On Feb 20, 2014, at 5:12 PM, Cyberonic Turbo wrote:
> Following this guide:
> http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ I
can't
> seem to get it to work, as soon as I add the smtpd_recipient_restrictions
> setting to postfix I can no longer send mail at all. I get the message SMTP
> Error (450): Failed to add recipient "postmaster at example.com"
(4.7.1 :
> Recipient address rejected: Internal error occurred. Refer to server log
> for more information.). I googled around and found this command to test the
> quota-status service: printf "recipient=postmaster at
> example.com\nsize=1234\n\n"
> | nc 127.0.0.1 12340
> It seems to always return the quota_status_nouser message. I'm really
> stumped here. What logs do I need to check for errors and does anyone have
> any experience with this?
I'm not an expert, I just followed the same guide a few days ago
while preparing to front an old vpopmail system with postfix. It
did work for me.
Before moving on to enabling the check in postfix, verify that the
dovecot side is working.
Your example test should work, I did the same here:
[root at util-b /usr/local/etc/postfix]# printf "recipient=chip at
test.bway.net\nsize=12304\n\n" | nc mbox.i 25001
action=DUNNO
[root at util-b /usr/local/etc/postfix]# printf "recipient=chip at
test.bway.net\nsize=123000000004\n\n" | nc mbox.i
25001 action=552 5.2.2 Mailbox is full
If that fails for you, examine the dovecot log. In my case, I did
have to provide the full path to the "quota-status" binary and
dovecot complained about not being able to find it. Make sure you
actually have quota-status installed. Full dovecot snippet for this
below:
# report quota to postfix
# see http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/
plugin {
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
service quota-status {
executable = /usr/local/libexec/dovecot/quota-status -p postfix
inet_listener {
address = 10.x.x.19 # In my case I want it listening on a particular IP
port = 25001
}
client_limit = 5
}
If the dovecot portion is working, then move on to your postfix logs?
Charles
>
> I'm running Dovect 2.2.10 with Postfix 2.6.6
>
> Here's my dovecot -n result:
>
> # 2.2.10: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release 6.5 (Final)
> auth_master_user_separator = *
> auth_mechanisms = PLAIN LOGIN
> dict {
> acl = mysql:/etc/dovecot/dovecot-share-folder.conf
> quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
> }
> first_valid_uid = 2000
> last_valid_uid = 2000
> listen = *
> log_path = /var/log/dovecot.log
> mail_gid = 2000
> mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
> mail_plugins = quota
> mail_uid = 2000
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date ihave
> namespace {
> inbox = yes
> location > prefix > separator = /
> type = private
> }
> namespace {
> list = children
> location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
> prefix = Shared/%%u/
> separator = /
> subscriptions = yes
> type = shared
> }
> passdb {
> args = /etc/dovecot/dovecot-mysql.conf
> driver = sql
> }
> passdb {
> args = /etc/dovecot/dovecot-master-users-password
> driver = passwd-file
> master = yes
> }
> plugin {
> acl = vfile
> acl_shared_dict = proxy::acl
> auth_socket_path = /var/run/dovecot/auth-master
> autocreate = INBOX
> autocreate2 = Sent
> autocreate3 = Trash
> autocreate4 = Drafts
> autocreate5 = Junk
> autosubscribe = INBOX
> autosubscribe2 = Sent
> autosubscribe3 = Trash
> autosubscribe4 = Drafts
> autosubscribe5 = Junk
> quota = dict:user::proxy::quotadict
> quota_grace = 10%%
> quota_rule = *:storage=1G
> quota_status_nouser = DUNNO
> quota_status_overquota = 552 5.2.2 Mailbox is full
> quota_status_success = DUNNO
> quota_warning = storage=85%% quota-warning 85 %u
> quota_warning2 = storage=90%% quota-warning 90 %u
> quota_warning3 = storage=95%% quota-warning 95 %u
> sieve = /%Lh/sieve/dovecot.sieve
> sieve_dir = /%Lh/sieve
> sieve_global_dir = /var/vmail/sieve
> sieve_global_path = /var/vmail/sieve/dovecot.sieve
> }
> protocols = pop3 imap sieve
> service auth {
> unix_listener /var/spool/postfix/dovecot-auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> unix_listener auth-master {
> group = vmail
> mode = 0666
> user = vmail
> }
> unix_listener auth-userdb {
> group = vmail
> mode = 0660
> user = vmail
> }
> }
> service dict {
> unix_listener dict {
> group = vmail
> mode = 0660
> user = vmail
> }
> }
> service imap-login {
> process_limit = 500
> service_count = 1
> }
> service pop3-login {
> service_count = 1
> }
> service quota-status {
> client_limit = 1
> executable = quota-status -p postfix
> inet_listener {
> port = 12340
> }
> }
> service quota-warning {
> executable = script /usr/local/bin/dovecot-quota-warning.sh
> unix_listener quota-warning {
> group = vmail
> mode = 0660
> user = vmail
> }
> }
> ssl = required
> ssl_cert = </etc/pki/tls/certs/iRedMail_CA.pem
> ssl_key = </etc/pki/tls/private/iRedMail.key
> userdb {
> args = /etc/dovecot/dovecot-mysql.conf
> driver = sql
> }
> protocol lda {
> auth_socket_path = /var/run/dovecot/auth-master
> lda_mailbox_autocreate = yes
> log_path = /var/log/sieve.log
> mail_plugins = quota sieve autocreate
> postmaster_address = root
> }
> protocol imap {
> imap_client_workarounds = tb-extra-mailbox-sep
> mail_plugins = quota imap_quota autocreate
> }
> protocol pop3 {
> mail_plugins = quota
> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> pop3_uidl_format = %08Xu%08Xv
> }
>
> For my postfix/main.cf I have this relevant setting:
> smtpd_recipient_restrictions = reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service
> inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031,
> check_policy_service inet:127.0.0.1:12340, permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination