ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';
Setting the default to zero means that user quotas will default to unlimited.
Modify /etc/dovecot/dovecot-sql.conf.ext to add the quota rule:
user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "/home/user-data/mail/mailboxes/%d/%n" as home, '*:bytes=' || quota AS quota_rule FROM users WHERE email='%u';
Add the following line to `/usr/local/lib/roundcubemail/config/config.inc.php’
$config['quota_zero_as_unlimited'] = true;
Restart dovecot.
Quotas are working for me now and I can set the quotas for individual users by modifying the quota column in the users table.
Are there any problems with this implementation? I’d especially like to hear from the dovecot experts.
@jrsupplee I too thank you for posting this information.
The project maintainer @JoshData has stated that mail quota’s were outside of the scope of this project. I understand and do not disagree with his reasoning. However, as the project has matured I would like there to be further discussion of this.
Josh’s initial intent was, I believe, for mainly individuals to set up MiaB but in the last few years it has been adopted by many many small businesses as well, So maybe it is time to give further consideration to adding quotas as it has been one of the more consistently asked for improvements/additons to this project.
It is already there … ‘archive account’. This action removes the account from the database so it is no longer possible to log in, send, or receive email with it. HOWEVER the actual physical email files are NOT deleted. They must be deleted manually from the command line. This, IMHO, is a good feature to help avoid accidental deletion of email.
Speaking of changes, I’ve been meaning to get around to adding support for external authentication ( External Authentication Repo? ), but I haven’t been able to fully grasp Keycloak and OpenLDAP. I feel like Mail-in-a-Box needs to get to a point where you can plug it into your existing environment, and streamline making everything work together (like Single-Sign-On).
For example, I want to run a full Nextcloud server, Collabora Office environment, MediaWiki, Wordpress, blaw blaw blaw, and want to give all my users ONE username and ONE password, where they sign into ONE login prompt. And when they switch between services, they stay logged in/out.
I know that Mail-in-a-Box is not an all-in-one magical solution, but I feel like it should get to a point where it can fit into the bigger picture of a business with all its applications.
…Oh the joys of ignorance and lack of time, but the eagerness to make the world a better place.
…Anyways, @jrsupplee, would you consider looking into implementing quotas into an LDAP user object thingy?.. I had looked at some documentation on LDAP schemas and stuff, but that was a couple of months ago.
Well, there are business applications that can be used for personal use. I mean Google G-Suite is for businesses, but I still use it for personal use for free. business-y personal use. It’s nice how going from Google mail magically signs me in when I go to YouTube, Google Docs, Google Drive, etc…
Sorry, @Eliter I’m not done with the implementation of the quotas and that is my focus right now for MiaB changes. Also, if you need LDAP support you should probably be looking at something other than MiaB.
Specifically, quota calculations are only made when the IMAP server (Dovecot) is accessed. So if the user does not access Dovecot the mailbox size will not be updated and mail will continue to be delivered by Postfix regardless of any quota settings. At least that is how I understand the situation right now.
Postfix needs to be configured to check the quota status before delivering the mail. I’ll look at this when I can but if anyone has any experience with this I’m all ears.
I made an edit to my post just before you posted this. External LDAP would be nice to have. But comparing G-Suite to MIAB is like comparing a Prius to a Commercial truck bro.
So my main problem with how MIAB manages stuff is that there is no standard, especially in a median that is happy to be externally pushed/synced, so that means there’s no plug-n-play or good communication between applications.
Now, I did look into how MIAB manages stuff, and looked into how to tinker with it. MIAB puts all its stuff into two places–inside /home/www-data/blaw/blaw/blaw (in a directory, in maildir format), and in a SQLlite database located somewhere on the system (I forgot where). I forget it Postfix needs to access either of these.
So Dovecot uses the SQL/SQLlite plugin/mod, which makes an SQL query for the SQLlite file. When IMAP authentication requests hit the Dovecot server, Dovecot hits the SQLlite file, then responds accordingly to the SQLlite file. Nextcloud is configured to use IMAP authentication to the Dovecot server.
Now, I know that Dovecot supports LDAP. The problem WAS that Dovecot didn’t support LDAP on Ubuntu 14.04, but luckily we are not in that situation anymore with Ubuntu 18.04. So hopefully if Dovecot can be configured to use LDAP, then we’ll be golden… Hopefully. With these types of things, it is ALWAYS easier said than done.
I saw.
Who is Google and who is MIAB in this context? The commercial truck has a lot more power than a Prius, but presumably isn’t newer, is older, slow and with far less technology in it than a Prius.
From someone who has spent time configuring an LDAP server, trust me a SQLite database is much simpler. The amount of overhead required to run an LDAP server is not worth it when SQLite does the job.
I’m not saying your use case is invalid, just that you are asking to add another level of complexity that most people who use MiaB do not require.
Well, I have looked into other external authentication protocols (looking to Keycloak’s supported authentication methods as an example), it seems LDAP has a lot more support and popularity than say openID or Oauth. I don’t know much about authentication jargain, but I know it would be nice to magically be able to go from MIAB to MediaWiki/Wordpress/other, and back without having to sign in/out for each, (possibly) having multiple passwords for each.
EDIT: Oh yes, Apache2 is a big reason for me. I wanted to figure out how to lock down the whole server, by forcing authentication. PHP authentication only goes so far, because clients can still access non-PHP files without authenticating.
