On 2013-05-04, Robert Schetterer wrote:
> Am 03.05.2013 23:34, schrieb Daniel Luttermann:
>> Zum Einsatz kommt aktuell Postfix 2.10.0 und Dovecot 2.2.1.
>>
>> Die Dovecot Quota Konfiguration sieht so aus, wie bei sys4
>> beschrieben:
>>
>> service quota-status {
>> executable = quota-status -p postfix
>> unix_listener /var/spool/postfix/private/quota-status {
>> group = postfix
>> mode = 0660
>> user = postfix
>> }
>> client_limit = 1
>> }
>>
>> Mittlerweile habe ich schon einige Optionen und Berechtigungen
>> ausprobiert, aber der Fehler bleibt leider der gleiche.
>>
>> Hat vielleicht jemand noch einen Tip?
>>
>> Danke schon mal.
> besser hier nicht in deutsch....
sorry - I wanted to ask on the german Dovecot mailing list but sent
this mail to the english list.
> du solltest nur Dovecot 2.2.1 verwenden
> der quota code in 2.1 ist "nicht voellig vollstaendig"
> das setup sieht auf den ersten Blick ok aus
Current I'm using Dovecot 2.2.1 and Postfix 2.10.0.
> hast du es schon mal alternativ exakt wie beschrieben in
> http://sys4.de/de/blog/2013/04/05/dovecot-quota-mit-postfix-abfragen/
> vor allem
> quota_grace = 10%%
> quota_status_success = DUNNO
> quota_status_nouser = DUNNO
> quota_status_overquota = "552 5.2.2 Mailbox is full / Mailbox ist voll"
> etc nicht vergessen
> getestet ?
yes, I've tried this (see doveconf/postconf below).
> alternativ versuch mal mode = 0666
> fuer mich sieht es wie ein permission Problem aus, das könnte
> unterschiedlich sein je nach setup, user / group postfix muessen
> existieren usw
When I use
service config {
unix_listener config {
group =
mode = 0666
user =
}
}
then the error "permission denied" doesn't occur anymore but the error
warning: access table unix:private/quota-status entry has empty value
is the same. The verbose logging shows this:
=====
May 4 14:01:52 mail dovecot: quota-status(dan...@dlutt.de): Debug: acl vfile:
Global ACL directory: /etc/dovecot/global-acls
May 4 14:01:52 mail dovecot: quota-status(dan...@dlutt.de): Debug: Namespace :
type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children,
subscriptions=no location=mdbox:%h/sdbox
May 4 14:01:52 mail dovecot: quota-status(dan...@dlutt.de): Debug: shared:
root=/usr/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
May 4 14:01:52 mail dovecot: quota-status(dan...@dlutt.de): Debug: acl:
initializing backend with data: vfile:/etc/dovecot/global-acls:cache_secs=300
May 4 14:01:52 mail dovecot: quota-status(dan...@dlutt.de): Debug: acl: acl
username = dan...@dlutt.de
May 4 14:01:52 mail dovecot: quota-status(dan...@dlutt.de): Debug: acl: owner
= 0
May 4 14:01:52 mail dovecot: quota-status(dan...@dlutt.de): Debug: acl vfile:
Global ACL directory: /etc/dovecot/global-acls
May 4 14:01:52 mail postfix/smtpd[26993]: private/quota-status: wanted
attribute: action
May 4 14:01:52 mail postfix/smtpd[26993]: input attribute name: action
May 4 14:01:52 mail postfix/smtpd[26993]: input attribute value: (end)
May 4 14:01:52 mail postfix/smtpd[26993]: private/quota-status: wanted
attribute: (list terminator)
May 4 14:01:52 mail postfix/smtpd[26993]: input attribute name: (end)
May 4 14:01:52 mail postfix/smtpd[26993]: check_table_result:
unix:private/quota-status policy query
May 4 14:01:52 mail postfix/smtpd[26993]: warning: access table
unix:private/quota-status entry has empty value
May 4 14:01:52 mail postfix/smtpd[26993]: generic_checks:
name=check_policy_service status=1
May 4 14:01:52 mail postfix/smtpd[26993]: >>> END Recipient address
RESTRICTIONS <<<
May 4 14:01:52 mail postfix/smtpd[26993]: >>> CHECKING RECIPIENT MAPS <<<
May 4 14:01:52 mail postfix/smtpd[26993]: ctable_locate: move existing entry
key dan...@dlutt.de
....
....
May 4 14:01:53 mail dovecot: lmtp(27012): Debug: auth input: dan...@dlutt.de
home=/home/vmail/dlutt.de/daniel uid=5000 gid=5000 quota_rule=*:bytes=900000000
May 4 14:01:53 mail dovecot: lmtp(27012): Debug: Added userdb setting:
plugin/quota_rule=*:bytes=900000000
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: Effective
uid=5000, gid=5000, home=/home/vmail/dlutt.de/daniel
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: Quota root:
name=User quota backend=dict args=:proxy::quota
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: Quota rule:
root=User quota mailbox=* bytes=900000000 messages=0
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: Quota rule:
root=User quota mailbox=Trash bytes=+104857600 messages=0
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: Quota
warning: bytes=855000000 (95%) messages=0 reverse=no command=quota-warning 95
dan...@dlutt.de
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: Quota
warning: bytes=720000000 (80%) messages=0 reverse=no command=quota-warning 80
dan...@dlutt.de
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: Quota grace:
root=User quota bytes=90000000 (10%)
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: dict quota:
user=dan...@dlutt.de, uri=proxy::quota, noenforcing=0
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: Namespace
inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes,
subscriptions=yes location=mdbox:~/mdbox
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: fs:
root=/home/vmail/dlutt.de/daniel/mdbox, index=, indexpvt=, control=, inbox=,
alt=
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: acl:
initializing backend with data: vfile:/etc/dovecot/global-acls:cache_secs=300
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: acl: acl
username = dan...@dlutt.de
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: acl: owner =
1
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: acl vfile:
Global ACL directory: /etc/dovecot/global-acls
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: Namespace :
type=shared, prefix=shared/%u/, sep=/, inbox=no, hidden=no, list=children,
subscriptions=no location=mdbox:%h/sdbox
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: shared:
root=/usr/var/run/dovecot, index=, indexpvt=, control=, inbox=, alt=
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: acl:
initializing backend with data: vfile:/etc/dovecot/global-acls:cache_secs=300
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: acl: acl
username = dan...@dlutt.de
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: acl: owner = 0
May 4 14:01:53 mail dovecot: lmtp(27012, dan...@dlutt.de): Debug: acl vfile:
Global ACL directory: /etc/dovecot/global-acls
=====
When I use the Dovecot default for the service "config" which is
root:root, then I get this error (permission denied):
May 4 14:46:51 mail postfix/postscreen[29225]: CONNECT from
[2607:f8b0:4001:c02::229]:41474 to [2a00:1828:2000:206::2]:25
May 4 14:46:57 mail postfix/postscreen[29225]: PASS NEW
[2607:f8b0:4001:c02::229]:41474
May 4 14:46:57 mail postfix/smtpd[29240]: connect from
mail-ia0-x229.google.com[2607:f8b0:4001:c02::229]
May 4 14:46:58 mail postfix/smtpd[29240]: NOQUEUE: reject: RCPT from
mail-ia0-x229.google.com[2607:f8b0:4001:c02::229]: 450 4.7.1 <dan...@dlutt.de>:
Recipient address rejected: Internal error occurred. Refer to server log for
more information.; from=<free...@googlemail.com> to=<dan...@dlutt.de>
proto=ESMTP helo=<mail-ia0-x229.google.com>
May 4 14:46:58 mail dovecot: quota-status(dan...@dlutt.de): Error: user
dan...@dlutt.de: Error reading configuration:
net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied
May 4 14:46:58 mail postfix/smtpd[29240]: disconnect from
mail-ia0-x229.google.com[2607:f8b0:4001:c02::229]
My Dovecot and Postfix config:
doveconf -n
===========
# 2.2.1: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7
dict {
acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
expire = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
hostname = mail.dlutt.de
listen = 217.11.53.7
mail_debug = yes
mail_location = mdbox:~/mdbox
mail_plugins = acl quota expire
mail_privileged_group = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace {
list = children
location = mdbox:%%h/sdbox
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
acl_shared_dict = proxy::acl
expire = Trash
expire2 = Junk
expire_dict = proxy::expire
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
quota = dict:User quota::proxy::quota
quota_grace = 10%%
quota_rule = *:storage=1G
quota_rule2 = Trash:storage=+100M
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Recipient mailbox is is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
postmaster_address = postmas...@dlutt.de
protocols = imap lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service dict {
unix_listener dict {
group = vmail
mode = 0600
user = vmail
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 0
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
address = 127.0.0.1
port = 4190
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
unix_listener /var/spool/postfix/private/quota-status {
group = postfix
mode = 0660
user = postfix
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.key
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
mail_plugins = acl quota expire sieve
}
protocol imap {
mail_plugins = acl quota expire imap_acl imap_quota
}
postconf -n
===========
address_verify_map = memcache:/etc/postfix/verify-memcache.cf
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
alias_maps = hash:/etc/aliases
body_checks = pcre:/etc/postfix/body_checks
bounce_queue_lifetime = 1d
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 1d
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = dlutt.de
myhostname = mail.dlutt.de
mynetworks_style = host
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_cache_map = memcache:/etc/postfix/memcache-postscreen.cf
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org, ix.dnsbl.manitu.net
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
$alias_maps proxy:btree:/var/lib/postfix/postscreen_cache_map
proxy:btree:/var/lib/postfix/verify_cache_map
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
$address_verify_map $postscreen_cache_map
proxy:btree:/var/lib/postfix/postscreen_cache_map
proxy:btree:/var/lib/postfix/verify_cache_map
queue_directory = /var/spool/postfix
readme_directory = no
recipient_delimiter = +
relay_domains = hash:/etc/postfix/relay_domains
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_bind_address = 217.11.53.6
smtp_bind_address6 = 2a00:1828:2000:206::2
smtpd_discard_ehlo_keywords = silent-discard, dsn
smtpd_helo_required = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:/etc/postfix/smtpd_sender_login_maps
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.key
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport_maps
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps
master.cf
=========
217.11.53.6:25 pass - - n - - smtpd
-o
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_non_fqdn_sender,reject_unknown_recipient_domain,reject_unknown_sender_domain,permit_mynetworks,reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname,reject_unverified_recipient,check_policy_service,unix:private/quota-status
-o smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination
-o content_filter=klms_postfix-afterqueue:127.0.0.1:10025
-o receive_override_options=no_address_mappings
[2a00:1828:2000:206::2]:25 pass - - n - -
smtpd
-o
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_non_fqdn_sender,reject_unknown_recipient_domain,reject_unknown_sender_domain,permit_mynetworks,reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname,reject_unverified_recipient,check_policy_service,unix:private/quota-status
-o smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination
-o content_filter=klms_postfix-afterqueue:127.0.0.1:10025
-o receive_override_options=no_address_mappings
--
Daniel
