dovecot - Jun 2013 - quota-status not working in distributed environment

Hello List

Quick overview of our set-up:

Postfix / Dovecot (2.2.2.1) / MySQL Cluster on (at the moment) three Servers 
to create a HA environment where you could easily add additional servers as 
the demand or load grows.

Circular dovecot replication is used so each server uses another one as 
replication partner and allowing one server to fail.

Dovecot Proxy Feature being used, so we can use round-robin DNS and each 
server can forward the connecting user to the correct 'master' for his 
mailbox.

So far, everything works as expected.

Now we want to reject emails to 'full' mailboxes during SMTP to prevent 
backscatter and use the quota-status policy service from within postfix.

That works fine, if the mailbox or it's replica is present on the machine 
where quota-status is called, but it fails if it's run on a machine where 
neither the mailbox or the replica is present.
In our case, we get a correct SMTP 550 'Mailbox Full' Reject in two
cases and
a LMTP generated bounce in the later case.

Also `doveadm quota get -u user at example.com`
return the correct quota if run on the two machines which have the mailbox and 
it's copy locale, but return 0% used if run on the other machine.

Is there a way to get quota-status to also use the proxy feature to request 
the quota information from the correct machine?

Or is the postfix policy daemon call to the quota-status socket documented 
somewhere (it must be, but where?) so we could implement it from within the 
Milter? (we use the sendmail Milter API from postfix to filter spam and 
viruses, do sender/recipient rewriting, forward bounce matching, rate 
limmiting, login/IP statistics to block botnets abusing phished addresses and 
legal intercept stuff anyway)

Kind regards

Benoit Panizzon
-- 
I m p r o W a r e   A G    -    
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 07
CH-4133 Pratteln                Fax  +41 61 826 93 02
Schweiz                         Web  http://www.imp.ch
______________________________________________________

At 12PM +0200 on 13/06/13 you (Benoit Panizzon) wrote:
> 
> Or is the postfix policy daemon call to the quota-status socket documented 
> somewhere (it must be, but where?) so we could implement it from within the
> Milter? (we use the sendmail Milter API from postfix to filter spam and 
> viruses, do sender/recipient rewriting, forward bounce matching, rate 
> limmiting, login/IP statistics to block botnets abusing phished addresses
and
> legal intercept stuff anyway)
The quota-status protocol is just the ordinary Postfix policy delegation
protocol, documented in Postfix's SMTPD_POLICY_README. I would have
thought that if you give 'service quota-status' an inet_listener you
could have the Postfix policy check the quota on several machines over
the network, though of course the policy protocol has absolutely no
security so you may not want to do that.

Ben