Steffen Kaiser
2014-Mar-13 09:59 UTC
[Dovecot] quota using wrong limits in user shared mailboxes
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have setup a shared namespace to expose user's mailboxes to other users. That works well. Via ACLs users can access other users mailboxes. I have setup a quota for each user, that works well, too. The quota is tracked and new messages are denied, if the quota is exceeded. I do not find hints, if you need to setup something special for shared namespaces. http://wiki2.dovecot.org/Quota/Configuration shows how to track the quota and http://wiki2.dovecot.org/SharedMailboxes/Shared shows how to setup the namespace and ACL. If user1 shares "mailbox" to user2 and user2 copies a message there, the quota is tracked in the quota of user1 correctly. But to calculate if * LOGIN user2 ... * COPY 1 users.user1.mailbox fails with overquota or succeed, the quota limit of user2 is used instead of the quota of user1, whom "mailbox" belongs to. I have tested it with a. limit(user2) < limit(user1) b. quota(user1) + sizeof(message) < limit(user1) if quota(user1) + sizeof(message) > limit(user2), COPY fails with overquota. If I raise the quota of user2, the COPY succeeds. That means, although the target user's quota is not exceeded and won't after the copy, COPY fails. That seems to be wrong for me. The same will apply to the other way round, I guess: If the target user is over quota, but copying user's quota limit is greater than that, the COPY succeeds. [I have not tested it.] Hence, if you enable sharing, you undermine quota, because the other user can copy messages into a mailbox of an user overquota. Does other people see the same issue? My config: # 2.2.10 (5432b55a2b87): /usr/local/dovecot-2.2.10/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.9 auth_cache_size = 30 M auth_mechanisms = plain login auth_verbose = yes auth_worker_max_count = 100 base_dir = /var/run/dovecot2.2/ default_vsz_limit = 512 M deliver_log_format = msgid=%m: %$ %p/%w "%f" "%s" dict { acl = pgsql:/usr/local/dovecot-2.2.10/etc/dovecot/dovecot-dict-sql.conf.ext quota = pgsql:/usr/local/dovecot-2.2.10/etc/dovecot/dovecot-dict-sql.conf.ext } disable_plaintext_auth = no instance_name = dovecot2.2 lda_mailbox_autocreate = yes lmtp_save_to_detail_mailbox = yes log_path = /var/log/dovecot/dovecot2.2.log log_timestamp = "%F %H:%M:%S " mail_gid = vmail mail_log_prefix = "%Us(%u) [%p]: " mail_max_userip_connections = 0 mail_plugins = " quota notify mail_log zlib acl stats" mail_shared_explicit_inbox = yes mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave imapflags namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = users.%%u. separator = . type = shared } namespace inbox { inbox = yes location mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /usr/local/dovecot-2.2.10/etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile acl_shared_dict = proxy::acl antispam_allow_append_to_spam = yes antispam_backend = spool2dir antispam_spam = SPAM+ReportAsSPAM antispam_spool2dir_notspam = /tmp/spamspool/%%020lu-%%05lu-%u-H antispam_spool2dir_spam = /tmp/spamspool/%%020lu-%%05lu-%u-S antispam_trash = trash;TRASH;Trash;spam;SPAM;Spam;junk;JUNK;Junk;Deleted Items;Deleted Messages;Gel&APY-schte Elemente;Gel&APY-schte Objekte;Junk E-mail;Junk-E-Mail;INBOX.Trash;INBOX.TRASH;INBOX.trash mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size vsize from subject quota = dict:User quota::proxy::quota quota_rule = *:storage=300MB quota_rule2 = Trash:storage=+30M recipient_delimiter = + sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +imapflags sieve_max_actions = 0 sieve_quota_max_storage = 3M stats_command_min_time = 1 mins stats_domain_min_time = 12 hours stats_ip_min_time = 12 hours stats_memory_limit = 128 M stats_refresh = 30 secs stats_session_min_time = 15 mins stats_track_cmds = yes stats_user_min_time = 1 hours } postmaster_address = postmaster at inf.h-brs.de protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service auth { unix_listener auth-client { mode = 0766 } unix_listener auth-userdb { mode = 0766 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service doveadm { unix_listener doveadm-server { mode = 0666 } } service imap-login { process_min_avail = 4 service_count = 0 vsz_limit = 768 M } service imap { process_limit = 1000 vsz_limit = 768 M } service lmtp { vsz_limit = 768 M } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } service pop3-login { process_min_avail = 5 service_count = 0 vsz_limit = 512 M } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_ca = </etc/ssl/certs/ca.crt ssl_cert = </etc/ssl/certs/imap.pem ssl_key = </etc/ssl/private/imap.key userdb { driver = prefetch } userdb { args = /usr/local/dovecot-2.2.10/etc/dovecot/dovecot-ldap.conf.ext default_fields = home=/home/%u uid=vmail gid=vmail driver = ldap } verbose_proctitle = yes protocol lmtp { mail_plugins = " quota notify mail_log zlib acl stats quota sieve" } protocol lda { mail_plugins = " quota notify mail_log zlib acl quota sieve" } protocol imap { mail_plugins = " quota notify mail_log zlib acl stats imap_quota imap_zlib imap_acl antispam imap_stats" } - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUyGBe3D1/YhP6VMHAQJXzggAl5WaaTkOS3cVWqv/MQWaKBMQef8EEX2y VIT9Gx/W+QMcozTF1l5BQwis1fLDD8tNd86fuk82s/4yAVH+LUFFJsbnC6FaMGr+ 9sDKG4I22mKLMFpI2H19tbUoFTcMCebv93qcdBwH2aLEUVUPpRTxPTDoVkDotDk+ omu547sFWMkeNb/7fkaZM9quHne6EyJQa94URcVt8TtSEGa+y/xbmE16gShH9QPG LSz8dWtfk+hw2po9dKtHG6tPLNQC/zuJSsSdJoEh1PtyZUwmhxwMnE6n6u54GPLk LesSLfD3MH8Tz/TBD6lYgHhrj5WCdXRYibnaDd4fV22QnEK+IsST8Q==vDet -----END PGP SIGNATURE-----
Reasonably Related Threads
- output of doveconf in conflict with order of settings in conf.d/*-*.conf files
- Feature request about Info: Internal login failure (pid=2296 id=17278) (internal failure, 1 successful auths)
- Again ACL Postgres dict trouble, no update and raw backtrace
- v2.2.9 released
- v2.2.9 released