Posted on: November 11th, 2009 Dovecot 1.2 with quotas and quota warnings

We have recently upgraded our mail servers running Debian Etch to Lenny and noticing that Dovecot 1.2 has been backported to Lenny backports, we decided to upgrade to Dovecot to take advantage of its fixes, improved security and quota settings.

Setting up quotas and warnings for any Dovecot above 1.0 is very simple.

1) First step is to enable the quota plugin for all protocols enabled in Dovecot ( pop3, imap and lda if you use it). This is done by just adding the line:

    mail_plugins = quota

and for the IMAP protocol:

    mail_plugins = quota imap_quota

2) Setup the plugin:


    # Quota plugin settings
    plugin {
    quota = maildir:User quota
    #Quota limit is 1GB
    quota_rule = *:storage=1G
    #We add 100Mb more for Trash
    quota_rule2 = Trash:storage=100M
    #We set up warnings at 75% and 90%
    quota_warning = storage=75%% /opt/mail.sh 75 %u
    quota_warning2 = storage=90%% /opt/mail.sh 90 %u
    }

We can add as many rules and warnings as we want, just by adding and incrementing a number at the end of the warning or rule ( like above: quota_rule, quota_rule2 and so on ).

The first variable, “quota”, is the quota root and is a name that is sent to the IMAP client and can be anything you want.

The second variable is the quota itself and you can set it up using several limits: storage,bytes,messages,backend and ignore (this ignores quota for a specific mailbox). All variables support besides numbers the b/k/M/G/T/% suffixes. For example: 100M, 1G, 30% and so on.

The third variable sets up the quota warning. Using the limit you set up above in the rule you set up the warning at what level you want, by using a fixed number or percent. In the above example we used percent. In this case you need the double % ( %% ) so it can be escaped by dovecot. After the warning limit is set, in the same line, separated by space, is the command to run when that limit is reached. In this case it is a custom script that takes two command line arguments: the first one is the percent and the second one is the user that has reached the limit and to which to send the warning.

We set up the second argument (the user) as dovecot’s %u variable which is set in the ldap configuration, in the filter string. You can make this anything you want, taking the user dynamically through whichever system you have configured as your user database and whichever variable you have set up as you user.

For example, in my dovecot-ldap.conf this is what we have:

    pass_filter = (&(objectClass=person)(userPrincipalName=%u))

and this is where I take my %u from.

And finally this is the script I use to send the warning. It uses the default sendmail binary, a simple text file and the two arguments taken from the command line:


    #!/bin/bash

    PERCENT=$1
    USER=$2

    echo “From: postmaster@domain.org
    To: $USER
    Subject: Your email quota is $PERCENT% full
    Content-Type: text/plain; charset=”UTF-8″

    This is an automatic message to warn that your mailbox is now $PERCENT% full.” > /tmp/quota.email.$USER

    cat /tmp/quota.email.$USER | /usr/sbin/sendmail -f postmaster@domain.org $USER

    rm /tmp/quota.email.$USER

That’s it! Whenever the user reaches its defined quotas he / she will receive a warning email. This quota are global, any user will have the same quota. If you want per-user quotas and / or soft-quotas check out my later edit below!


LATER EDIT:

If you want to make your quotas non-enforcing, that means the user will still receive the warnings but if he or she reaches the quota, their e-mails will not be blocked and they will still be able to receive, you must modify your “quota” variable in the plugin’s settings (the quota root). Make your settings look like this:


    # Quota plugin settings
    plugin {
    quota = dict:user::noenforcing:file:/opt/data/mailboxes/%u/Maildir/dovecot-quota
    #Quota limit is 1GB
    quota_rule = *:storage=1G
    #We add 100Mb more for Trash
    quota_rule2 = Trash:storage=100M
    #We set up warnings at 75% and 90%
    quota_warning = storage=75%% /opt/mail.sh 75 %u
    quota_warning2 = storage=90%% /opt/mail.sh 90 %u
    }

Notice the only thing changed is the first variable: “quota”.

Also, if you want to use LDAP attributes to change your users’ quotas on a per-user basis, you need to do the following:

1) Rename your dovecot-ldap.conf file to dovecot-passdb-ldap.conf :

    mv /etc/dovecot/dovecot-ldap.conf /etc/dovecot/dovecot-passdb-ldap.conf

2) Create a symlink to dovecot-passdb-ldap.conf called dovecot-userdb-ldap.conf :

    ln -s /etc/dovecot/dovecot-passdb-ldap.conf /etc/dovecot/dovecot-userdb-ldap.conf

3) Modify your dovecot.conf file to point to these files as DBs for users and passwords:

    passdb ldap {
    args = /etc/dovecot/dovecot-passdb-ldap.conf
    }
    userdb ldap {
    args = /etc/dovecot/dovecot-userdb-ldap.conf
    }

4) And finally make sure your ” /etc/dovecot/dovecot-passdb-ldap.conf ” file looks like this:

    hosts =
    dn =
    dnpass = auth_bind = yes
    ldap_version = 3
    base = dc=example, dc=org
    pass_filter = (&(objectClass=person)(userPrincipalName=%u))
    user_filter = (&(objectClass=person)(userPrincipalName=%u))
    user_attrs = otherPager=quota_rule=*:bytes=%$, userPrincipalName=home=/opt/data/mailboxes/%u

Notice we use the ” userPrincipalName ” as the attribute for username in dovecot (the username the users will also use to authenticate to dovecot). If you want, you can change this to whatever you want, like sAMAccountName.

Also, if you look carefully, notice that we used the ” otherPager ” attribute from LDAP as the attribute for user quota. We just modify this attribute for whatever we want to override the default quota for a certain user. For example we want to modify for user jon.doe, we just put in that attribute: ” 2G ” and the user will have 2 gigabytes. You can use any existing attribute that is not used and will not be or you can add your own to all the users in the LDAP tree.

That’s it! Restart Dovecot and it should work!

Filed under: How-To

4 Responses to “Dovecot 1.2 with quotas and quota warnings”

  1. glidic Says:
    May 10th, 2010 at 16:45

    Hi,
    this is a great howto. But i see you use ldap. Do you know how to make the non-enforcing quota with mysql?
    Thanks

  2. dan Says:
    May 10th, 2010 at 20:35

    Hi,

    Thanks for the appreciation!

    I never used mysql for keeping the quotas there, but the non-enforcing part should remain the same, no matter what backend you use. You would just need to change the passdb and userdb files to contain SQL queries instead of LDAP ones.

    Mysql would be used to store in a table the quotas for each user and you would need to use the mysql dictionary backend in Dovecot to access that info in Mysql. Its worth to check their wiki for this because it has a LOT of information and it usually the only source you need for Dovecot configuration.

    Check this page on how to configure Dovecot to use Mysql as a dictionary backend for quotas: http://wiki.dovecot.org/Quota/Dict

    Hope this helps, sorry I don’t have more specific information, but the wiki page together with my how-to should bring you close to your goal.

    Cheers

  3. Nick Says:
    February 24th, 2011 at 23:52

    Thanks for your great article. I believe you should add to the article that for Dovecot quotas to function correctly, one MUST set up Dovecot LDA (both in the MTA config and in Dovecot). An example setup of LDA would also be nice, although Dovecot documentation includes detailed examples for all major MTAs.

  4. Dan Says:
    February 25th, 2011 at 11:02

    I really appreciate the positive feedback! Yes, it would be nice to have an LDA tutorial, I just assumed that people already had that set up and then started thinking about quotas. Anyway, I will put it on the to-do list.

Leave a Reply