Good morning list,
first of all: dovecot works really great, the performance is
overwhelming (especially compared to courier), the configuration
flexible as hell, it is good documented - I love this software.
But as things get complicated, I think I need some additional help.
I'm using dovecot to replace the currently used courier-mailserver in a
shared hosting environment based on the control panel Confixx.
Confixx uses per default filesystem-users, giving each mailuser a
filesystem-quota, mails are stored in ~/Maildir/. The imap-logins are
all in the form of "webxpy", being "webx" the customer
(prefix 'web',
and a increasing number), and "py" the number of the pop account.
Because of the filesystem-quota we moved the indexes to another partition.
This basic setup with dovecot works great, with auth directly against
the confixx-database etc, imap_quota-plugin, quota-plugin working as
expected.
We now want to implement shared folders for each customer: all
mailaccounts of a customer should be able to subscribe to per-customer
shared folders in a specified maildir, thus I re-mapped the usernames
with a new user_query (and password_query) to the format of
"webxpy at webx" - being "webx" the virtual domain and
"webxpy" the
mailaccount, but still using "webxpy" as the imap-login (no need for
customers to change the login).
This also works, we even can control with ACL-vfiles the permissions of
specified users, to enable or disable specific folders.
The shared folders are specified as a new public namespace and the
"domain" is part of the storage-path (see configuration at the end of
this mail).
To allow easier quota-management (no need to create a new system-user),
the quota of the shared folders is maildir-based, with a
mysql-quota-dictionary (later, all accounts will be migrated to a
virtual-user-mailstorage, with only maildir-quota and no fs-quotas).
But when things come to the shared quota, I currently don't know how to
solve the wishes of the customer:
The current solution for shared folders (at the customer's local site)
is based on mdaemon, every shared folder (of a customer, not a single
mail-account) has a quota assigned. This quota cannot be exceeded by the
users, no more mails can be saved into the shared folders if used space
exceeds the hard quota-value.
As my tests have shown, dovecot uses a different approach to the
quota-issue: users can always move their mails from local folders to the
shared namespace, regardless of the shared quota. The quota itself is
only checked when receiving new mails, where the combined quota (local +
shared) may not be exceeded. If it is, the mail is not delivered to the
mailbox.
Our quota-config is this:
> quota_rule: *:storage=50M:messages=1000
> quota_rule2: Trash:storage=50M:messages=100
> quota_rule3: shared*:storage=100M:messages=1000
(also being altered by user_query, but the scheme is the same)
As of dovecot-wiki, this means:
Users can save "50M + 50M + 100M" of mails in all specified Folders,
so
the storage-value for the "shared*"-folders works additionally to the
"*"-storage-value.
Different from this, we want the following to happen:
If the customer exceeds the shared folders-quota, his mail-users may not
move mails from INBOX to shared, this move-operation should fail with a
reasonable error-message.
If the local quota of a mail user is exceeded, new mails should be
rejected/delayed, regardless of the shared quota-value (e.g., shared
quota exceeded, but no local mails [new mail-account], mails should be
delivered to INBOX).
Sieve-filters are not a problem, we do not allow user-specific
sieve-rules (managesieve is disabled).
Hopefully, I could explain my issues to you.
Our current dovecot-configuration is attached to this mail, any help
would be gladly appreciated.
If additional configuration-values/information is needed, I'll happily
provide them, if possible.
best regards,
Anton Dollmaier
> # 1.1.13: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.26-1-686 i686 Debian 5.0.1
> log_timestamp: %Y-%m-%d %H:%M:%S
> protocols: imap imaps pop3s pop3
> listen: *, [::]
> ssl_cert_file: /etc/dovecot/dovecot.pem
> ssl_key_file: /etc/dovecot/dovecot.pem
> disable_plaintext_auth: no
> login_dir: /var/run/dovecot/login
> login_executable(default): /usr/lib/dovecot/imap-login
> login_executable(imap): /usr/lib/dovecot/imap-login
> login_executable(pop3): /usr/lib/dovecot/pop3-login
> mail_max_userip_connections(default): 25
> mail_max_userip_connections(imap): 25
> mail_max_userip_connections(pop3): 10
> first_valid_uid: 249
> mail_access_groups: poponly
> mail_privileged_group: poponly
> mail_location: maildir:~/Maildir:INDEX=~/index:CONTROL=~/control
> mail_debug: yes
> mail_executable(default): /usr/lib/dovecot/imap
> mail_executable(imap): /usr/lib/dovecot/imap
> mail_executable(pop3): /usr/lib/dovecot/pop3
> mail_plugins(default): quota imap_quota acl
> mail_plugins(imap): quota imap_quota acl
> mail_plugins(pop3): quota acl
> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
> imap_client_workarounds(default): netscape-eoh
> imap_client_workarounds(imap): netscape-eoh
> imap_client_workarounds(pop3):
> pop3_client_workarounds(default):
> pop3_client_workarounds(imap):
> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
> namespace:
> type: private
> separator: .
> inbox: yes
> list: yes
> subscriptions: yes
> namespace:
> type: private
> prefix: INBOX.
> hidden: yes
> subscriptions: yes
> namespace:
> type: public
> separator: .
> prefix: shared.
> location: maildir:/var/mail/shared/%d/:INDEX=~/shared
> list: yes
> auth default:
> verbose: yes
> debug: yes
> debug_passwords: yes
> passdb:
> driver: sql
> args: /etc/dovecot/dovecot-sql.conf
> userdb:
> driver: sql
> args: /etc/dovecot/dovecot-sql.conf
> socket:
> type: listen
> client:
> path: /var/spool/postfix/private/auth
> mode: 432
> user: postfix
> group: postfix
> master:
> path: /var/run/dovecot/auth-master
> mode: 432
> user: vmail
> group: vmail
> plugin:
> quota: dict:::proxy::quotadict
> quota2: dict::%d:proxy::quota2dict
> quota_rule: *:storage=50M:messages=1000
> quota_rule2: Trash:storage=50M:messages=100
> quota_rule3: shared*:storage=100M:messages=1000
> acl: vfile
> expire: Trash 7 Spam 30
> expire_dict: proxy::expire
> dict:
> quotadict: mysql:/etc/dovecot/dovecot-dict-quota.conf
> quota2dict: mysql:/etc/dovecot/dovecot-dict-quota2.conf
(the two quota-dicts could probably be merged into one)
/etc/dovecot/dovecot-sql.conf:
> driver = mysql
> connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd
> default_pass_scheme = CRYPT
> password_query = SELECT CONCAT(account, '@', kunde) as user, longpw
as password FROM pop3 WHERE (account='%u' and gesperrt='0'
> user_query = SELECT CONCAT('/var/mail/vmail/', p.kunde,
'/', p.account,'/') as home, 249 as uid, 249 as gid,
CONCAT('*:storage=', p.maxkbhard) AS quota_rule,
CONCAT('shared.*:storage=', k.shared_maxkb) as quota2_rule FROM pop3 AS
p, kunden AS k WHERE k.kunde = p.kunde AND CONCAT(p.account, '@',
p.kunde) = '%u'
(quota-values in kilobytes)
/etc/dovecot/dovecot-dict-quota.conf:
> connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd
> table = dovecot_quota
> select_field = current
> where_field = path
> username_field = username
/etc/dovecot/dovecot-dict-quota2.conf:
> connect = host=localhost dbname=confixx user=confixx password=p4ssw0rd
> table = dovecot_quota_shared
> select_field = current
> where_field = path
> username_field = username
(tables are exactly as specified in dovecot-wiki)