On 25.09.2017 20:28, Sami Ketola wrote:>> On 25 Sep 2017, at 21.19, Garry Glendown <garry at glendown.de> wrote: >> >> doveadm(root): Error: chdir(/root/) failed: Permission denied >> (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned >> by 0:0 mode=0700) >> doveadm(root): Error: chdir(/root) failed: Permission denied >> >> It looks like dovecot doesn't actually attempt to look at the central >> maildir, but instead seems to attempt to enter the current user's >> homedir (which, in this case, is root). > > > what was the command line you used to test this? As this looks a lot like you > just tried to check root users quota.Actually no, I tried "doveadm quote recalc" without any parameters ... I found the command in the wiki, which - as with most other information - might be helpful if you already know what you are doing ... "If your quotas are out of sync, you can use doveadm?quota?recalc command to recalculate them. " I assumed it would recalculate all users' quotas ... using the -u argument with an account actually does seem to work, at least I do not get any errors. Also, the get command seems to be accurate from what I can tell. Further tests show that the system already checks the quota correctly ... and hard-rejects any mails to users with full quota ... So with that part already working, I have new problems to solve: * how do I keep mails from being rejected and kept in the local mailqueue instead? (which is the old system's behavior)? * what's the best (or simplest or recommended) way of setting up per-user-quotas in this setup? * how can I get? an overview/list of all users and their quota usage? (I guess I just solved that - "doveadm quota get -A" seems to work) thanks, -garry
1. how do I keep mails from being rejected and kept in the local mailqueue instead? (which is the old system's behavior)? * You can set a quota grace to basically have a soft-limit - allowing the user to go slightly above their allocated quota. 2. what's the best (or simplest or recommended) way of setting up per-user-quotas in this setup? * I'm not sure if this is considered the "simplest", but like you I am also using LDAP auth. With this setup, I have LDAP manage per-user quotas. The primary mail schema I use is equipped with a mailQuota attribute. I have this quota attribute set as part of user_attrs in dovecot-ldap.conf.ext. For example, per user quotas in LDAP: user_attrs = ....,mailQuota=quota_rule=*:bytes=%$ 3. how can I get? an overview/list of all users and their quota usage? (I guess I just solved that - "doveadm quota get -A" seems to work) * It helps to set up aliases unless you don't mind typing a lot. To get an overview/list of all users and their quota usage I have a couple quota aliases defined: alias quotaa='doveadm quota get -A | sort -h ' $ quotaa alias quota='doveadm quota get -u $1 ' $ quota <username> IMHO the official Dovecot docs are great, but I also battled with quotas for a short duration, so hopefully this will help a bit more. Cheers, TC On 9/25/17 11:51 AM, Garry Glendown wrote:> > On 25.09.2017 20:28, Sami Ketola wrote: >>> On 25 Sep 2017, at 21.19, Garry Glendown <garry at glendown.de> wrote: >>> >>> doveadm(root): Error: chdir(/root/) failed: Permission denied >>> (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned >>> by 0:0 mode=0700) >>> doveadm(root): Error: chdir(/root) failed: Permission denied >>> >>> It looks like dovecot doesn't actually attempt to look at the central >>> maildir, but instead seems to attempt to enter the current user's >>> homedir (which, in this case, is root). >> >> what was the command line you used to test this? As this looks a lot like you >> just tried to check root users quota. > Actually no, I tried "doveadm quote recalc" without any parameters ... I > found the command in the wiki, which - as with most other information - > might be helpful if you already know what you are doing ... > > "If your quotas are out of sync, you can use doveadm?quota?recalc > command to recalculate them. " > > I assumed it would recalculate all users' quotas ... using the -u > argument with an account actually does seem to work, at least I do not > get any errors. Also, the get command seems to be accurate from what I > can tell. Further tests show that the system already checks the quota > correctly ... and hard-rejects any mails to users with full quota ... > > So with that part already working, I have new problems to solve: > > * how do I keep mails from being rejected and kept in the local > mailqueue instead? (which is the old system's behavior)? > * what's the best (or simplest or recommended) way of setting up > per-user-quotas in this setup? > * how can I get? an overview/list of all users and their quota usage? (I > guess I just solved that - "doveadm quota get -A" seems to work) > > thanks, -garry-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3982 bytes Desc: S/MIME Cryptographic Signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20170925/2e904de9/attachment.p7s>
> On 25 Sep 2017, at 21.51, Garry Glendown <garry at glendown.de> wrote: > > > > On 25.09.2017 20:28, Sami Ketola wrote: >>> On 25 Sep 2017, at 21.19, Garry Glendown <garry at glendown.de> wrote: >>> >>> doveadm(root): Error: chdir(/root/) failed: Permission denied >>> (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned >>> by 0:0 mode=0700) >>> doveadm(root): Error: chdir(/root) failed: Permission denied >>> >>> It looks like dovecot doesn't actually attempt to look at the central >>> maildir, but instead seems to attempt to enter the current user's >>> homedir (which, in this case, is root). >> >> >> what was the command line you used to test this? As this looks a lot like you >> just tried to check root users quota. > Actually no, I tried "doveadm quote recalc" without any parameters ... I > found the command in the wiki, which - as with most other information - > might be helpful if you already know what you are doing ?> > "If your quotas are out of sync, you can use doveadm quota recalc > command to recalculate them. ?I agree that this might happen. We must remember that the wiki is written mostly by people that have been working with dovecot for many years. I think you referred to this page: https://wiki2.dovecot.org/Quota so I fixed the syntax. The correct syntax was in the https://wiki2.dovecot.org/Tools/Doveadm/Quota page already.> I assumed it would recalculate all users' quotas ... using the -u > argument with an account actually does seem to work, at least I do not > get any errors. Also, the get command seems to be accurate from what I > can tell. Further tests show that the system already checks the quota > correctly ... and hard-rejects any mails to users with full quota ... > > So with that part already working, I have new problems to solve: > > * how do I keep mails from being rejected and kept in the local > mailqueue instead? (which is the old system's behavior)?you can change this setting: plugin { quota_status_overquota = "552 5.2.2 Mailbox is full? } to give 4xx SMTP error code instead to force the MTA to retry for up to 48 hours as mandated by the RFC.> * what's the best (or simplest or recommended) way of setting up > per-user-quotas in this setup?you can also return quota_rules from usertb. The simplest way depends on what kind if userdb setup you have.> * how can I get an overview/list of all users and their quota usage? (I > guess I just solved that - "doveadm quota get -A" seems to work)User iteration must work in order for that command to work. Making user iteration to work once again depends on what kind of userdb/passdb setup you have. Sami
Hi, had the quota info added to the AD in an unused field, and it seems to work ...>> On 25 Sep 2017, at 21.51, Garry Glendown <garry at glendown.de> wrote: >> >> >> >> On 25.09.2017 20:28, Sami Ketola wrote: >>>> On 25 Sep 2017, at 21.19, Garry Glendown <garry at glendown.de> wrote: >>>> >>>> doveadm(root): Error: chdir(/root/) failed: Permission denied >>>> (euid=479(dovecot) egid=478(dovecot) missing +x perm: /root, dir owned >>>> by 0:0 mode=0700) >>>> doveadm(root): Error: chdir(/root) failed: Permission denied >>>> >>>> It looks like dovecot doesn't actually attempt to look at the central >>>> maildir, but instead seems to attempt to enter the current user's >>>> homedir (which, in this case, is root). >>> >>> what was the command line you used to test this? As this looks a lot like you >>> just tried to check root users quota. >> Actually no, I tried "doveadm quote recalc" without any parameters ... I >> found the command in the wiki, which - as with most other information - >> might be helpful if you already know what you are doing ? >> "If your quotas are out of sync, you can use doveadm quota recalc >> command to recalculate them. ? > > I agree that this might happen. We must remember that the wiki is written mostly by > people that have been working with dovecot for many years. I think you referred to > this page: https://wiki2.dovecot.org/Quota so I fixed the syntax. The correct syntax > was in the https://wiki2.dovecot.org/Tools/Doveadm/Quota page already. > >> I assumed it would recalculate all users' quotas ... using the -u >> argument with an account actually does seem to work, at least I do not >> get any errors. Also, the get command seems to be accurate from what I >> can tell. Further tests show that the system already checks the quota >> correctly ... and hard-rejects any mails to users with full quota ... >> >> So with that part already working, I have new problems to solve: >> >> * how do I keep mails from being rejected and kept in the local >> mailqueue instead? (which is the old system's behavior)? > > you can change this setting: > > plugin { > quota_status_overquota = "552 5.2.2 Mailbox is full? > } > > to give 4xx SMTP error code instead to force the MTA to retry for up to 48 hours as mandated > by the RFC.Except for this ... I added the entry to the 20-lmtp.conf file, but dovecot/lmtp still uses the 552 message ... tnx, Garry -- PGP Fingerprint: A79F A33F 5B13 BEB7 A51D 274F F99C 3AE2 4BCB 7015 ?