dovecot - Oct 2012 - POLL: v2.2 to allow one mail over quota?

Currently if user is 1MB under quota and someone tries to deliver mail that is
over 1MB, Dovecot rejects the mail. But smaller mails aren't rejected
probably for days. So user might not even realize that they didn't receive
one of the mails. Also having a user "almost over quota" is a rather
strange state I think.

So what do you think about v2.2 allowing delivery of one last mail even if it
brings the user over quota? Except add a limit that if the message size is as
much as the user's entire quota limit it wouldn't be added (or 50% or
..?). Also IMAP wouldn't allow this, since user would get an error anyway. I
could make this also optional, but if nobody really wants to keep the old
behavior there's really no point in adding the option.

+1

Better to be lenient, than to confuse users by accepting some but not other
messages.

I believe most larger mail providers has a max message size of around 64MB or
less, so allowing the final message to exceed quota by about that sounds
reasonable to me.

   -jf

+1 to one last mail, though it would be nice if the over percentage
could be configurable...
-- 
Computerisms
Bob Miller      
867-334-7117 / 867-633-3760
http://computerisms.ca


On Mon, 2012-10-29 at 22:39 +0200, Timo Sirainen wrote:
> Currently if user is 1MB under quota and someone tries to deliver mail that
is over 1MB, Dovecot rejects the mail. But smaller mails aren't rejected
probably for days. So user might not even realize that they didn't receive
one of the mails. Also having a user "almost over quota" is a rather
strange state I think.
> 
> So what do you think about v2.2 allowing delivery of one last mail even if
it brings the user over quota? Except add a limit that if the message size is as
much as the user's entire quota limit it wouldn't be added (or 50% or
..?). Also IMAP wouldn't allow this, since user would get an error anyway. I
could make this also optional, but if nobody really wants to keep the old
behavior there's really no point in adding the option.
>

Timo Sirainen <tss at iki.fi> wrote:
> Currently if user is 1MB under quota and someone tries to deliver mail
> that is over 1MB, Dovecot rejects the mail. But smaller mails aren't
> rejected probably for days. So user might not even realize that they
> didn't receive one of the mails. Also having a user "almost over
> quota" is a rather strange state I think.
> So what do you think about v2.2 allowing delivery of one last mail
> even if it brings the user over quota? Except add a limit that if the
> message size is as much as the user's entire quota limit it
wouldn't
> be added (or 50% or ..?). Also IMAP wouldn't allow this, since user
> would get an error anyway. I could make this also optional, but if
> nobody really wants to keep the old behavior there's really no point
> in adding the option.
Yes, please add this new option. If possible with configurable limit.

I'd rather have a user go directly over quota with one final mail than
have a situation where half the mails get delivered and the other half
is rejected.
>From a 1st level support stand point this new behavior is easier to
explain than the way it is now.

By looking into my new crytal ball I can see the following happening:

 A user with 300KBytes under his quota gets a mail with 500KBytes in
 size. This of course bounces. He is then called by the sender who
 complains about the full mailbox. The user then sends himself a test
 mail (Subject: Test, Body: Test) which is delivered, because it is
 rather small and fits inside the few bytes left. The user then is
 confused. (And I have to use some of my precious time to explain to the
 user the inner workings of the mail system. ;))

So I'd very much appreciate such an option.

Gr??e,
Sven.

-- 
Sigmentation fault. Core dumped.

On Mon, 2012-10-29 at 22:39 +0200, Timo Sirainen wrote:
> So what do you think about v2.2 allowing delivery of one last mail even if
it brings the user over quota?



+1  only if configurable, and with an additional configurable quota
percentage value option for those that do enable the function.

In 99.9% of cases I could never see a service provider wanting this, but
some small private businesses perhaps might see 
a benefit in it.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20121030/71cde653/attachment-0004.bin>

Noel Butler <noel.butler at ausics.net> wrote:
> On Mon, 2012-10-29 at 22:39 +0200, Timo Sirainen wrote:
>> So what do you think about v2.2 allowing delivery of one last mail even
if it brings the user over quota?
> +1  only if configurable, and with an additional configurable quota
> percentage value option for those that do enable the function.
> In 99.9% of cases I could never see a service provider wanting this,
> but some small private businesses perhaps might see a benefit in it.
If your user quota is 1GiB (which is not big, if you look at todays user
quotas even at freemail providers) and the max mail size 30MiB, then a
users max mailbox size would then be 1054MiB.

Not an unreasonable price to pay for an easier to understand error
condition, IMHO.

Gr??e,
Sven.
-- 
Sigmentation fault. Core dumped.

On 29.10.2012 21:39, Timo Sirainen wrote:
> So what do you think about v2.2 allowing delivery of one last mail
even if it brings the user over quota? Except add a limit that if the
message size is as much as the user's entire quota limit it wouldn't be
added (or 50% or ..?). Also IMAP wouldn't allow this, since user would
get an error anyway. I could make this also optional, but if nobody
really wants to keep the old behavior there's really no point in adding
the option.

Great idea. This makes being over quota a stable state and makes it
easier for users to understand their "problem".


Regards

Christian

Timo Sirainen wrote:
> Currently if user is 1MB under quota and someone tries to deliver mail that
is over 1MB, Dovecot rejects the mail. But smaller mails aren't rejected
probably for days. So user might not even realize that they didn't receive
one of the mails. Also having a user "almost over quota" is a rather
strange state I think.
>
> So what do you think about v2.2 allowing delivery of one last mail even if
it brings the user over quota? Except add a limit that if the message size is as
much as the user's entire quota limit it wouldn't be added (or 50% or
..?). Also IMAP wouldn't allow this, since user would get an error anyway. I
could make this also optional, but if nobody really wants to keep the old
behavior there's really no point in adding the option.
>
This will finally make possible to reject RCPT TO: before the message size is 
known instead of accepting the message and sending a bounce later (bouncing SPAM
is not good).

-- 
Talex Sp??ka Akcyjna z siedzib? w Poznaniu
adres: ul. Karpia 27d, 61-619 Pozna?
NIP 782-00-21-045
zarejestrowana w S?dzie Rejonowym Pozna? ? Nowe Miasto i Wilda w Poznaniu
VIII Wydzia? Gospodarczy - KRS pod nr 000048779
kapita? zak?adowy: 3.000.092,00 PLN (w ca?o?ci wp?acony)

Uwaga: Niniejsza wiadomo??, w szczeg?lno?ci jej tre?? oraz za??czniki, mo?e by?
poufna. W przypadku, gdy nie jest Pan/Pani zamierzonym jej adresatem,
informujemy, ?e wszelkie rozpowszechnianie, dystrybucja lub powielanie powy?szej
wiadomo?ci jest zabronione. Jednocze?nie prosimy o powiadomienie nadawcy oraz
niezw?oczne usuni?cie powy?szej wiadomo?ci wraz z za??cznikami.
Dzi?kujemy, Talex S.A. w Poznaniu.

Confidentiality Notice: This email, particularly its content and any attached
files, may be confidential. If you are not an intended recipient, any
disclosure, distribution and reproduction of this message is prohibited. In this
case please notify the sender immediately and then delete this message and any
attachments.
Thank you, Talex S.A., Poznan.

* Jan-Frode Myklebust <janfrode at tanso.net>:
> 
> 
> +1
> 
> Better to be lenient, than to confuse users by accepting some but not other
messages.
Amen to that! +1

-- 
Ralf Hildebrandt
  Gesch?ftsbereich IT | Abteilung Netzwerk
  Charit? - Universit?tsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebrandt at charite.de | http://www.charite.de

Sounds like a reasonable idea, but one has to keep in mind that file system
quotas never work that way. So that change would make quota=fs behave
differently from the rest. So it should at least be configurable, I think.

On Mon, Oct 29, 2012 at 10:39:51PM +0200, Timo Sirainen
wrote:
> Currently if user is 1MB under quota and someone tries to deliver 
> mail that is over 1MB, Dovecot rejects the mail. But smaller mails 
> aren't rejected probably for days. So user might not even realize 
> that they didn't receive one of the mails. Also having a user 
> "almost over quota" is a rather strange state I think.
> 
> So what do you think about v2.2 allowing delivery of one last mail 
> even if it brings the user over quota? Except add a limit that if 
> the message size is as much as the user's entire quota limit it 
> wouldn't be added (or 50% or ..?). Also IMAP wouldn't allow this, 
> since user would get an error anyway. I could make this also 
> optional, but if nobody really wants to keep the old behavior 
> there's really no point in adding the option.
I think the thing to do is to adjust the admin's thinking about it.

Yes, if the current mailstore is under quota, by all means, you 
should accept the next email up to the maximum size the server 
accepts. No exception, just take it.

You control $quota and $maxMsg. Set your quota with that in mind, 
where $(($quota - 1 + $maxMsg)) total is something you can live with.

That said, I have been fortunate to never have to set up a quota. 
Storage is cheap. An occasional cron job can point out individual 
users who might be beyond what you'd consider reasonable, and to 
those users, apply a LART.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

On Mon, 2012-10-29 at 22:39 +0200, Timo Sirainen wrote:
> Currently if user is 1MB under quota and someone tries to deliver mail that
is over 1MB, Dovecot rejects the mail. But smaller mails aren't rejected
probably for days. So user might not even realize that they didn't receive
one of the mails. Also having a user "almost over quota" is a rather
strange state I think.
> 
> So what do you think about v2.2 allowing delivery of one last mail even if
it brings the user over quota? Except add a limit that if the message size is as
much as the user's entire quota limit it wouldn't be added (or 50% or
..?). Also IMAP wouldn't allow this, since user would get an error anyway. I
could make this also optional, but if nobody really wants to keep the old
behavior there's really no point in adding the option.
How about this, added to hg:

plugin {
  # LDA/LMTP allows saving the last mail to bring user from under quota to
  # over quota, if the quota doesn't grow too high. Default is to allow as
  # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
  #quota_last_extra = 10%%
}

Each quota root has its own limit, so if using multiple quota roots
(pretty rare) you'd have to set also quota2_last_extra, etc.

I wonder if there's a better name for this than "last_extra"..

On Mon, Feb 11, 2013 at 06:56:43AM -0500, Charles Marcus
wrote:
> On 2013-02-10 8:43 PM, Sven Hartge <sven at svenhartge.de> wrote:
> >quota_grace_extra
> 
> Smaller is better... why not just
> 
> quota_grace
Sounds good for me. In particular the similarity to the disk quotas
grace period is blatant.

Dennis

Am 2013-02-11 17:44, schrieb Dennis Guhl:
> On Mon, Feb 11, 2013 at 06:56:43AM -0500, Charles Marcus wrote:
>> On 2013-02-10 8:43 PM, Sven Hartge <sven at svenhartge.de> wrote:
>>
>> quota_grace
>
> Sounds good for me. In particular the similarity to the disk quotas
> grace period is blatant.
Not a native english speaker, but quota_grace is very concise and 
resonates in a way, that makes it easily rememberable: the quota is not 
enforced in strictness, but handled gracefully. The server for once 
turns a blind eye to the quota.

Documentation: quota_grace - specify an amount in <units> that a single 
incoming message may exceed the quota without being rejected. Useful in 
situations, where ...

*Alternatively* it could also be a binary option: Only start enforcing 
the quota after the fact, when it is already exceeded.

-- 
peter