Quota status to postfix in distributed environment

Tue Feb 27 16:18:31 EET 2018

On 2018-02-26 16:28, SAAHIL IFTEKHAR wrote:

> Hi
> 
> I have implemented Quota status to postfix in our setup. I have an imap server (dovecot) and mail server (postfix) in every node. I am able to send quota status to postfix and mails are rejected after 100% mail quota is crossed. This rejection is happening both in across the nodes and within the nodes.
> 
> The problem is if I am sending mails to any node and if any other node's dovecot is down, mails are not going. For example, I am sending an email within the system but if some other node's dovecot is down then email within the system also will not go.
> 
> My dovecot version is 2.2.10. My postfix version is 2.1.10.
> 
> doveconf -n output is below:-
> 
[snap]
> 
> Here "service quota status" is the concerned section in conf file. 
> ________________________________________________________________________________________________________
> 
> Postfix configuration is below:- 
> smtpd_relay_restrictions = 
> check_policy_service inet:201.123.80.9:54317
> check_policy_service inet:201.123.80.23:54317
> 
> virtual_transport=lmtp:unix:private/dovecot-lmtp
> 
> Here, I am querying both two nodes. 201.123.80.9 is the other node. 201.123.80.23 is the node within which, email is sent. 
> ___________________________________________________________________________________________________________
> 
> logs while sending mail is below:-
> 
[snap]

> 
> I am understanding what the logs are trying to say. But I am not able to resolve the issue even after searching solution on internet and trying different hit and trials by myself. I want that if i am sending email to any node or within node, the configuration relating to "check _policy_service" for other node does not interfere and mail goes properly. At the same time I can also fetch quota status from other nodes.
> 
> If I can get any help regarding this it will be really appreciable as I have tried a lot of options already.
> 
Your problem is that if the dovecot is unreachable Postfix can't check
the quota for the user.

http://www.postfix.org/SMTPD_POLICY_README.html
explains how to resolve this problem:
smtpd_policy_service_default_action (default: 451 4.3.5 Server
configuration problem): The default action when an SMTPD policy service
request fails. Available with Postfix 3.0 and later.

The default action when an SMTPD policy service request fails. Specify
"DUNNO" to behave as if the failed SMTPD policy service request was not
sent, and to continue processing other access restrictions, if any. You
can configure it per policy also.

The issue you might encounter with this setup is that if both of your
dovecot nodes are unreachable Postfix will accept the e-mail and try to
deliver it. When the nodes come online it will fail if the user is over
quota and generate bounce to the envelope sender of the message, which
might produce backscatter.

I resolved this problem by keeping quota information in Mysql table and
using custom policy server to check if user is allowed to receive more
e-mail.

Also this approach might not work with aliases and other redirections,
the e-mail address checked by smtpd policy is the one before alias
expansion. You should check if it suits your environment.

Best,
Karol

-- 
Karol Augustin
karol at augustin.pl
http://karolaugustin.pl/
+353 85 775 5312