我在 dovecot 中配置了共享私有命名空间,以便通过 ACL,用户可以访问其他用户的邮箱。
我为每个用户设置了配额,这也很有效。配额受到监控,如果超过配额,新消息将被拒绝。
但是有一个问题:显然 dovecot 对待共享邮箱与当前用户的配额有关,它没有考虑(如果合适的话)共享邮箱所有者的配额。
我会尝试用几个例子来更好地解释。
==============
考虑以下情况:
此时,我们尝试另一个操作:
服务器应该返回错误,因为这样 user1 超出了分配的 1MB (500KB + 800KB) 配额,但复制操作却成功了。
发生这种情况是因为在复制操作时,dovecot考虑了user2的配额限制,而不是考虑了user1的配额限制。
==============
让我们考虑另一种情况,执行相同的操作,但用户配额限制相反(user1 的配额大于 user2):
操作因配额过多而失败,因为 dovecot 再次考虑用户 2 的配额限制,而不是考虑用户 1 的配额限制。因此,就好像 user2 在 1MB 限制下尝试写入“更大”的区域 (10MB)。
作为反证,将user1和user2设置相同的配额限制,操作完美成功。
==============
我猜这是我的鸽舍的配置问题。 谁能告诉我怎么解决吗
下面我附上 dovecot -n 的输出
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: Linux 6.1.0-16-cloud-arm64 aarch64 Debian 12.4
auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN
default_client_limit = 7168
default_process_limit = 1024
deliver_log_format = from=%{from}, envelope_sender=%{from_envelope}, subject=%{subject}, msgid=%m, size=%{size}, delivery_time=%{delivery_time}ms, %$
dict {
acl = mysql:/etc/dovecot/dovecot-dict-acl-sql.conf.ext
}
first_valid_uid = 2000
last_valid_uid = 2000
listen = * [::]
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k session=<%{session}>
mail_gid = 2000
mail_location = maildir:%Lh:INDEX=%Lh
mail_plugins = quota mailbox_alias acl mail_log notify
mail_uid = 2000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext editheader
metric {
filter = event=imap_command_finished
metric_name = imap_command
}
namespace {
inbox = yes
location =
mailbox {
auto = no
special_use = \Archive
name = Archive
}
mailbox {
auto = no
special_use = \Archive
name = Archives
}
mailbox {
auto = no
special_use = \Trash
name = Deleted Messages
}
mailbox {
auto = subscribe
special_use = \Drafts
name = Drafts
}
mailbox {
auto = subscribe
special_use = \Junk
name = Junk
}
mailbox {
auto = no
special_use = \Junk
name = Junk E-mail
}
mailbox {
auto = subscribe
special_use = \Sent
name = Sent
}
mailbox {
auto = no
special_use = \Sent
name = Sent Items
}
mailbox {
auto = no
special_use = \Sent
name = Sent Messages
}
mailbox {
auto = no
special_use = \Junk
name = Spam
}
mailbox {
auto = subscribe
special_use = \Trash
name = Trash
}
prefix =
separator = /
type = private
name =
}
namespace {
list = children
location = maildir:%%Lh:INDEXPVT=%%Lh/Shared/%{auth_user}
prefix = Shared/%%u/
separator = /
subscriptions = yes
type = shared
name =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
result_success = continue
}
plugin {
acl = vfile:/etc/dovecot/dovecot-acl
acl_shared_dict = proxy::acl
mail_log_events = delete undelete expunge copy mailbox_create mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size from subject flags
quota = maildir:User quota
quota_rule = *:storage=1G
quota_rule2 = Trash:storage=+100M
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = file:/home/vmail/%d/sieve/%n/;active=/home/vmail/%d/sieve/%n/.dovecot.sieve
sieve_before = /home/vmail/sieve/sievebefore1
sieve_editheader_forbid_add = X-Verified
sieve_editheader_forbid_delete = X-Verified X-Seen
sieve_editheader_max_header_size = 1k
sieve_extensions = +editheader
sieve_global_dir = /home/vmail/sieve
sieve_max_redirects = 30
sieve_vacation_default_period = 1d
sieve_vacation_min_period = 0
sieve_vacation_send_from_recipient = yes
}
protocols = pop3 imap sieve lmtp
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service {
unix_listener {
group = postfix
mode = 0666
user = postfix
path = /var/spool/postfix/private/auth
}
unix_listener {
group = vmail
mode = 0660
user = vmail
path = auth-userdb
}
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service {
unix_listener {
group = vmail
mode = 0660
user = vmail
path = dict
}
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns-client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
process_min_avail = 8
service_count = 0
vsz_limit = 1 G
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service {
process_limit = 2048
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service {
unix_listener {
group = postfix
mode = 0666
user = postfix
path = /var/spool/postfix/private/dovecot-lmtp
}
name = lmtp
}
service log-errors {
name = log
}
service {
inet_listener {
port = 4190
name = sieve
}
name = managesieve-login
}
service login/sieve {
name = managesieve
}
service old-stats-mail {
name = old-stats
}
service pop3 {
service_count = 0
name = pop3-login
}
service login/pop3 {
name = pop3
}
service {
executable = script /opt/scripts/dovecot/quota-warning.sh
unix_listener {
group = vmail
mode = 0660
user = vmail
path = quota-warning
}
name = quota-warning
}
service replicator-doveadm {
name = replicator
}
service login/stats-writer {
unix_listener {
group = vmail
mode = 0660
user = vmail
path = stats-reader
}
unix_listener {
group = vmail
mode = 0660
user = vmail
path = stats-writer
}
name = stats
}
service submission {
name = submission-login
}
service login/submission {
name = submission
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lda {
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_plugins = quota mailbox_alias acl mail_log notify sieve
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns-client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service sieve {
name = managesieve-login
}
service login/sieve {
name = managesieve
}
service old-stats-mail {
name = old-stats
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/stats-writer {
name = stats
}
service submission {
name = submission-login
}
service login/submission {
name = submission
}
}
protocol lmtp {
mail_plugins = quota mailbox_alias acl mail_log notify sieve
postmaster_address = [email protected]
recipient_delimiter = +
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns-client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service sieve {
name = managesieve-login
}
service login/sieve {
name = managesieve
}
service old-stats-mail {
name = old-stats
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/stats-writer {
name = stats
}
service submission {
name = submission-login
}
service login/submission {
name = submission
}
}
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep
mail_max_userip_connections = 256
mail_plugins = quota mailbox_alias acl mail_log notify imap_quota imap_acl
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns-client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service sieve {
name = managesieve-login
}
service login/sieve {
name = managesieve
}
service old-stats-mail {
name = old-stats
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/stats-writer {
name = stats
}
service submission {
name = submission-login
}
service login/submission {
name = submission
}
}
protocol pop3 {
mail_max_userip_connections = 30
mail_plugins = quota mailbox_alias acl mail_log notify
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_uidl_format = %08Xu%08Xv
service replication-notify-fifo {
name = aggregator
}
service anvil-auth-penalty {
name = anvil
}
service auth-worker {
name = auth-worker
}
service auth-client {
name = auth
}
service config {
name = config
}
service dict-async {
name = dict-async
}
service dict {
name = dict
}
service login/proxy-notify {
name = director
}
service dns-client {
name = dns-client
}
service doveadm-server {
name = doveadm
}
service imap-hibernate {
name = imap-hibernate
}
service imap {
name = imap-login
}
service imap-urlauth {
name = imap-urlauth-login
}
service imap-urlauth-worker {
name = imap-urlauth-worker
}
service token-login/imap-urlauth {
name = imap-urlauth
}
service imap-master {
name = imap
}
service indexer-worker {
name = indexer-worker
}
service indexer {
name = indexer
}
service ipc {
name = ipc
}
service lmtp {
name = lmtp
}
service log-errors {
name = log
}
service sieve {
name = managesieve-login
}
service login/sieve {
name = managesieve
}
service old-stats-mail {
name = old-stats
}
service pop3 {
name = pop3-login
}
service login/pop3 {
name = pop3
}
service replicator-doveadm {
name = replicator
}
service login/stats-writer {
name = stats
}
service submission {
name = submission-login
}
service login/submission {
name = submission
}
}
鸽舍结构似乎存在物理限制:
配额和共享命名空间
配额插件根据所有者的配额考虑共享命名空间,而不是 当前用户的。每个用户的配额有限制 配置被忽略,当前用户的配置是 使用过。
除非明确指定配额,否则公共命名空间将被忽略 为了它
您是否尝试过对特定命名空间使用不同的配额检查?
https://doc.dovecot.org/configuration_manual/quota/#quota-for-private-namespaces