage=500M
> Jan 12 16:52:21 mail dovecot: quota-status: Debug: Added userdb 
> setting: plugin/quota_rule=*:storage=500M
> Jan 12 16:52:21 mail dovecot: quota-status(kptest at asom-net.dk): Debug: 
> Effective uid=110, gid=110, home=/data/vmail/asom-net.dk/kptest
> Jan 12 16:52:21 mail dovecot: quota-status(kptest at asom-net.dk): Debug: 
> Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, 
> list=yes, subscriptions=yes 
> location=maildir:/data/vmail/asom-net.dk/kptest/
> Jan 12 16:52:21 mail dovecot: quota-status(kptest at asom-net.dk): Debug: 
> maildir++: root=/data/vmail/asom-net.dk/kptest, index=, indexpvt=, 
> control=, inbox=/data/vmail/asom-net.dk/kptest, alt=
>
> dovecot -n:
> # 2.2.13: /etc/dovecot/dovecot.conf
> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 ext4
> auth_default_realm = vejen-net.dk
> auth_mechanisms = plain login
> auth_verbose = yes
> disable_plaintext_auth = no
> first_valid_uid = 110
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> mail_debug = yes
> mail_location = maildir:/data/vmail/%d/%n/
> mail_privileged_group = mail
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   args = /etc/dovecot/local-sql.conf
>   driver = sql
> }
> plugin {
>   quota = maildir:User quota
>   quota_rule = *:storage=200M
>   quota_status_nouser = 551 5.5.1 User not found
>   quota_status_overquota = 552 5.2.2 Mailbox is full
>   quota_status_success = DUNNO
> }
> protocols = imap pop3
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
>   unix_listener auth-master {
>     mode = 0600
>     user = vmail
>   }
>   user = root
> }
> service imap-login {
>   client_limit = 1024
>   process_limit = 256
>   process_min_avail = 8
>   service_count = 0
>   vsz_limit = 512 M
> }
> service imap {
>   process_limit = 10240
> }
> service pop3-login {
>   client_limit = 512
>   process_limit = 256
>   process_min_avail = 8
>   service_count = 0
>   vsz_limit = 512 M
> }
> service pop3 {
>   process_limit = 10240
> }
> service quota-status {
>   client_limit = 1
>   executable = /usr/lib/dovecot/quota-status -p postfix
>   inet_listener {
>     port = 12340
>   }
> }
> ssl_cert = </etc/letsencrypt/live/mail.asom-net.dk/fullchain.pem
> ssl_key = </etc/letsencrypt/live/mail.asom-net.dk/privkey.pem
> ssl_prefer_server_ciphers = yes
> userdb {
>   args = /etc/dovecot/local-sql.conf
>   driver = sql
> }
> protocol lda {
>   auth_socket_path = /var/run/dovecot/auth-master
>   mail_plugins = quota
>   postmaster_address = postmaster at asom-net.dk
> }
> protocol imap {
>   mail_plugins = quota imap_quota
> }
> protocol pop3 {
>   mail_plugins = quota
>   pop3_uidl_format = %08Xu%08Xv
> }
>
>
> local-sql.conf:
> driver = mysql
> connect = host=xyz dbname=xyz user=xyz password=xyz
> default_pass_scheme = CRYPT
> password_query = SELECT email as user, password FROM virtual_users 
> WHERE email='%u';
> user_query = SELECT 
> CONCAT('/data/vmail/',CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1))) 
> AS home, 110 AS uid, 110 AS gid, CONCAT('*:storage=',mailquota,'M') AS 
> quota_rule FROM virtual_users WHERE email='%u';
>
> If I do a strace on the quota-status PID, it seems to do a stat on the 
> directory and then give up? Not sure Im interpreting it correct (only 
> including the last few lines):
> ...
> lseek(14, 833, SEEK_SET)                = 833
> munmap(0x7f165d32a000, 833)             = 0
> close(14)                               = 0
> geteuid()                               = 0
> getegid()                               = 110
> getgid()                                = 110
> getegid()                               = 110
> setgroups(1, [110])                     = 0
> setresuid(-1, 110, -1)                  = 0
> prctl(PR_SET_DUMPABLE, 1)               = 0
> stat("/data/vmail/asom-net.dk/kptest", {st_mode=S_IFDIR|0700, 
> st_size=4096, ...}) = 0
> prctl(PR_SET_DUMPABLE, 1)               = 0
> setsockopt(12, SOL_TCP, TCP_CORK, [1], 4) = 0
> write(12, "action=DUNNO\n\n", 14)       = 14
> setsockopt(12, SOL_TCP, TCP_CORK, [0], 4) = 0
> epoll_wait(11, {{EPOLLIN, {u32=1593554016, u64=139734059562080}}}, 5, 
> 59999) = 1
> read(12, "", 8146)                      = 0
> epoll_ctl(11, EPOLL_CTL_DEL, 12, 7fff0be817a0) = 0
> close(12)                               = 0
> epoll_wait(11, {}, 5, 1000)             = 0
> write(5, "\35q\1\0007\10\0\0\1\0\0\0", 12) = 12
> epoll_wait(11,
> ...
>
> It seems like sort of permission issue?
> root at mail:~# su - vmail
> No directory, logging in with HOME=/
> $ id -a
> uid=110(vmail) gid=110(vmail) groups=110(vmail)
> $ cat /data/vmail/asom-net.dk/kptest/maildirsize
> 524288000S
> 685 1
> 690 1
>
> /data/vmail/asom-net.dk is actually a symlink, maybe that could be of 
> importance?:
> root at mail:~# ls -ld /data/vmail/asom-net.dk
> lrwxrwxrwx 1 root root 19 Jan  9 11:18 /data/vmail/asom-net.dk -> 
> ../mnt1/asom-net.dk
>
> root at mail:~# ls -ld /data/mnt1/asom-net.dk/
> drwxrwx--- 45 vmail vmail 4096 Dec 15 10:54 /data/mnt1/asom-net.dk/
>
> root at mail:~# ls -ld /data/mnt1/asom-net.dk/kptest/
> drwx------ 9 vmail vmail 4096 Jan 23 08:55 /data/mnt1/asom-net.dk/kptest/
>
> root at mail:~# ls -ld /data/mnt1/asom-net.dk/kptest/maildirsize
> -rw------- 1 vmail vmail 23 Jan 12 16:50 
> /data/mnt1/asom-net.dk/kptest/maildirsize
>
> Anyone have any idea what might be wrong here?
>
> Regards,
>

-- 
Kristian Pedersen
ASOM-Net
Systemadministrator
www.asom-net.dk
Telefon: 44 400 970

More information about the dovecot mailing list