Emails redownloading

Fri Apr 12 16:50:12 EEST 2019

Citát "B. Reino via dovecot" <dovecot at dovecot.org>:

> On 2019-04-12 11:05, azurit--- via dovecot wrote:
>> Citát "B. Reino via dovecot" <dovecot at dovecot.org>:
>>
>>> On 2019-04-12 07:43, azurit--- via dovecot wrote:
>>>> Hi,
>>>>
>>>> recently, we had a problem on one of our mail servers and, after
>>>> reboot, HDD with emails wasn't mounted into system. Until we fixed it,
>>>> LOTS of users logged in (Dovecot allowed login and recreated
>>>> directory  structure of mailboxes) and saw empty mailboxes. Now they
>>>> are  redownloading all email, which isn't fun, as it's about 2 TB of
>>>> data.
>>>>
>>>> Anyway, is there a way how to prevent this in the future? Can i set
>>>> Dovecot to disallow logins in such situations? Thanks.
>>>
>>> You didn't tell which OS or init system you are using.
>>> With systemd, you can add use "systemctl edit dovecot" and use:
>>>
>>> [Unit]
>>> RequiresMountsFor=/path/to/your/mounted/mailbox
>>>
>>> This way dovecot will be started when the directory has been mounted.
>>>
>>> IMHO, and with no offence intended, if you can't control your  
>>> system  initialization, then you should not start daemons  
>>> automatically,  i.e. you should take the role of systemd.
>>>
>>> Cheers.
>>
>>
>> Thanks. Any other suggestions? Some which will cover also situations
>> where HDD is disconnected while server is already running (so Dovecot
>> won't display empty mailbox but deny login instead).
>
> You could set the permissions of the mount point so that dovecot  
> cannot read or write from there.
> This way, if for any reason the HDD is unmounted dovecot won't be  
> able to continue working (i.e. won't be able to access the mailboxes  
> or create empty ones).
>
> This may or may not prevent users from logging in (you can test it).
>
> .. I suppose your "use case" is pretty unusual. Normally you don't  
> randomly pull HDDs from a running server, but I don't know which  
> environment you have to live with :)
>
> (That said, there's probably a way to automatically run a script  
> when a device is unmounted, and then have the script stop dovecot,  
> etc. -- but then this is outside of the scope of dovecot itself, and  
> more a system administration issue.. and you still haven't said  
> which operating system or init system you have).
>
> Cheers.

I'm on standard Debian Stretch.

HDDs/storage can be easily pulled out in virtual environment or using  
NFS. Stopping Dovecot after detecting this is not very efficient, as  
'detecting and stopping' can take up to minute or two and that's  
enough time for all active users (thousands in our case for one proxy  
backend) to noticing empty mailboxes.

I was already thinking about changing permissions on mount point but  
it's quite hard to test it.

Isn't there any option telling Dovecot to NOT create 'root' directory  
of a mail account if it doesn't exists? And, instead, deny login with  
an error (something like 'Internal error' would be sufficient).