docs: Refactor the quota section
Better documented with links and coverage over the workaround details we've implemented.
This commit is contained in:
polarathene
parent
b7c5ff3bd2
commit
6e9c6b8503
|
|
@ -91,11 +91,35 @@ Wildcard and need to alias each real account.. (no longer supported?)
|
|||
|
||||
### Quotas
|
||||
|
||||
- `imap-quota` is enabled and allow clients to query their mailbox usage.
|
||||
- Dovecot quotas are compatible with LDAP, **but it's not implemented** (_PRs are welcome!_).
|
||||
Enables the capability for a mail client to query the storage usage and limit (quota) of a mailbox.
|
||||
|
||||
Known issues
|
||||
default feature enabled, dovecot creates dummy accounts to workaround alias limitation.
|
||||
- **Not implemented** for the LDAP provisioner (_PR welcome! [feature request with implementation advice][gh-issue::dms-feature-request::dovecot-quotas-ldap]_)
|
||||
- The [Dovecot `imap-quota` plugin][dovecot-docs::plugin::imap-quota] is enabled by default. Opt-out via [`ENABLE_QUOTAS=0`][docs::env::enable-quotas]
|
||||
|
||||
??? abstract "Technical Details"
|
||||
|
||||
The [Dovecot quotas feature][gh-pr::dms-feature::dovecot-quotas] is configured to use the [`count` quota backend][dovecot-docs::config::quota-backend-count].
|
||||
|
||||
---
|
||||
|
||||
**Dovecot workaround for Postfix aliases**
|
||||
|
||||
When mail is delivered to DMS, Postfix will query Dovecot with the recipient(s) to verify quota has not been exceeded.
|
||||
|
||||
This allows early rejection of mail arriving to DMS, preventing a spammer from taking advantage of a [backscatter][wikipedia::backscatter] source if the mail was accepted by Postfix, only to later be rejected by Dovecot for storage when the quota limit was already reached.
|
||||
|
||||
However, Postfix does not resolve aliases until after the incoming mail is accepted.
|
||||
|
||||
1. Postfix queries Dovecot (_a [`check_policy_service` restriction tied to the Dovecot `quota-status` service][dms::workaround::dovecot-quotas::notes-1]_) with the recipient (_the alias_).
|
||||
2. `dovecot: auth: passwd-file(alias@example.com): unknown user` is logged, Postfix is then informed that the recipient mailbox is not full even if it actually was (_since no such user exists in the Dovecot UserDB_).
|
||||
3. However, when the real mailbox address that the alias would later resolve into does have a quota that exceeded the configured limit, Dovecot will refuse the mail delivery from Postfix which introduces a backscatter source for spammers.
|
||||
|
||||
As a [workaround to this problem with the `ENABLE_QUOTAS=1` feature][dms::workaround::dovecot-quotas::summary], DMS will add aliases as fake users into Dovecot UserDB (_that are configured with the same data as the real address the alias would resolve to, thus sharing the same mailbox location and quota limit_). This allows Postfix to properly be aware of an aliased mailbox having exceeded the allowed quota.
|
||||
|
||||
**NOTE:** This workaround **only supports** aliases to a single target recipient of a real account address / mailbox.
|
||||
|
||||
- Additionally, aliases that resolve to another alias or to an external address would both fail the UserDB lookup, unable to determine if enough storage is available.
|
||||
- A proper fix would [implement a Postfix policy service][dms::workaround::dovecot-quotas::notes-2] that could correctly resolve aliases to valid entries in the Dovecot UserDB, querying the `quota-status` service and returning that response to Postfix.
|
||||
|
||||
## Technical Overview
|
||||
|
||||
|
|
@ -133,6 +157,16 @@ default feature enabled, dovecot creates dummy accounts to workaround alias limi
|
|||
[wikipedia::subaddressing]: https://en.wikipedia.org/wiki/Email_address#Sub-addressing
|
||||
[ms-exchange-docs::limitations]: https://learn.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online#using-plus-addresses
|
||||
|
||||
[docs::env::enable-quotas]: ../environment.md#enable_quotas
|
||||
[gh-issue::dms-feature-request::dovecot-quotas-ldap]: https://github.com/docker-mailserver/docker-mailserver/issues/2957
|
||||
[dovecot-docs::config::quota-backend-count]: https://doc.dovecot.org/configuration_manual/quota/quota_count/#quota-backend-count
|
||||
[dovecot-docs::plugin::imap-quota]: https://doc.dovecot.org/settings/plugin/imap-quota-plugin/
|
||||
[gh-pr::dms-feature::dovecot-quotas]: https://github.com/docker-mailserver/docker-mailserver/pull/1469
|
||||
[wikipedia::backscatter]: https://en.wikipedia.org/wiki/Backscatter_%28email%29
|
||||
[dms::workaround::dovecot-quotas::notes-1]: https://github.com/docker-mailserver/docker-mailserver/issues/2091#issuecomment-954298788
|
||||
[dms::workaround::dovecot-quotas::notes-2]: https://github.com/docker-mailserver/docker-mailserver/pull/2248#issuecomment-953754532
|
||||
[dms::workaround::dovecot-quotas::summary]: https://github.com/docker-mailserver/docker-mailserver/pull/2248#issuecomment-955088677
|
||||
|
||||
[postfix-docs::virtual-alias]: http://www.postfix.org/VIRTUAL_README.html#virtual_alias
|
||||
[postfix-docs::recipient-delimiter]: http://www.postfix.org/postconf.5.html#recipient_delimiter
|
||||
[dovecot-docs::config::recipient-delimiter]: https://doc.dovecot.org/settings/core/#core_setting-recipient_delimiter
|
||||
|
|
|
|||
Loading…
Reference in New Issue