Add quota checking

README.md

@@ -18,6 +18,12 @@ auth_mechanisms: ["plain", "login"]
 # Array of users if dovecot should handle users in a db. Not usable if you enable ldap.
 # Each user is a dict, for options see *userdict* below
 user: []
+
+# The maximum amount of storage a mailbox can use in kilobytes. Supports b/k/M/G/T/% suffixes
+quota: ""
+
+# The amount a mailbox can go over quota. Works only for accepting messages. Value in %, defaults to 10
+quota_grace: "10"
 ```
 
 **userdict**

defaults/main.yml

@@ -8,3 +8,5 @@ dovecot:
   - plain
   - login
   user: []
+  quota: ""
+  quota_grace: "10"

tasks/main.yml

@@ -42,7 +42,9 @@
     - { src: "10-mail.conf.j2", dest: "/etc/dovecot/conf.d/10-mail.conf" }
     - { src: "15-lda.conf.j2", dest: "/etc/dovecot/conf.d/15-lda.conf" }
     - { src: "15-mailboxes.conf.j2", dest: "/etc/dovecot/conf.d/15-mailboxes.conf" }
+    - { src: "20-imap.conf.j2", dest: "/etc/dovecot/conf.d/20-imap.conf" }
     - { src: "20-managesieve.conf.j2", dest: "/etc/dovecot/conf.d/20-managesieve.conf" }
+    - { src: "90-quota.conf.j2", dest: "/etc/dovecot/conf.d/90-quota.conf" }
     - { src: "auth-system.conf.j2", dest: "/etc/dovecot/conf.d/auth-system.conf" }
     - { src: "auth-ldap.conf.j2", dest: "/etc/dovecot/conf.d/auth-ldap.conf" }
     - { src: "dovecot-ldap.conf.ext.j2", dest: "/etc/dovecot/dovecot-ldap.conf.ext" }

templates/10-mail.conf.j2

@@ -212,7 +212,11 @@ last_valid_gid = {{ vmail_group.gid }}
 
 # Space separated list of plugins to load for all services. Plugins specific to
 # IMAP, LDA, etc. are added to this list in their own .conf files.
+{% if dovecot.quota %}
+mail_plugins = quota
+{% else %}
 #mail_plugins =
+{% endif %}
 
 ##
 ## Mailbox handling optimizations

templates/15-lda.conf.j2

@@ -12,7 +12,11 @@
 
 # If user is over quota, return with temporary failure instead of
 # bouncing the mail.
+{% if dovecot.quota %}
+quota_full_tempfail = yes
+{% else %}
 #quota_full_tempfail = no
+{% endif %}
 
 # Binary to use for sending mails.
 #sendmail_path = /usr/sbin/sendmail

templates/20-imap.conf.j2

@@ -0,0 +1,102 @@
+##
+## IMAP specific settings
+##
+
+# If nothing happens for this long while client is IDLEing, move the connection
+# to imap-hibernate process and close the old imap process. This saves memory,
+# because connections use very little memory in imap-hibernate process. The
+# downside is that recreating the imap process back uses some resources.
+#imap_hibernate_timeout = 0
+
+# Maximum IMAP command line length. Some clients generate very long command
+# lines with huge mailboxes, so you may need to raise this if you get
+# "Too long argument" or "IMAP command line too large" errors often.
+#imap_max_line_length = 64k
+
+# IMAP logout format string:
+#  %i - total number of bytes read from client
+#  %o - total number of bytes sent to client
+#  %{fetch_hdr_count} - Number of mails with mail header data sent to client
+#  %{fetch_hdr_bytes} - Number of bytes with mail header data sent to client
+#  %{fetch_body_count} - Number of mails with mail body data sent to client
+#  %{fetch_body_bytes} - Number of bytes with mail body data sent to client
+#  %{deleted} - Number of mails where client added \Deleted flag
+#  %{expunged} - Number of mails that client expunged, which does not
+#                include automatically expunged mails
+#  %{autoexpunged} - Number of mails that were automatically expunged after
+#                    client disconnected
+#  %{trashed} - Number of mails that client copied/moved to the
+#               special_use=\Trash mailbox.
+#  %{appended} - Number of mails saved during the session
+#imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} \
+#  trashed=%{trashed} hdr_count=%{fetch_hdr_count} \
+#  hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} \
+#  body_bytes=%{fetch_body_bytes}
+
+# Override the IMAP CAPABILITY response. If the value begins with '+',
+# add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
+#imap_capability =
+
+# How long to wait between "OK Still here" notifications when client is
+# IDLEing.
+#imap_idle_notify_interval = 2 mins
+
+# ID field names and values to send to clients. Using * as the value makes
+# Dovecot use the default value. The following fields have default values
+# currently: name, version, os, os-version, support-url, support-email.
+#imap_id_send =
+
+# ID fields sent by client to log. * means everything.
+#imap_id_log =
+
+# Workarounds for various client bugs:
+#   delay-newmail:
+#     Send EXISTS/RECENT new mail notifications only when replying to NOOP
+#     and CHECK commands. Some clients ignore them otherwise, for example OSX
+#     Mail (<v2.1). Outlook Express breaks more badly though, without this it
+#     may show user "Message no longer in server" errors. Note that OE6 still
+#     breaks even with this workaround if synchronization is set to
+#     "Headers Only".
+#   tb-extra-mailbox-sep:
+#     Thunderbird gets somehow confused with LAYOUT=fs (mbox and dbox) and
+#     adds extra '/' suffixes to mailbox names. This option causes Dovecot to
+#     ignore the extra '/' instead of treating it as invalid mailbox name.
+#   tb-lsub-flags:
+#     Show \Noselect flags for LSUB replies with LAYOUT=fs (e.g. mbox).
+#     This makes Thunderbird realize they aren't selectable and show them
+#     greyed out, instead of only later giving "not selectable" popup error.
+#
+# The list is space-separated.
+#imap_client_workarounds =
+
+# Host allowed in URLAUTH URLs sent by client. "*" allows all.
+#imap_urlauth_host =
+
+# Enable IMAP LITERAL- extension (replaces LITERAL+)
+#imap_literal_minus = no
+
+# What happens when FETCH fails due to some internal error:
+#   disconnect-immediately:
+#     The FETCH is aborted immediately and the IMAP client is disconnected.
+#   disconnect-after:
+#     The FETCH runs for all the requested mails returning as much data as
+#     possible. The client is finally disconnected without a tagged reply.
+#   no-after:
+#     Same as disconnect-after, but tagged NO reply is sent instead of
+#     disconnecting the client. If the client attempts to FETCH the same failed
+#     mail more than once, the client is disconnected. This is to avoid clients
+#     from going into infinite loops trying to FETCH a broken mail.
+#imap_fetch_failure = disconnect-immediately
+
+protocol imap {
+  # Space separated list of plugins to load (default is global mail_plugins).
+  {% if dovecot.quota -%}
+  mail_plugins = $mail_plugins imap_quota
+  {% else -%}
+  #mail_plugins = $mail_plugins
+  {% endif -%}
+
+  # Maximum number of IMAP connections allowed for a user from each IP address.
+  # NOTE: The username is compared case-sensitively.
+  #mail_max_userip_connections = 10
+}

templates/90-quota.conf.j2

@@ -0,0 +1,112 @@
+##
+## Quota configuration.
+##
+
+# Note that you also have to enable quota plugin in mail_plugins setting.
+# <doc/wiki/Quota.txt>
+
+##
+## Quota limits
+##
+
+# Quota limits are set using "quota_rule" parameters. To get per-user quota
+# limits, you can set/override them by returning "quota_rule" extra field
+# from userdb. It's also possible to give mailbox-specific limits, for example
+# to give additional 100 MB when saving to Trash:
+
+plugin {
+  {% if dovecot.quota -%}
+  quota_rule = *:storage={{ dovecot.quota }}
+
+  # What to give back to postfix when checking quotas
+  quota_status_success = DUNNO
+  quota_status_nouser = DUNNO
+  quota_status_overquota = "552 5.2.2 Mailbox is full"
+  {% else %}
+  #quota_rule = *:storage=1G
+  #quota_rule2 = Trash:storage=+100M
+  {% endif -%}
+
+  # LDA/LMTP allows saving the last mail to bring user from under quota to
+  # over quota, if the quota doesn't grow too high. Default is to allow as
+  # long as quota will stay under 10% above the limit. Also allowed e.g. 10M.
+  {% if dovecot.quota_grace -%}
+  quota_grace = {{ dovecot.quota_grace }}%%
+  {% else -%}
+  #quota_grace = 10%%
+  {% endif %}
+
+  # Quota plugin can also limit the maximum accepted mail size.
+  #quota_max_mail_size = 100M
+}
+
+##
+## Quota warnings
+##
+
+# You can execute a given command when user exceeds a specified quota limit.
+# Each quota root has separate limits. Only the command for the first
+# exceeded limit is executed, so put the highest limit first.
+# The commands are executed via script service by connecting to the named
+# UNIX socket (quota-warning below).
+# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
+
+plugin {
+  #quota_warning = storage=95%% quota-warning 95 %u
+  #quota_warning2 = storage=80%% quota-warning 80 %u
+}
+
+# Example quota-warning service. The unix listener's permissions should be
+# set in a way that mail processes can connect to it. Below example assumes
+# that mail processes run as vmail user. If you use mode=0666, all system users
+# can generate quota warnings to anyone.
+#service quota-warning {
+#  executable = script /usr/local/bin/quota-warning.sh
+#  user = dovecot
+#  unix_listener quota-warning {
+#    user = vmail
+#  }
+#}
+
+##
+## Quota backends
+##
+
+# Multiple backends are supported:
+#   dirsize: Find and sum all the files found from mail directory.
+#            Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
+#   dict: Keep quota stored in dictionary (eg. SQL)
+#   maildir: Maildir++ quota
+#   fs: Read-only support for filesystem quota
+
+plugin {
+  #quota = dirsize:User quota
+  {% if dovecot.quota -%}
+  quota = maildir:User quota
+  {% else -%}
+  #quota = maildir:User quota
+  {% endif -%}
+  #quota = dict:User quota::proxy::quota
+  #quota = fs:User quota
+}
+
+# Multiple quota roots are also possible, for example this gives each user
+# their own 100MB quota and one shared 1GB quota within the domain:
+plugin {
+  #quota = dict:user::proxy::quota
+  #quota2 = dict:domain:%d:proxy::quota_domain
+  #quota_rule = *:storage=102400
+  #quota2_rule = *:storage=1048576
+}
+
+{% if dovecot.quota %}
+# add a service so that postfix can check quota when receiving mail
+service quota-status {
+  executable = quota-status -p postfix
+  inet_listener {
+    address = 127.0.0.1
+    port = 12340
+  }
+  client_limit = 1
+}
+{% endif %}