Hallo zusammen,
?ber den Policy Service von Dovecot zum Abfragen der User Quotas wurde
ja schon diskutiert - auch gibt es eine gute Anleitung zum Einrichten,
nur leider bekomme ich den Policy Server nicht korrekt konfiguriert.
Folgende Fehler werden protokolliert:
May 3 22:00:13 mail postfix/smtpd[17463]: warning: access table
unix:private/quota-status entry has empty value
May 3 22:00:42 mail dovecot: quota-status(daniel at dlutt.de): Error: user
daniel at dlutt.de: Error reading configuration:
net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied
Es ist dabei so, dass nach einem Reload der Dienste die erste Mail
noch zugestellt wird, die folgende, eingehende Mail dann jedoch
abgelehnt wird. Nachfolgend die kompletten Logeintr?ge:
May 3 22:00:12 mail postfix/smtpd[17463]: connect from
mail-ie0-x236.google.com[2607:f8b0:4001:c03::236]
May 3 22:00:13 mail postfix/smtpd[17463]: warning: access table
unix:private/quota-status entry has empty value
May 3 22:00:13 mail postfix/smtpd[17463]: 0EB81172391A:
client=mail-ie0-x236.google.com[2607:f8b0:4001:c03::236]
May 3 22:00:13 mail postfix/cleanup[17475]: 0EB81172391A:
message-id=<CAKrzS114MaJGND9BxYUiixMMtORmXJqTA3W13B=QAr0YW_nkUg at
mail.gmail.com>
May 3 22:00:13 mail postfix/qmgr[17429]: 0EB81172391A: from=<sender at
googlemail.com>, size=5409, nrcpt=1 (queue active)
May 3 22:00:13 mail postfix/smtpd[17463]: disconnect from
mail-ie0-x236.google.com[2607:f8b0:4001:c03::236]
May 3 22:00:13 mail klms-smtp_proxy: Message from sender at googlemail.com to
daniel at dlutt.de passed
May 3 22:00:14 mail postfix/smtpd[17482]: connect from localhost[127.0.0.1]
May 3 22:00:14 mail postfix/smtpd[17482]: 00776172391C:
client=localhost[127.0.0.1],
orig_client=mail-ie0-x236.google.com[2607:f8b0:4001:c03::236]
May 3 22:00:14 mail postfix/cleanup[17475]: 00776172391C:
message-id=<CAKrzS114MaJGND9BxYUiixMMtORmXJqTA3W13B=QAr0YW_nkUg at
mail.gmail.com>
May 3 22:00:14 mail postfix/qmgr[17429]: 00776172391C: from=<sender at
googlemail.com>, size=6195, nrcpt=1 (queue active)
May 3 22:00:14 mail postfix/smtpd[17482]: disconnect from localhost[127.0.0.1]
May 3 22:00:14 mail postfix/smtp[17476]: 0EB81172391A: to=<daniel at
dlutt.de>, relay=127.0.0.1[127.0.0.1]:10025, delay=1.2,
delays=0.54/0.02/0/0.65, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
00776172391C)
May 3 22:00:14 mail postfix/qmgr[17429]: 0EB81172391A: removed
May 3 22:00:14 mail dovecot: lmtp(17484): Connect from local
May 3 22:00:14 mail dovecot: lmtp(17484, daniel at dlutt.de):
dEa8BE4XhFFMRAAAG4AjPw: sieve:
msgid=<CAKrzS114MaJGND9BxYUiixMMtORmXJqTA3W13B=QAr0YW_nkUg at
mail.gmail.com>: stored mail into mailbox 'INBOX'
May 3 22:00:14 mail dovecot: lmtp(17484): Disconnect from local: Successful
quit
May 3 22:00:14 mail postfix/lmtp[17483]: 00776172391C: to=<daniel at
dlutt.de>, relay=mail.dlutt.de[private/dovecot-lmtp], delay=0.11,
delays=0.05/0.02/0.01/0.03, dsn=2.0.0, status=sent (250 2.0.0 <daniel at
dlutt.de> dEa8BE4XhFFMRAAAG4AjPw Saved)
May 3 22:00:14 mail postfix/qmgr[17429]: 00776172391C: removed
May 3 22:00:36 mail postfix/postscreen[17433]: CONNECT from
[2607:f8b0:4001:c03::230]:43653 to [2a00:1828:2000:206::2]:25
May 3 22:00:42 mail postfix/postscreen[17433]: PASS NEW
[2607:f8b0:4001:c03::230]:43653
May 3 22:00:42 mail postfix/smtpd[17463]: connect from
mail-ie0-x230.google.com[2607:f8b0:4001:c03::230]
May 3 22:00:42 mail dovecot: quota-status(daniel at dlutt.de): Error: user
daniel at dlutt.de: Error reading configuration:
net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied
May 3 22:00:42 mail postfix/smtpd[17463]: NOQUEUE: reject: RCPT from
mail-ie0-x230.google.com[2607:f8b0:4001:c03::230]: 450 4.7.1 <daniel at
dlutt.de>: Recipient address rejected: Internal error occurred. Refer to
server log for more information.; from=<absender at googlemail.com>
to=<daniel at dlutt.de> proto=ESMTP helo=<mail-ie0-x230.google.com>
May 3 22:00:42 mail postfix/smtpd[17463]: disconnect from
mail-ie0-x230.google.com[2607:f8b0:4001:c03::230]
May 3 22:00:53 mail postfix/postfix-script[17560]: stopping the Postfix mail
system
May 3 22:00:53 mail postfix/master[17425]: terminating on signal 15
May 3 22:02:51 mail dovecot: master: Warning: Killed with signal 15 (by
pid=17681 uid=0 code=kill)
Das Problem tritt mit dem unix_listener, aber auch mit dem
inet_listener auf - beide Male beschwert sich Dovecot ?ber den Zugriff
auf den Service "config". Ich habe auch mal versucht, die
Berechtigungen f?r den Service "config" auf World-Readable zu setzen,
leider hat dies auch nicht geklappt, wobei ich nicht wei?, ob dieser
unbedingt mit dem Problem etwas zu tun hat.
Auch beim Debug-Logging sind leider nicht mehr Infos zum Fehler zu
finden.
Zum Einsatz kommt aktuell Postfix 2.10.0 und Dovecot 2.2.1.
Die Dovecot Quota Konfiguration sieht so aus, wie bei sys4
beschrieben:
service quota-status {
executable = quota-status -p postfix
unix_listener /var/spool/postfix/private/quota-status {
group = postfix
mode = 0660
user = postfix
}
client_limit = 1
}
Mittlerweile habe ich schon einige Optionen und Berechtigungen
ausprobiert, aber der Fehler bleibt leider der gleiche.
Hat vielleicht jemand noch einen Tip?
Danke schon mal.
--
Daniel
On 2013-05-03, Daniel Luttermann wrote:> Hallo zusammen,> ?ber den Policy Service von Dovecot zum Abfragen der User Quotas wurde > ja schon diskutiert - auch gibt es eine gute Anleitung zum Einrichten, > nur leider bekomme ich den Policy Server nicht korrekt konfiguriert.sorry, this was a question for the german Dovecot mailing list. -- Daniel
Am 03.05.2013 23:34, schrieb Daniel Luttermann:> Zum Einsatz kommt aktuell Postfix 2.10.0 und Dovecot 2.2.1. > > Die Dovecot Quota Konfiguration sieht so aus, wie bei sys4 > beschrieben: > > service quota-status { > executable = quota-status -p postfix > unix_listener /var/spool/postfix/private/quota-status { > group = postfix > mode = 0660 > user = postfix > } > client_limit = 1 > } > > Mittlerweile habe ich schon einige Optionen und Berechtigungen > ausprobiert, aber der Fehler bleibt leider der gleiche. > > Hat vielleicht jemand noch einen Tip? > > Danke schon mal.besser hier nicht in deutsch.... du solltest nur Dovecot 2.2.1 verwenden der quota code in 2.1 ist "nicht voellig vollstaendig" das setup sieht auf den ersten Blick ok aus hast du es schon mal alternativ exakt wie beschrieben in http://sys4.de/de/blog/2013/04/05/dovecot-quota-mit-postfix-abfragen/ vor allem quota_grace = 10%% quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full / Mailbox ist voll" etc nicht vergessen getestet ? alternativ versuch mal mode = 0666 fuer mich sieht es wie ein permission Problem aus, das k?nnte unterschiedlich sein je nach setup, user / group postfix muessen existieren usw verglichen mit http://hg.dovecot.org/dovecot-2.1/file/0fa68f3a8f6c/doc/example-config/conf.d/10-master.conf # Postfix smtp-auth 96 #unix_listener /var/spool/postfix/private/auth { 97 # mode = 0666 98 #} Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On Sat, 2013-05-04 at 07:35 +0200, Robert Schetterer wrote:> du solltest nur Dovecot 2.2.1 verwenden > der quota code in 2.1 ist "nicht voellig vollstaendig" > das setup sieht auf den ersten Blick ok aus >The quota-grace I think was only bit not backported, is that right? Did Timo do or announce plan to do this, or not happening for 2.1 only 2.2? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20130504/2e72e46d/attachment.bin>
Am 04.05.2013 09:12, schrieb Noel Butler:> The quota-grace I think was only bit not backported, is that right? > Did Timo do or announce plan to do this, or not happening for 2.1 only > 2.2?at my last knowledge it wasnt backported and it will never done, so with most setups, quota policy service in 2.1 is more or less useless in reality, cause lda or lmtp will do the bounce job, so mailboxes mostly may go never "over quota" but however Timo might have better answers Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On 2013-05-04, Robert Schetterer wrote:> Am 04.05.2013 15:06, schrieb Daniel Luttermann: >> service quota-status { >> client_limit = 1 >> executable = quota-status -p postfix >> unix_listener /var/spool/postfix/private/quota-status { >> group = postfix >> mode = 0660 >> user = postfix >> }> try> service quota-status { > executable = quota-status -p postfix > unix_listener /var/spool/postfix/private/quota-status { > group = postfix > mode = 0666 > user = postfix > } > client_limit = 1 > }OK, changed the permissions of the service as you suggested: srw-rw-rw- 1 postfix postfix 0 May 4 20:53 /var/spool/postfix/private/quota-status Log of the first incoming email: May 4 20:54:13 mail postfix/postscreen[12627]: CONNECT from [193.99.144.71]:46355 to [217.11.53.6]:25 May 4 20:54:13 mail postfix/postscreen[12627]: PASS OLD [193.99.144.71]:46355 May 4 20:54:13 mail postfix/smtpd[12631]: connect from web.heise.de[193.99.144.71] May 4 20:54:13 mail postfix/smtpd[12631]: warning: access table unix:private/quota-status entry has empty value Mail gets delivered... Second incoming email (mail.log) May 4 20:55:16 mail postfix/postscreen[12627]: CONNECT from [193.99.144.71]:33634 to [217.11.53.6]:25 May 4 20:55:16 mail postfix/postscreen[12627]: PASS OLD [193.99.144.71]:33634 May 4 20:55:16 mail postfix/smtpd[12631]: connect from web.heise.de[193.99.144.71] May 4 20:55:16 mail dovecot: quota-status(daniel at dlutt.de): Error: user daniel at dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied May 4 20:55:16 mail postfix/smtpd[12631]: NOQUEUE: reject: RCPT from web.heise.de[193.99.144.71]: 450 4.7.1 <daniel at dlutt.de>: Recipient address rejected: Internal error occurred. Refer to server log for more information.; from=<www at heise.de> to=<daniel at dlutt.de> proto=ESMTP helo=<web.heise.de> May 4 20:55:16 mail postfix/smtpd[12631]: disconnect from web.heise.de[193.99.144.71] mail.warn: May 4 20:55:16 mail dovecot: quota-status(daniel at dlutt.de): Error: user daniel at dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied Permissions of the Dovecot config service: srw------- 1 root root 0 May 4 20:53 /usr/var/run/dovecot/config Maybe the problem has something to do with the double space as pointed out by Andreas? "quota-status entry has empty value" -- Daniel
Am 04.05.2013 21:11, schrieb Daniel Luttermann:> May 4 20:55:16 mail dovecot: quota-status(daniel at dlutt.de): Error: user daniel at dlutt.de: Error reading configuration: net_connect_unix(/usr/var/run/dovecot/config) failed: Permission denied > > Permissions of the Dovecot config service: > > srw------- 1 root root 0 May 4 20:53 /usr/var/run/dovecot/config > > Maybe the problem has something to do with the double space as pointed > out by Andreas? > > "quota-status entry has empty value"maybe, sorry i cant test it here yet, did you use latest code from http://hg.dovecot.org/dovecot-2.2/ seems like there was a patch http://hg.dovecot.org/dovecot-2.2/rev/aefdf65442cc Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
I was able to replicate your problem with 2.1.16 rev 0fa68f3a8f6c (from
Stephan's auto-built packages).
I have the following configuration in 10-master.conf, and no special
configuration for the service in 90-quota.conf.
| service quota-status {
| executable = quota-status -p postfix
| inet_listener {
| port = 12340
| }
| client_limit = 1
| user = root
| }
When I first query the quota-status service, I get the correct response:
| $ printf "recipient=test at example.org\nsize=1234\n\n" | nc
127.0.0.1 12340
| action=OK
|
But on every subsequent try, I always receive a response like this:
| $ printf "recipient=test at example.org\nsize=1234\n\n" | nc
127.0.0.1 12340
| action=DEFER_IF_PERMIT Internal error occurred. Refer to server log for more
information.
|
Where the server log only says
| May 7 11:59:45 minna dovecot: quota-status(test at example.org): Error: user
test at example.org: Error reading configuration:
net_connect_unix(/var/run/dovecot/config) failed: Permission denied
Looking at the quota-status process, I notice it is not running as root,
but rather as $mail_uid. It seems the service drops / changes its
privileges at some point, which would explains the permission error on
subsequent requests.
Setting service_count=1 for the service is not a viable workaround, as
Postfix sends all policy requests for one SMTP session via one TCP
connection.