Quota status to postfix in distributed environment (Karol Augustin)

SAAHIL IFTEKHAR response2saahil at gmail.com
Wed Feb 28 19:11:32 EET 2018 

Hi Karol

Thanks for taking time to go through the email and replying.

I'll rewrite the issue again -->

For example consider there two nodes. These each having their postfix and
dovecot. I am trying to implement quota status to postfix to both the below
cases:-

case 1) mail sent within the node
case 2) mail sent across the nodes

In case 1 the postfix will query the dovecot of same node white in case 2
it will query the dovecot of other node.

But suppose I am sending mail within the node and dovecot in other node is
down. Mail will not go within the node. Even it will not defer also. This
is evident from the logs(in last sections).

I'll try to work suggestions you have given in mysetup though and post the
relevant output. But if you have any other suggestion regarding what i have
wrote just now. please let me know.


Regards


On 28-Feb-2018 5:19 am, <dovecot-request at dovecot.org> wrote:

Send dovecot mailing list submissions to
        dovecot at dovecot.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://dovecot.org/mailman/listinfo/dovecot
or, via email, send a message with subject or body 'help' to
        dovecot-request at dovecot.org

You can reach the person managing the list at
        dovecot-owner at dovecot.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of dovecot digest..."


Today's Topics:

   1. Re: Quota status to postfix in distributed environment
      (@lbutlr) (SAAHIL IFTEKHAR)
   2. Re: Quota status to postfix in distributed environment
      (Karol Augustin)
   3. Re: Quota status to postfix in distributed environment (LuKreme)
   4. Re: Quota status to postfix in distributed environment
      (Karol Augustin)
----------------------------------------------------------------------

Message: 1
Date: Tue, 27 Feb 2018 19:29:44 +0530
From: SAAHIL IFTEKHAR <response2saahil at gmail.com>
To: dovecot at dovecot.org
Subject: Re: Quota status to postfix in distributed environment
        (@lbutlr)
Message-ID:
        <CAM5TiAQ2CT+u_BKEn0sKonirOQLD_Q0v=pVCcJBCiJfC08p7Mw at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

Hi

Actually, the requirement is such that we have to work with this version
only.

I want to point out that the reason from the problem can be found out from
logs(the end section).

The "check_policy_service" in main.cf of postfix is the problem according
to me. This configuration as a part of quota staus to postfix
configuration.

I hope many have went through this scenario or similar. So I am hoping to
get some help for the same.


Regards

------------------------------

Message: 2
Date: Tue, 27 Feb 2018 14:18:31 +0000
From: Karol Augustin <karol at augustin.pl>
To: dovecot at dovecot.org
Subject: Re: Quota status to postfix in distributed environment
Message-ID: <b50c30e1b65c3875565ca2e49efeaafd at augustin.pl>
Content-Type: text/plain; charset=US-ASCII

On 2018-02-26 16:28, SAAHIL IFTEKHAR wrote:

> Hi
>
> I have implemented Quota status to postfix in our setup. I have an imap
server (dovecot) and mail server (postfix) in every node. I am able to send
quota status to postfix and mails are rejected after 100% mail quota is
crossed. This rejection is happening both in across the nodes and within
the nodes.
>
> The problem is if I am sending mails to any node and if any other node's
dovecot is down, mails are not going. For example, I am sending an email
within the system but if some other node's dovecot is down then email
within the system also will not go.
>
> My dovecot version is 2.2.10. My postfix version is 2.1.10.
>
> doveconf -n output is below:-
>
[snap]
>
> Here "service quota status" is the concerned section in conf file.
> ____________________________________________________________
____________________________________________
>
> Postfix configuration is below:-
> smtpd_relay_restrictions =
> check_policy_service inet:201.123.80.9:54317
> check_policy_service inet:201.123.80.23:54317
>
> virtual_transport=lmtp:unix:private/dovecot-lmtp
>
> Here, I am querying both two nodes. 201.123.80.9 is the other node.
201.123.80.23 is the node within which, email is sent.
> ____________________________________________________________
_______________________________________________
>
> logs while sending mail is below:-
>
[snap]

>
> I am understanding what the logs are trying to say. But I am not able to
resolve the issue even after searching solution on internet and trying
different hit and trials by myself. I want that if i am sending email to
any node or within node, the configuration relating to "check
_policy_service" for other node does not interfere and mail goes properly.
At the same time I can also fetch quota status from other nodes.
>
> If I can get any help regarding this it will be really appreciable as I
have tried a lot of options already.
>
Your problem is that if the dovecot is unreachable Postfix can't check
the quota for the user.

http://www.postfix.org/SMTPD_POLICY_README.html
explains how to resolve this problem:
smtpd_policy_service_default_action (default: 451 4.3.5 Server
configuration problem): The default action when an SMTPD policy service
request fails. Available with Postfix 3.0 and later.

The default action when an SMTPD policy service request fails. Specify
"DUNNO" to behave as if the failed SMTPD policy service request was not
sent, and to continue processing other access restrictions, if any. You
can configure it per policy also.

The issue you might encounter with this setup is that if both of your
dovecot nodes are unreachable Postfix will accept the e-mail and try to
deliver it. When the nodes come online it will fail if the user is over
quota and generate bounce to the envelope sender of the message, which
might produce backscatter.

I resolved this problem by keeping quota information in Mysql table and
using custom policy server to check if user is allowed to receive more
e-mail.

Also this approach might not work with aliases and other redirections,
the e-mail address checked by smtpd policy is the one before alias
expansion. You should check if it suits your environment.

Best,
Karol


--
Karol Augustin
karol at augustin.pl
http://karolaugustin.pl/
+353 85 775 5312
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180228/24801aef/attachment-0001.html>

More information about the dovecot mailing list