search

docker-mailserver / docker-mailserver

Production-ready fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) running inside a container.
https://docker-mailserver.github.io/docker-mailserver/latest/
MIT License
14.76k stars 1.84k forks source link

[FR] Quota for LDAP account is working #2957

Open Marsu31 opened 1 year ago

Marsu31 commented 1 year ago

Feature Request

Context

Quota with LDAP configuration.

Is your Feature Request related to a Problem?

Yes. Quota is disabled if LDAP.

Describe the Solution you'd like

Permit quota if LDAP.

Are you going to implement it?

No but ...

What are you going to contribute?? What have you done already?

I tried to configure quota with LDAP and it works :

  1. activate quota like in account provisioner of type file (default behaviour). This is done inside running container.
  2. configure quota in LDAP. I'm using postfix-book schema within OenLDAP.
    1. create a user with object class PostfixBookMailAccount (for mail attributes)
    2. fill mailQuota attribute, for example 100M.
  3. add the following attribute to DOVECOT_USER_ATTRS : =quota_rule=*:storage=%{ldap:mailQuota}

I tested this configuration sending mail mails which are bigger than quota, they were rejected. Thunderbird detects too the mail box quota.

What you have to do, almost nothing :wink: :

  1. Allow quota for LDAP account provisioner
  2. Add few lines to documentation with my sample.

Regards.

Marsu31 commented 1 year ago

Waiting for your work, this is the user patches which activates quotas. Big copy/paste from setup-stack.sh.

echo 'user-patches.sh starting...'

source /usr/local/bin/helpers/index.sh

_log 'debug' 'Setting up Dovecot quota'

if [[ -f /etc/dovecot/conf.d/90-quota.conf.disab ]]
then
  mv /etc/dovecot/conf.d/90-quota.conf.disab /etc/dovecot/conf.d/90-quota.conf
  sed -i \
    "s|mail_plugins = \$mail_plugins|mail_plugins = \$mail_plugins quota|g" \
    /etc/dovecot/conf.d/10-mail.conf
  sed -i \
    "s|mail_plugins = \$mail_plugins|mail_plugins = \$mail_plugins imap_quota|g" \
    /etc/dovecot/conf.d/20-imap.conf
fi

MESSAGE_SIZE_LIMIT_MB=$((POSTFIX_MESSAGE_SIZE_LIMIT / 1000000))
MAILBOX_LIMIT_MB=$((POSTFIX_MAILBOX_SIZE_LIMIT / 1000000))

sed -i \
  "s|quota_max_mail_size =.*|quota_max_mail_size = ${MESSAGE_SIZE_LIMIT_MB}$([[ ${MESSAGE_SIZE_LIMIT_MB} -eq 0 ]] && echo "" || echo "M")|g" \
  /etc/dovecot/conf.d/90-quota.conf

sed -i \
  "s|quota_rule = \*:storage=.*|quota_rule = *:storage=${MAILBOX_LIMIT_MB}$([[ ${MAILBOX_LIMIT_MB} -eq 0 ]] && echo "" || echo "M")|g" \
  /etc/dovecot/conf.d/90-quota.conf

if [[ -d /tmp/docker-mailserver ]] && [[ ! -f /tmp/docker-mailserver/dovecot-quotas.cf ]]
then
  _log 'trace' "'/tmp/docker-mailserver/dovecot-quotas.cf' is not provided. Using default quotas."
  : >/tmp/docker-mailserver/dovecot-quotas.cf
fi

# enable quota policy check in postfix
sed -i \
  "s|reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org|reject_unknown_recipient_domain, check_policy_service inet:localhost:65265, reject_rbl_client zen.spamhaus.org|g" \
  /etc/postfix/main.cf

echo 'user-patches.sh successfully executed'
casperklein commented 1 year ago

Non of the current maintainers is using a LDAP setup. So the chances that someone will pick it up is pretty low.

Unless you want to implement this feature yourself, the best solution for now is probably to document it. Feel free to do so, any support is highly appreciated.

williamdes commented 1 year ago

I might be interested to look into this one as I have an LDAP setup running in production

williamdes commented 1 year ago

Hi @Marsu31 Reading your patch, the line after # enable quota policy check in postfix seems not to have any use for quota, right ?

reneploetz commented 1 year ago

It does insofar as enabling the policy service of dovecot (see https://github.com/docker-mailserver/docker-mailserver/blob/master/target/dovecot/90-quota.conf#L46) to be used so that postfix does enforce the quota too. I'm currently using a modified patch in my system with that line changed as it is currently: https://github.com/docker-mailserver/docker-mailserver/blob/master/target/scripts/startup/setup.d/dovecot.sh#L130

Note that I think that removing the check for [ ${ACCOUNT_PROVISIONER} != 'FILE' ] in line 88 of dovecot.sh is already enough for the whole feature to work: https://github.com/docker-mailserver/docker-mailserver/blob/master/target/scripts/startup/setup.d/dovecot.sh#L88 For safety we might want to move the ACCOUNT_PROVISIONER check to line 124 as the dovecot-quotas.cf is not applicable to LDAP setups: https://github.com/docker-mailserver/docker-mailserver/blob/master/target/scripts/startup/setup.d/dovecot.sh#L124

I also thought about providing a pull request for this but never had time to do so.