On 7/29/2021 2:15 PM, dove...@ptld.com wrote:
Plus Dovecot complains that the policy service is only supposed
to be
used in the RCPT stage. So clearly this is a bad approach.
I want to explore this more. I tried it and also see:
dovecot[1096]: quota-status(26164): Warning: Received policy query
from MTA in unexpected state END-OF-MESSAGE (service can only be
used for recipient restrictions)
Why? Why does dovecot even care? Quota plugin is sent a user and a
size, it looks up quota for that user and computes if size will
put the user over limit and returns an answer. Why does dovecot
care or even know at what stage this is done? Why is it bad to
check quota after getting the real size? Seems like its designed
to allow spoofing from an evil mail client.
What is the harm being done that causes this log warning? What is
the harm in ignoring the warning?
With multi-recipient mail, the recipient attribute is undefined at
end-of-data.
So you have to pick your poison - during recipient restrictions the
size may not be known or may not be accurate, at end-of-data the
recipient may not be known *and* it's too late to reject a single
recipient on a multi-recipient mail.
The only solution is to reject all mail for an over-quota recipient
during recipient restrictions, and if the mail passes that stage,
deliver it anyway even if it makes the user go over quota.
-- Noel Jones
