Friday, October 1, 2010

Dovecot 1.2 with quotas and quota warnings

SkyHi @ Friday, October 01, 2010
We have recently upgraded our mail servers running Debian Etch to Lenny and noticing that Dovecot 1.2 has been backported to Lenny backports, we decided to upgrade to Dovecot to take advantage of its fixes, improved security and quota settings.
Setting up quotas and warnings for any Dovecot above 1.0 is very simple.
1) First step is to enable the quota plugin for all protocols enabled in Dovecot ( pop3, imap and lda if you use it). This is done by just adding the line:
    mail_plugins = quota
and for the IMAP protocol:
    mail_plugins = quota imap_quota
2) Setup the plugin:
    # Quota plugin settings plugin { quota = maildir:User quota #Quota limit is 1GB quota_rule = *:storage=1G #We add 100Mb more for Trash quota_rule2 = Trash:storage=100M #We set up warnings at 75% and 90% quota_warning = storage=75%% /opt/ 75 %u quota_warning2 = storage=90%% /opt/ 90 %u }
We can add as many rules and warnings as we want, just by adding and incrementing a number at the end of the warning or rule ( like above: quota_rule, quota_rule2 and so on ).
The first variable, “quota”, is the quota root and is a name that is sent to the IMAP client and can be anything you want.
The second variable is the quota itself and you can set it up using several limits: storage,bytes,messages,backend and ignore (this ignores quota for a specific mailbox). All variables support besides numbers the b/k/M/G/T/% suffixes. For example: 100M, 1G, 30% and so on.
The third variable sets up the quota warning. Using the limit you set up above in the rule you set up the warning at what level you want, by using a fixed number or percent. In the above example we used percent. In this case you need the double % ( %% ) so it can be escaped by dovecot. After the warning limit is set, in the same line, separated by space, is the command to run when that limit is reached. In this case it is a custom script that takes two command line arguments: the first one is the percent and the second one is the user that has reached the limit and to which to send the warning.
We set up the second argument (the user) as dovecot’s %u variable which is set in the ldap configuration, in the filter string. You can make this anything you want, taking the user dynamically through whichever system you have configured as your user database and whichever variable you have set up as you user.
For example, in my dovecot-ldap.conf this is what we have:
    pass_filter = (&(objectClass=person)(userPrincipalName=%u))
and this is where I take my %u from.
And finally this is the script I use to send the warning. It uses the default sendmail binary, a simple text file and the two arguments taken from the command line:
    #!/bin/bash PERCENT=$1 USER=$2 echo “From: To: $USER Subject: Your email quota is $PERCENT% full Content-Type: text/plain; charset=”UTF-8″ This is an automatic message to warn that your mailbox is now $PERCENT% full.” > /tmp/$USER cat /tmp/$USER | /usr/sbin/sendmail -f $USER rm /tmp/$USER
That’s it! Whenever the user reaches its defined quotas he / she will receive a warning email. This quota are global, any user will have the same quota. If you want per-user quotas and / or soft-quotas check out my later edit below!


If you want to make your quotas non-enforcing, that means the user will still receive the warnings but if he or she reaches the quota, their e-mails will not be blocked and they will still be able to receive, you must modify your “quota” variable in the plugin’s settings (the quota root). Make your settings look like this:
    # Quota plugin settings plugin { quota = dict:user::noenforcing:file:/opt/data/mailboxes/%u/Maildir/dovecot-quota #Quota limit is 1GB quota_rule = *:storage=1G #We add 100Mb more for Trash quota_rule2 = Trash:storage=100M #We set up warnings at 75% and 90% quota_warning = storage=75%% /opt/ 75 %u quota_warning2 = storage=90%% /opt/ 90 %u }
Notice the only thing changed is the first variable: “quota”.
Also, if you want to use LDAP attributes to change your users’ quotas on a per-user basis, you need to do the following:
1) Rename your dovecot-ldap.conf file to dovecot-passdb-ldap.conf :

    mv /etc/dovecot/dovecot-ldap.conf /etc/dovecot/dovecot-passdb-ldap.conf
2) Create a symlink to dovecot-passdb-ldap.conf called dovecot-userdb-ldap.conf :

    ln -s /etc/dovecot/dovecot-passdb-ldap.conf /etc/dovecot/dovecot-userdb-ldap.conf
3) Modify your dovecot.conf file to point to these files as DBs for users and passwords:

    passdb ldap { args = /etc/dovecot/dovecot-passdb-ldap.conf } userdb ldap { args = /etc/dovecot/dovecot-userdb-ldap.conf }
4) And finally make sure your ” /etc/dovecot/dovecot-passdb-ldap.conf ” file looks like this:

    hosts = dn = dnpass = auth_bind = yes ldap_version = 3 base = dc=example, dc=org pass_filter = (&(objectClass=person)(userPrincipalName=%u)) user_filter = (&(objectClass=person)(userPrincipalName=%u)) user_attrs = otherPager=quota_rule=*:bytes=%$, userPrincipalName=home=/opt/data/mailboxes/%u
Notice we use the ” userPrincipalName ” as the attribute for username in dovecot (the username the users will also use to authenticate to dovecot). If you want, you can change this to whatever you want, like sAMAccountName.
Also, if you look carefully, notice that we used the ” otherPager ” attribute from LDAP as the attribute for user quota. We just modify this attribute for whatever we want to override the default quota for a certain user. For example we want to modify for user jon.doe, we just put in that attribute: ” 2G ” and the user will have 2 gigabytes. You can use any existing attribute that is not used and will not be or you can add your own to all the users in the LDAP tree.