dovecot - Feb 2014 - Quota-Status issue

Following this guide:
http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ I can't
seem to get it to work, as soon as I add the smtpd_recipient_restrictions
setting to postfix I can no longer send mail at all. I get the message SMTP
Error (450): Failed to add recipient "postmaster at example.com"
(4.7.1 :
Recipient address rejected: Internal error occurred. Refer to server log
for more information.). I googled around and found this command to test the
quota-status service: printf "recipient=postmaster at
example.com\nsize=1234\n\n"
| nc 127.0.0.1 12340
It seems to always return the quota_status_nouser message. I'm really
stumped here. What logs do I need to check for errors and does anyone have
any experience with this?

I'm running Dovect 2.2.10 with Postfix 2.6.6

Here's my dovecot -n result:

# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release 6.5 (Final)
auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN
dict {
  acl = mysql:/etc/dovecot/dovecot-share-folder.conf
  quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
}
first_valid_uid = 2000
last_valid_uid = 2000
listen = *
log_path = /var/log/dovecot.log
mail_gid = 2000
mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
mail_plugins = quota
mail_uid = 2000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
namespace {
  inbox = yes
  location   prefix   separator = /
  type = private
}
namespace {
  list = children
  location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
  prefix = Shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
passdb {
  args = /etc/dovecot/dovecot-master-users-password
  driver = passwd-file
  master = yes
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  auth_socket_path = /var/run/dovecot/auth-master
  autocreate = INBOX
  autocreate2 = Sent
  autocreate3 = Trash
  autocreate4 = Drafts
  autocreate5 = Junk
  autosubscribe = INBOX
  autosubscribe2 = Sent
  autosubscribe3 = Trash
  autosubscribe4 = Drafts
  autosubscribe5 = Junk
  quota = dict:user::proxy::quotadict
  quota_grace = 10%%
  quota_rule = *:storage=1G
  quota_status_nouser = DUNNO
  quota_status_overquota = 552 5.2.2 Mailbox is full
  quota_status_success = DUNNO
  quota_warning = storage=85%% quota-warning 85 %u
  quota_warning2 = storage=90%% quota-warning 90 %u
  quota_warning3 = storage=95%% quota-warning 95 %u
  sieve = /%Lh/sieve/dovecot.sieve
  sieve_dir = /%Lh/sieve
  sieve_global_dir = /var/vmail/sieve
  sieve_global_path = /var/vmail/sieve/dovecot.sieve
}
protocols = pop3 imap sieve
service auth {
  unix_listener /var/spool/postfix/dovecot-auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-master {
    group = vmail
    mode = 0666
    user = vmail
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service dict {
  unix_listener dict {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service imap-login {
  process_limit = 500
  service_count = 1
}
service pop3-login {
  service_count = 1
}
service quota-status {
  client_limit = 1
  executable = quota-status -p postfix
  inet_listener {
    port = 12340
  }
}
service quota-warning {
  executable = script /usr/local/bin/dovecot-quota-warning.sh
  unix_listener quota-warning {
    group = vmail
    mode = 0660
    user = vmail
  }
}
ssl = required
ssl_cert = </etc/pki/tls/certs/iRedMail_CA.pem
ssl_key = </etc/pki/tls/private/iRedMail.key
userdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  lda_mailbox_autocreate = yes
  log_path = /var/log/sieve.log
  mail_plugins = quota sieve autocreate
  postmaster_address = root
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
  mail_plugins = quota imap_quota autocreate
}
protocol pop3 {
  mail_plugins = quota
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv
}

For my postfix/main.cf I have this relevant setting:
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service
inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031,
check_policy_service inet:127.0.0.1:12340, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination

On Feb 20, 2014, at 5:12 PM, Cyberonic Turbo wrote:
> Following this guide:
> http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/ I
can't
> seem to get it to work, as soon as I add the smtpd_recipient_restrictions
> setting to postfix I can no longer send mail at all. I get the message SMTP
> Error (450): Failed to add recipient "postmaster at example.com"
(4.7.1 :
> Recipient address rejected: Internal error occurred. Refer to server log
> for more information.). I googled around and found this command to test the
> quota-status service: printf "recipient=postmaster at
> example.com\nsize=1234\n\n"
> | nc 127.0.0.1 12340
> It seems to always return the quota_status_nouser message. I'm really
> stumped here. What logs do I need to check for errors and does anyone have
> any experience with this?
I'm not an expert, I just followed the same guide a few days ago
while preparing to front an old vpopmail system with postfix.  It
did work for me.

Before moving on to enabling the check in postfix, verify that the
dovecot side is working.

Your example test should work, I did the same here:

[root at util-b /usr/local/etc/postfix]# printf "recipient=chip at
test.bway.net\nsize=12304\n\n" | nc mbox.i 25001
action=DUNNO

[root at util-b /usr/local/etc/postfix]# printf "recipient=chip at
test.bway.net\nsize=123000000004\n\n" | nc mbox.i
25001 action=552 5.2.2 Mailbox is full

If that fails for you, examine the dovecot log.  In my case, I did
have to provide the full path to the "quota-status" binary and
dovecot complained about not being able to find it.  Make sure you
actually have quota-status installed.  Full dovecot snippet for this
below:

# report quota to postfix
# see http://sys4.de/en/blog/2013/04/08/postfix-dovecot-mailbox-quota/

plugin {
    quota_status_success = DUNNO
    quota_status_nouser = DUNNO
    quota_status_overquota = "552 5.2.2 Mailbox is full"
}

service quota-status {
    executable = /usr/local/libexec/dovecot/quota-status -p postfix
    inet_listener {
        address = 10.x.x.19  # In my case I want it listening on a particular IP
        port = 25001
    }
    client_limit = 5
}

If the dovecot portion is working, then move on to your postfix logs?

Charles
> 
> I'm running Dovect 2.2.10 with Postfix 2.6.6
> 
> Here's my dovecot -n result:
> 
> # 2.2.10: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-431.5.1.el6.x86_64 x86_64 CentOS release 6.5 (Final)
> auth_master_user_separator = *
> auth_mechanisms = PLAIN LOGIN
> dict {
>  acl = mysql:/etc/dovecot/dovecot-share-folder.conf
>  quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
> }
> first_valid_uid = 2000
> last_valid_uid = 2000
> listen = *
> log_path = /var/log/dovecot.log
> mail_gid = 2000
> mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
> mail_plugins = quota
> mail_uid = 2000
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date ihave
> namespace {
>  inbox = yes
>  location >  prefix >  separator = /
>  type = private
> }
> namespace {
>  list = children
>  location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
>  prefix = Shared/%%u/
>  separator = /
>  subscriptions = yes
>  type = shared
> }
> passdb {
>  args = /etc/dovecot/dovecot-mysql.conf
>  driver = sql
> }
> passdb {
>  args = /etc/dovecot/dovecot-master-users-password
>  driver = passwd-file
>  master = yes
> }
> plugin {
>  acl = vfile
>  acl_shared_dict = proxy::acl
>  auth_socket_path = /var/run/dovecot/auth-master
>  autocreate = INBOX
>  autocreate2 = Sent
>  autocreate3 = Trash
>  autocreate4 = Drafts
>  autocreate5 = Junk
>  autosubscribe = INBOX
>  autosubscribe2 = Sent
>  autosubscribe3 = Trash
>  autosubscribe4 = Drafts
>  autosubscribe5 = Junk
>  quota = dict:user::proxy::quotadict
>  quota_grace = 10%%
>  quota_rule = *:storage=1G
>  quota_status_nouser = DUNNO
>  quota_status_overquota = 552 5.2.2 Mailbox is full
>  quota_status_success = DUNNO
>  quota_warning = storage=85%% quota-warning 85 %u
>  quota_warning2 = storage=90%% quota-warning 90 %u
>  quota_warning3 = storage=95%% quota-warning 95 %u
>  sieve = /%Lh/sieve/dovecot.sieve
>  sieve_dir = /%Lh/sieve
>  sieve_global_dir = /var/vmail/sieve
>  sieve_global_path = /var/vmail/sieve/dovecot.sieve
> }
> protocols = pop3 imap sieve
> service auth {
>  unix_listener /var/spool/postfix/dovecot-auth {
>    group = postfix
>    mode = 0666
>    user = postfix
>  }
>  unix_listener auth-master {
>    group = vmail
>    mode = 0666
>    user = vmail
>  }
>  unix_listener auth-userdb {
>    group = vmail
>    mode = 0660
>    user = vmail
>  }
> }
> service dict {
>  unix_listener dict {
>    group = vmail
>    mode = 0660
>    user = vmail
>  }
> }
> service imap-login {
>  process_limit = 500
>  service_count = 1
> }
> service pop3-login {
>  service_count = 1
> }
> service quota-status {
>  client_limit = 1
>  executable = quota-status -p postfix
>  inet_listener {
>    port = 12340
>  }
> }
> service quota-warning {
>  executable = script /usr/local/bin/dovecot-quota-warning.sh
>  unix_listener quota-warning {
>    group = vmail
>    mode = 0660
>    user = vmail
>  }
> }
> ssl = required
> ssl_cert = </etc/pki/tls/certs/iRedMail_CA.pem
> ssl_key = </etc/pki/tls/private/iRedMail.key
> userdb {
>  args = /etc/dovecot/dovecot-mysql.conf
>  driver = sql
> }
> protocol lda {
>  auth_socket_path = /var/run/dovecot/auth-master
>  lda_mailbox_autocreate = yes
>  log_path = /var/log/sieve.log
>  mail_plugins = quota sieve autocreate
>  postmaster_address = root
> }
> protocol imap {
>  imap_client_workarounds = tb-extra-mailbox-sep
>  mail_plugins = quota imap_quota autocreate
> }
> protocol pop3 {
>  mail_plugins = quota
>  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
>  pop3_uidl_format = %08Xu%08Xv
> }
> 
> For my postfix/main.cf I have this relevant setting:
> smtpd_recipient_restrictions = reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_non_fqdn_sender,
> reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service
> inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031,
> check_policy_service inet:127.0.0.1:12340, permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination