[cyrus 3.0] 20 delayed mailbox deleted limit?

Andre Felipe Machado andremachado at techforce.com.br
Thu Jun 9 13:11:22 EDT 2016 

Andrew Morgan <morgan at orst.edu> wrote ..
> On Thu, 9 Jun 2016, Andre Felipe Machado via Info-cyrus wrote:
> 
> > Bron Gondwana via Info-cyrus <info-cyrus at lists.andrew.cmu.edu> wrote ..
> >> On Thu, Jun 9, 2016, at 03:02, Andre Felipe Machado via Info-cyrus wrote:
> >>> Hello,
> >>> At future release notes I read
> >>> "Under delete_mode: delayed, only the 20 most recently deleted mailboxes are
> >> kept for any given name."
> >>> https://cyrusimap.org/imap/release-notes/3.0/x/3.0.0-beta2.html
> >>> Is there any configuration parameter to increase this limit?
> >>> Why this limit is needed?
> >>
> >> denial of service / space wastage protection.  There's no config option available
> >> right now.  I could be convinced to change it.
> >>
> >> How would you suggest we protect against exploiting delayed delete to fill the
> >> server without going over quota?  Maybe a new quota field for "total mailbox
> usage
> >> including deleted stuff" that can be set to a high enough value that no reasonable
> >> user will ever hit it?
> >>
> >> Bron.
> >>
> >> --
> >>   Bron Gondwana
> >>   brong at fastmail.fm
> >> ----
> >
> > Hello, Bron
> > I understand the problem.
> > But at a corporate scenario, it is a rare event, because of jobs at stake, tracked
> user accounts,  antispam measures, etc.
> > It is more likely a "rogue" client,  bug/misconfiguration on a smartphone causing
> such problems.
> > We stay with official debian repositories versions as long as we could, receiving
> security patches.
> > So, mantaining an unofficial patch will be a big problem.
> > The sysadmin configurable parameters will be a more elegant solution.
> > Having configurations at sysadmin control will mantain cyrus flexible for use
> at different usage scenarios.
> > For the DoS / waste space problems, the 2 quota limits configurations are more
> suitable than counting folders quantity.
> > What if each folder contains 1 TB deleted messages?
> > Maybe a reasonable default (10 times user quota?) for those not wanting to configure
> is good idea.
> > Even better to have also a way to control individual accounts total quotas, for
> those corporate accounts like "sales at foo.bar" that  receive lots of legitimate
> emails and have to
> > delete them after processing.
> > We have zabbix monitoring space at our cyrus backends, and need unlimited  or
> configurable delayed expunge limits for recovering messages and folders for years
> at corporate
> > scenario.
> > Thanks .
> > Andre Felipe
> 
> Remember, this is a limit on the number of deleted *mailboxes* kept, not 
> messages.
> 
> Bron, this could impact Pine/Alpine users that frequently postpone 
> messages.  Pine creates a folder named "postponed-msgs" to store drafts. 
> The folder is created when a draft is saved and deleted when all drafts 
> have been deleted/sent.
> 
> Here is my personal deleted folders list, right now:
> 
> DELETED.user.morgan.postponed-msgs.5755CF0C     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.5755F446     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.5755F486     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.5755F4D1     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.5755F4E4     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.5755F50E     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.5755F65F     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.5755F844     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.5756ECFC     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.5756F602     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.575706F8     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.57585C5D     0 p2 morgan     lrswipkxtecda
> DELETED.user.morgan.postponed-msgs.57587FE1     0 p2 morgan     lrswipkxtecda
> 
> We are removing deleted mailboxes after 7 days:
> 
> delprune      cmd="/usr/local/cyrus/bin/cyr_expire -E 1 -X 7 -D 7" at=0100
> 
> 
> I don't know if other IMAP clients have similar quirky behavior, but I 
> could see myself running into this limit.  However, I certainly don't care 
> about recovering my old postponed-msgs mailboxes.
> 
> Hmmm, is this a limit per-mailbox (user.morgan.postponed-msgs) or per-user 
> (all mailboxes under user.morgan)?
> 
> Thanks,
>  	Andy


Hello, Andrew
Yes, I am aware of being mailboxes limit. This causes it to be even less suitable for the intended DoS/waste space control than the 2 quotas idea and less yet at corporate 
scenario. And there are the individual total quota idea to evaluate.
We observed that there are corporate users that organize their inboxes at extreme levels, containing dozens of folders, classified by project, by department, by date, by subject, by 
sender, etc. 
Sometimes their reorganize / delete many of them.  Using zabbix, we even observe spikes on available space on quotas and on disk space after expire period.  The 20 limit is a 
non starter, simply too small.

Could someone point where is such code at
https://github.com/cyrusimap/cyrus-imapd ?
Regards.
Andre Felipe

More information about the Info-cyrus mailing list