On 7/29/2021 2:15 PM, dovecot at ptld.com wrote:>> Plus Dovecot complains that the policy service is only supposed
>> to be
>> used in the RCPT stage. So clearly this is a bad approach.
>
> I want to explore this more. I tried it and also see:
>
> dovecot[1096]: quota-status(26164): Warning: Received policy query
> from MTA in unexpected state END-OF-MESSAGE (service can only be
> used for recipient restrictions)
>
> Why? Why does dovecot even care? Quota plugin is sent a user and a
> size, it looks up quota for that user and computes if size will
> put the user over limit and returns an answer. Why does dovecot
> care or even know at what stage this is done? Why is it bad to
> check quota after getting the real size? Seems like its designed
> to allow spoofing from an evil mail client.
>
> What is the harm being done that causes this log warning? What is
> the harm in ignoring the warning?
With multi-recipient mail, the recipient attribute is undefined at
end-of-data.
So you have to pick your poison - during recipient restrictions the
size may not be known or may not be accurate, at end-of-data the
recipient may not be known *and* it's too late to reject a single
recipient on a multi-recipient mail.
The only solution is to reject all mail for an over-quota recipient
during recipient restrictions, and if the mail passes that stage,
deliver it anyway even if it makes the user go over quota.
? -- Noel Jones