From 1795f8aefdd91a1e798242574b0fc48a459c363f Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 27 Apr 2024 18:41:35 -0400
Subject: [PATCH 01/55] bringing in quota changes

---
 conf/dovecot/conf.d/15-mailboxes.conf |  63 +++++++++++++
 management/cli.py                     |  20 +++++
 management/daemon.py                  |  49 ++++++++++-
 management/mailconfig.py              | 122 ++++++++++++++++++++++++--
 management/status_checks.py           |   4 +-
 management/templates/users.html       | 106 ++++++++++++++++++++--
 setup/bootstrap.sh                    |  25 +++---
 setup/mail-dovecot.sh                 |  48 +++++++---
 setup/mail-postfix.sh                 |  24 ++---
 setup/mail-users.sh                   |  19 ++--
 setup/webmail.sh                      |  29 +++---
 11 files changed, 436 insertions(+), 73 deletions(-)
 create mode 100644 conf/dovecot/conf.d/15-mailboxes.conf
 mode change 100755 => 100644 setup/webmail.sh

diff --git a/conf/dovecot/conf.d/15-mailboxes.conf b/conf/dovecot/conf.d/15-mailboxes.conf
new file mode 100644
index 00000000..58e2efed
--- /dev/null
+++ b/conf/dovecot/conf.d/15-mailboxes.conf
@@ -0,0 +1,63 @@
+## NOTE: This file is automatically generated by Mail-in-a-Box.
+##       Do not edit this file. It is continually updated by
+##       Mail-in-a-Box and your changes will be lost.
+##
+##       Mail-in-a-Box machines are not meant to be modified.
+##       If you modify any system configuration you are on
+##       your own --- please do not ask for help from us.
+
+namespace inbox {
+  # Automatically create & subscribe some folders.
+  # * Create and subscribe the INBOX folder.
+  # * Our sieve rule for spam expects that the Spam folder exists.
+  # * Z-Push must be configured with the same settings in conf/zpush/backend_imap.php (#580).
+
+  # MUA notes:
+  # * Roundcube will show an error if the user tries to delete a message before the Trash folder exists (#359).
+  # * K-9 mail will poll every 90 seconds if a Drafts folder does not exist.
+  # * Apple's OS X Mail app will create 'Sent Messages' if it doesn't see a folder with the \Sent flag (#571, #573) and won't be able to archive messages unless 'Archive' exists (#581).
+  # * Thunderbird's default in its UI is 'Archives' (plural) but it will configure new accounts to use whatever we say here (#581).
+
+  # auto:
+  # 'create' will automatically create this mailbox.
+  # 'subscribe' will both create and subscribe to the mailbox.
+
+  # special_use is a space separated list of IMAP SPECIAL-USE
+  # attributes as specified by RFC 6154:
+  # \All \Archive \Drafts \Flagged \Junk \Sent \Trash
+
+  mailbox INBOX {
+    auto = subscribe
+  }
+  mailbox Spam {
+    special_use = \Junk
+    auto = subscribe
+  }
+  mailbox Drafts {
+    special_use = \Drafts
+    auto = subscribe
+  }
+  mailbox Sent {
+    special_use = \Sent
+    auto = subscribe
+  }
+  mailbox Trash {
+    special_use = \Trash
+    auto = subscribe
+  }
+  mailbox Archive {
+    special_use = \Archive
+    auto = subscribe
+  }
+
+  # dovevot's standard mailboxes configuration file marks two sent folders
+  # with the \Sent attribute, just in case clients don't agree about which
+  # they're using. We'll keep that, plus add Junk as an alterative for Spam.
+  # These are not auto-created.
+  mailbox "Sent Messages" {
+    special_use = \Sent
+  }
+  mailbox Junk {
+    special_use = \Junk
+  }
+}
diff --git a/management/cli.py b/management/cli.py
index 70dbe894..1c3fa4bd 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -60,11 +60,13 @@ def setup_key_auth(mgmt_uri):
 
 if len(sys.argv) < 2:
 	print("""Usage:
+  {cli} system default-quota [new default]       (set default quota for system)
   {cli} user                                     (lists users)
   {cli} user add user@domain.com [password]
   {cli} user password user@domain.com [password]
   {cli} user remove user@domain.com
   {cli} user make-admin user@domain.com
+  {cli} user quota user@domain [new-quota]
   {cli} user remove-admin user@domain.com
   {cli} user admins                              (lists admins)
   {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -88,6 +90,10 @@ elif sys.argv[1] == "user" and len(sys.argv) == 2:
 			print(user['email'], end='')
 			if "admin" in user['privileges']:
 				print("*", end='')
+			if user['quota'] == '0':
+				print(" unlimited", end='')
+			else:
+				print(" " + user['quota'], end='')
 			print()
 
 elif sys.argv[1] == "user" and sys.argv[2] in {"add", "password"}:
@@ -117,6 +123,14 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 			if "admin" in user['privileges']:
 				print(user['email'])
 
+elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
+	# Set a user's quota
+	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
+
+elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
+	# Set a user's quota
+	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] })
+
 elif sys.argv[1] == "user" and len(sys.argv) == 5 and sys.argv[2:4] == ["mfa", "show"]:
 	# Show MFA status for a user.
 	status = mgmt("/mfa/status", { "user": sys.argv[4] }, is_json=True)
@@ -138,6 +152,12 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "add" and len(sys.argv) == 5:
 elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 	print(mgmt("/mail/aliases/remove", { "address": sys.argv[3] }))
 
+elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 3:
+	print(mgmt("/system/default-quota?text=1"))
+
+elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 4:
+	print(mgmt("/system/default-quota", { "default_quota": sys.argv[3]}))
+
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
diff --git a/management/daemon.py b/management/daemon.py
index 3aa6eed2..e850e6c6 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -21,6 +21,7 @@ import auth, utils
 from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
 from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege
 from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains, add_mail_alias, remove_mail_alias
+from mailconfig import get_mail_quota, set_mail_quota, get_default_quota, validate_quota
 from mfa import get_public_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa
 import contextlib
 
@@ -191,8 +192,31 @@ def mail_users():
 @app.route('/mail/users/add', methods=['POST'])
 @authorized_personnel_only
 def mail_users_add():
+	quota = request.form.get('quota', get_default_quota(env))
 	try:
-		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), env)
+		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), quota, env)
+	except ValueError as e:
+		return (str(e), 400)
+
+@app.route('/mail/users/quota', methods=['GET'])
+@authorized_personnel_only
+def get_mail_users_quota():
+	email = request.values.get('email', '')
+	quota = get_mail_quota(email, env)
+
+	if request.values.get('text'):
+		return quota
+
+	return json_response({
+		"email": email,
+		"quota": quota
+	})
+
+@app.route('/mail/users/quota', methods=['POST'])
+@authorized_personnel_only
+def mail_users_quota():
+	try:
+		return set_mail_quota(request.form.get('email', ''), request.form.get('quota'), env)
 	except ValueError as e:
 		return (str(e), 400)
 
@@ -651,6 +675,29 @@ def privacy_status_set():
 	utils.write_settings(config, env)
 	return "OK"
 
+@app.route('/system/default-quota', methods=["GET"])
+@authorized_personnel_only
+def default_quota_get():
+	if request.values.get('text'):
+		return get_default_quota(env)
+	else:
+		return json_response({
+			"default-quota": get_default_quota(env),
+		})
+
+@app.route('/system/default-quota', methods=["POST"])
+@authorized_personnel_only
+def default_quota_set():
+	config = utils.load_settings(env)
+	try:
+		config["default-quota"] = validate_quota(request.values.get('default_quota'))
+		utils.write_settings(config, env)
+
+	except ValueError as e:
+		return ("ERROR: %s" % str(e), 400)
+
+	return "OK"
+
 # MUNIN
 
 @app.route('/munin/')
diff --git a/management/mailconfig.py b/management/mailconfig.py
index 39ca1b6e..f9c8f237 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -102,6 +102,18 @@ def get_mail_users(env):
 	users = [ row[0] for row in c.fetchall() ]
 	return utils.sort_email_addresses(users, env)
 
+def sizeof_fmt(num):
+	for unit in ['','K','M','G','T']:
+		if abs(num) < 1024.0:
+			if abs(num) > 99:
+				return "%3.0f%s" % (num, unit)
+			else:
+				return "%2.1f%s" % (num, unit)
+
+		num /= 1024.0
+
+	return str(num)
+
 def get_mail_users_ex(env, with_archived=False):
 	# Returns a complex data structure of all user accounts, optionally
 	# including archived (status="inactive") accounts.
@@ -125,13 +137,46 @@ def get_mail_users_ex(env, with_archived=False):
 	users = []
 	active_accounts = set()
 	c = open_database(env)
-	c.execute('SELECT email, privileges FROM users')
-	for email, privileges in c.fetchall():
+	c.execute('SELECT email, privileges, quota FROM users')
+	for email, privileges, quota in c.fetchall():
 		active_accounts.add(email)
 
+		(user, domain) = email.split('@')
+		box_size = 0
+		box_count = 0
+		box_quota = 0
+		percent = ''
+		try:
+			dirsize_file = os.path.join(env['STORAGE_ROOT'], 'mail/mailboxes/%s/%s/maildirsize' % (domain, user))
+			with open(dirsize_file, 'r') as f:
+				box_quota = int(f.readline().split('S')[0])
+				for line in f.readlines():
+					(size, count) = line.split(' ')
+					box_size += int(size)
+					box_count += int(count)
+
+			try:
+				percent = (box_size / box_quota) * 100
+			except:
+				percent = 'Error'
+
+		except:
+			box_size = '?'
+			box_count = '?'
+			box_quota = '?'
+			percent = '?'
+
+		if quota == '0':
+			percent = ''
+
 		user = {
 			"email": email,
 			"privileges": parse_privs(privileges),
+            "quota": quota,
+			"box_quota": box_quota,
+			"box_size": sizeof_fmt(box_size) if box_size != '?' else box_size,
+			"percent": '%3.0f%%' % percent if type(percent) != str else percent,
+			"box_count": box_count,
 			"status": "active",
 		}
 		users.append(user)
@@ -150,6 +195,10 @@ def get_mail_users_ex(env, with_archived=False):
 						"privileges": [],
 						"status": "inactive",
 						"mailbox": mbox,
+                        "box_count": '?',
+                        "box_size": '?',
+                        "box_quota": '?',
+                        "percent": '?',
 					}
 					users.append(user)
 
@@ -266,7 +315,7 @@ def get_mail_domains(env, filter_aliases=lambda alias : True, users_only=False):
 		domains.extend([get_domain(address, as_unicode=False) for address, _, _, auto in get_mail_aliases(env) if filter_aliases(address) and not auto ])
 	return set(domains)
 
-def add_mail_user(email, pw, privs, env):
+def add_mail_user(email, pw, privs, quota, env):
 	# validate email
 	if email.strip() == "":
 		return ("No email address provided.", 400)
@@ -292,6 +341,14 @@ def add_mail_user(email, pw, privs, env):
 			validation = validate_privilege(p)
 			if validation: return validation
 
+	if quota is None:
+		quota = get_default_quota()
+
+	try:
+		quota = validate_quota(quota)
+	except ValueError as e:
+		return (str(e), 400)
+
 	# get the database
 	conn, c = open_database(env, with_connection=True)
 
@@ -300,14 +357,16 @@ def add_mail_user(email, pw, privs, env):
 
 	# add the user to the database
 	try:
-		c.execute("INSERT INTO users (email, password, privileges) VALUES (?, ?, ?)",
-			(email, pw, "\n".join(privs)))
+		c.execute("INSERT INTO users (email, password, privileges, quota) VALUES (?, ?, ?, ?)",
+			(email, pw, "\n".join(privs), quota))
 	except sqlite3.IntegrityError:
 		return ("User already exists.", 400)
 
 	# write databasebefore next step
 	conn.commit()
 
+	dovecot_quota_recalc(email)
+
 	# Update things in case any new domains are added.
 	return kick(env, "mail user added")
 
@@ -332,6 +391,59 @@ def hash_password(pw):
 	# http://wiki2.dovecot.org/Authentication/PasswordSchemes
 	return utils.shell('check_output', ["/usr/bin/doveadm", "pw", "-s", "SHA512-CRYPT", "-p", pw]).strip()
 
+
+def get_mail_quota(email, env):
+	conn, c = open_database(env, with_connection=True)
+	c.execute("SELECT quota FROM users WHERE email=?", (email,))
+	rows = c.fetchall()
+	if len(rows) != 1:
+		return ("That's not a user (%s)." % email, 400)
+
+	return rows[0][0]
+
+
+def set_mail_quota(email, quota, env):
+	# validate that password is acceptable
+	quota = validate_quota(quota)
+
+	# update the database
+	conn, c = open_database(env, with_connection=True)
+	c.execute("UPDATE users SET quota=? WHERE email=?", (quota, email))
+	if c.rowcount != 1:
+		return ("That's not a user (%s)." % email, 400)
+	conn.commit()
+
+	dovecot_quota_recalc(email)
+
+	return "OK"
+
+def dovecot_quota_recalc(email):
+	# dovecot processes running for the user will not recognize the new quota setting
+	# a reload is necessary to reread the quota setting, but it will also shut down
+	# running dovecot processes.  Email clients generally log back in when they lose
+	# a connection.
+	# subprocess.call(['doveadm', 'reload'])
+
+	# force dovecot to recalculate the quota info for the user.
+	subprocess.call(["doveadm", "quota", "recalc", "-u", email])
+
+def get_default_quota(env):
+	config = utils.load_settings(env)
+	return config.get("default-quota", '0')
+
+def validate_quota(quota):
+	# validate quota
+	quota = quota.strip().upper()
+
+	if quota == "":
+		raise ValueError("No quota provided.")
+	if re.search(r"[\s,.]", quota):
+		raise ValueError("Quotas cannot contain spaces, commas, or decimal points.")
+	if not re.match(r'^[\d]+[GM]?$', quota):
+		raise ValueError("Invalid quota.")
+
+	return quota
+
 def get_mail_password(email, env):
 	# Gets the hashed password for a user. Passwords are stored in Dovecot's
 	# password format, with a prefixed scheme.
diff --git a/management/status_checks.py b/management/status_checks.py
index 51f8e631..0ba9c3c5 100755
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -282,7 +282,7 @@ def run_network_checks(env, output):
 	# The user might have ended up on an IP address that was previously in use
 	# by a spammer, or the user may be deploying on a residential network. We
 	# will not be able to reliably send mail in these cases.
-	
+
 	# See https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now. for
 	# information on spamhaus return codes
 	rev_ip4 = ".".join(reversed(env['PUBLIC_IP'].split('.')))
@@ -721,7 +721,7 @@ def check_mail_domain(domain, env, output):
 	# Stop if the domain is listed in the Spamhaus Domain Block List.
 	# The user might have chosen a domain that was previously in use by a spammer
 	# and will not be able to reliably send mail.
-	
+
 	# See https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now. for
 	# information on spamhaus return codes
 	dbl = query_dns(domain+'.dbl.spamhaus.org', "A", nxdomain=None)
diff --git a/management/templates/users.html b/management/templates/users.html
index 4924c7c8..da04fcc9 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -6,6 +6,7 @@
 #user_table .account_inactive .if_active { display: none; }
 #user_table .account_active .if_inactive { display: none; }
 #user_table .account_active.if_inactive { display: none; }
+.row-center { text-align: center; }
 </style>
 
 <h3>Add a mail user</h3>
@@ -27,6 +28,10 @@
       <option value="admin">Administrator</option>
     </select>
   </div>
+  <div class="form-group">
+      <label class="sr-only" for="adduserQuota">Quota</label>
+      <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;">
+  </div>
   <button type="submit" class="btn btn-primary">Add User</button>
 </form>
 <ul style="margin-top: 1em; padding-left: 1.5em; font-size: 90%;">
@@ -34,13 +39,18 @@
   <li>Use <a href="#aliases">aliases</a> to create email addresses that forward to existing accounts.</li>
   <li>Administrators get access to this control panel.</li>
   <li>User accounts cannot contain any international (non-ASCII) characters, but <a href="#aliases">aliases</a> can.</li>
+  <li>Quotas may not contain any spaces, commas or decimal points. Suffixes of G (gigabytes) and M (megabytes) are allowed.  For unlimited storage enter 0 (zero)</li>
 </ul>
 
 <h3>Existing mail users</h3>
 <table id="user_table" class="table" style="width: auto">
   <thead>
     <tr>
-      <th width="50%">Email Address</th>
+      <th width="35%">Email Address</th>
+      <th class="row-center">Messages</th>
+      <th class="row-center">Size</th>
+      <th class="row-center">Used</th>
+      <th class="row-center">Quota</th>
       <th>Actions</th>
     </tr>
   </thead>
@@ -53,10 +63,22 @@
   <tr id="user-template">
     <td class='address'>
     </td>
+    <td class="box-count row-center"></td>
+    <td class="box-size row-center"></td>
+    <td class="percent row-center"></td>
+	<td class="quota row-center">
+	</td>
     <td class='actions'>
         <span class='privs'>
         </span>
 
+        <span class="if_active">
+          <a href="#" onclick="users_set_quota(this); return false;" class='setquota' title="Set Quota">
+              set quota
+          </a>
+          |
+        </span>
+
         <span class="if_active">
           <a href="#" onclick="users_set_password(this); return false;" class='setpw' title="Set Password">
             set password
@@ -97,10 +119,28 @@
 <table class="table" style="margin-top: .5em">
 <thead><th>Verb</th> <th>Action</th><th></th></thead>
 <tr><td>GET</td><td><i>(none)</i></td> <td>Returns a list of existing mail users. Adding <code>?format=json</code> to the URL will give JSON-encoded results.</td></tr>
-<tr><td>POST</td><td>/add</td> <td>Adds a new mail user. Required POST-body parameters are <code>email</code> and <code>password</code>.</td></tr>
-<tr><td>POST</td><td>/remove</td> <td>Removes a mail user. Required POST-body parameter is <code>email</code>.</td></tr>
+<tr>
+    <td>POST</td>
+    <td>/add</td>
+    <td>Adds a new mail user. Required POST-body parameters are <code>email</code> and <code>password</code>. Optional parameters: <code>privilege=admin</code> and <code>quota</code></td>
+</tr>
+<tr>
+    <td>POST</td>
+    <td>/remove</td>
+    <td>Removes a mail user. Required POST-by parameter is <code>email</code>.</td>
+</tr>
 <tr><td>POST</td><td>/privileges/add</td> <td>Used to make a mail user an admin. Required POST-body parameters are <code>email</code> and <code>privilege=admin</code>.</td></tr>
 <tr><td>POST</td><td>/privileges/remove</td> <td>Used to remove the admin privilege from a mail user. Required POST-body parameter is <code>email</code>.</td></tr>
+<tr>
+    <td>GET</td>
+    <td>/quota</td>
+    <td>Get the quota for a mail user. Required POST-body parameters are <code>email</code> and will return JSON result</td>
+</tr>
+<tr>
+    <td>POST</td>
+    <td>/quota</td>
+    <td>Set the quota for a mail user. Required POST-body parameters are <code>email</code> and <code>quota</code>.</td>
+</tr>
 </table>
 
 <h4>Examples:</h4>
@@ -125,6 +165,15 @@ curl -X POST -d "email=new_user@mydomail.com" https://{{hostname}}/admin/mail/us
 
 <script>
 function show_users() {
+  api(
+    "/system/default-quota",
+    "GET",
+    {},
+    function(r) {
+      $('#adduserQuota').val(r['default-quota']);
+    }
+  );
+
   $('#user_table tbody').html("<tr><td colspan='2' class='text-muted'>Loading...</td></tr>")
   api(
     "/mail/users",
@@ -133,7 +182,7 @@ function show_users() {
     function(r) {
       $('#user_table tbody').html("");
       for (var i = 0; i < r.length; i++) {
-        var hdr = $("<tr><th colspan='2' style='background-color: #EEE'></th></tr>");
+        var hdr = $("<tr><th colspan='6' style='background-color: #EEE'></th></tr>");
         hdr.find('th').text(r[i].domain);
         $('#user_table tbody').append(hdr);
 
@@ -151,7 +200,18 @@ function show_users() {
           n2.addClass("account_" + user.status);
 
           n.attr('data-email', user.email);
-          n.find('.address').text(user.email)
+          n.attr('data-quota', user.quota);
+          n.find('.address').text(user.email);
+          n.find('.box-count').text((user.box_count).toLocaleString('en'));
+          if (user.box_count == '?') {
+            n.find('.box-count').attr('title', 'Message count is unkown')
+          }
+          n.find('.box-size').text(user.box_size);
+          if (user.box_size == '?') {
+            n.find('.box-size').attr('title', 'Mailbox size is unkown')
+          }
+          n.find('.percent').text(user.percent);
+          n.find('.quota').text((user.quota == '0') ? 'unlimited' : user.quota);
           n2.find('.restore_info tt').text(user.mailbox);
 
           if (user.status == 'inactive') continue;
@@ -180,13 +240,15 @@ function do_add_user() {
   var email = $("#adduserEmail").val();
   var pw = $("#adduserPassword").val();
   var privs = $("#adduserPrivs").val();
+  var quota = $("#adduserQuota").val();
   api(
     "/mail/users/add",
     "POST",
     {
       email: email,
       password: pw,
-      privileges: privs
+      privileges: privs,
+      quota: quota
     },
     function(r) {
       // Responses are multiple lines of pre-formatted text.
@@ -228,6 +290,36 @@ function users_set_password(elem) {
     });
 }
 
+function users_set_quota(elem) {
+    var email = $(elem).parents('tr').attr('data-email');
+    var quota = $(elem).parents('tr').attr('data-quota');
+
+    show_modal_confirm(
+        "Set Quota",
+        $("<p>Set quota for <b>" + email + "</b>?</p>" +
+            "<p>" +
+            "<label for='users_set_quota' style='display: block; font-weight: normal'>Quota:</label>" +
+            "<input type='text' id='users_set_quota' value='" + quota + "'></p>" +
+            "<p><small>Quotas may not contain any spaces or commas.  Suffixes of G (gigabytes) and M (megabytes) are allowed.</small></p>" +
+            "<p><small>For unlimited storage enter 0 (zero)</small></p>"),
+        "Set Quota",
+        function() {
+            api(
+                "/mail/users/quota",
+                "POST",
+                {
+                    email: email,
+                    quota: $('#users_set_quota').val()
+                },
+                function(r) {
+                    show_users();
+                },
+                function(r) {
+                    show_modal_error("Set Quota", r);
+                });
+        });
+}
+
 function users_remove(elem) {
   var email = $(elem).parents('tr').attr('data-email');
 
@@ -293,7 +385,7 @@ function generate_random_password() {
   var charset = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789"; // confusable characters skipped
   for (var i = 0; i < 12; i++)
     pw += charset.charAt(Math.floor(Math.random() * charset.length));
-  show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></pr");
+  show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></p>");
   return false; // cancel click
 }
 </script>
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index de373aff..be47b18c 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -51,9 +51,9 @@ if [[ $EUID -ne 0 ]]; then
 fi
 
 # Clone the Mail-in-a-Box repository if it doesn't exist.
-if [ ! -d $HOME/mailinabox ]; then
+if [ ! -d "$HOME/mailinabox" ]; then
 	if [ ! -f /usr/bin/git ]; then
-		echo Installing git . . .
+		echo "Installing git . . ."
 		apt-get -q -q update
 		DEBIAN_FRONTEND=noninteractive apt-get -q -q install -y git < /dev/null
 		echo
@@ -63,25 +63,25 @@ if [ ! -d $HOME/mailinabox ]; then
 		SOURCE=https://github.com/mail-in-a-box/mailinabox
 	fi
 
-	echo Downloading Mail-in-a-Box $TAG. . .
+	echo "Downloading Mail-in-a-Box $TAG. . ."
 	git clone \
-		-b $TAG --depth 1 \
-		$SOURCE \
-		$HOME/mailinabox \
+		-b "$TAG" --depth 1 \
+		"$SOURCE" \
+		"$HOME/mailinabox" \
 		< /dev/null 2> /dev/null
 
 	echo
 fi
 
 # Change directory to it.
-cd $HOME/mailinabox
+cd "$HOME/mailinabox" || exit
 
 # Update it.
-if [ "$TAG" != $(git describe --always) ]; then
-	echo Updating Mail-in-a-Box to $TAG . . .
-	git fetch --depth 1 --force --prune origin tag $TAG
-	if ! git checkout -q $TAG; then
-		echo "Update failed. Did you modify something in $(pwd)?"
+if [ "$TAG" != "$(git describe --always)" ]; then
+	echo "Updating Mail-in-a-Box to $TAG . . ."
+	git fetch --depth 1 --force --prune origin tag "$TAG"
+	if ! git checkout -q "$TAG"; then
+		echo "Update failed. Did you modify something in $PWD?"
 		exit 1
 	fi
 	echo
@@ -89,4 +89,3 @@ fi
 
 # Start setup script.
 setup/start.sh
-
diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 8d45a50b..1a9fb1fc 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -45,8 +45,8 @@ apt_install \
 # - https://www.dovecot.org/list/dovecot/2012-August/137569.html
 # - https://www.dovecot.org/list/dovecot/2011-December/132455.html
 tools/editconf.py /etc/dovecot/conf.d/10-master.conf \
-	default_process_limit=$(echo "$(nproc) * 250" | bc) \
-	default_vsz_limit=$(echo "$(free -tm  | tail -1 | awk '{print $2}') / 3" | bc)M \
+	default_process_limit="$(($(nproc) * 250))" \
+	default_vsz_limit="$(($(free -tm  | tail -1 | awk '{print $2}') / 3))M" \
 	log_path=/var/log/mail.log
 
 # The inotify `max_user_instances` default is 128, which constrains
@@ -61,12 +61,38 @@ tools/editconf.py /etc/sysctl.conf \
 # username part of the user's email address. We'll ensure that no bad domains or email addresses
 # are created within the management daemon.
 tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
-	mail_location=maildir:$STORAGE_ROOT/mail/mailboxes/%d/%n \
+	mail_location="maildir:$STORAGE_ROOT/mail/mailboxes/%d/%n" \
 	mail_privileged_group=mail \
 	first_valid_uid=0
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
-cp conf/dovecot-mailboxes.conf /etc/dovecot/conf.d/15-mailboxes.conf
+cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
+sed -i "s/#mail_plugins = .*/mail_plugins = \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
+if ! grep -q "mail_plugins = \$mail_plugins imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
+    sed -i "s/mail_plugins = .*/mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf
+fi
+
+# configure stuff for quota support
+if ! grep -q "quota_status_success = DUNNO" /etc/dovecot/conf.d/90-quota.conf; then
+    cat > /etc/dovecot/conf.d/90-quota.conf << EOF;
+plugin {
+  quota = maildir
+
+  quota_grace = 10%
+
+  quota_status_success = DUNNO
+  quota_status_nouser = DUNNO
+  quota_status_overquota = "522 5.2.2 Mailbox is full"
+}
+
+service quota-status {
+    executable = quota-status -p postfix
+    inet_listener {
+        port = 12340
+    }
+}
+EOF
+fi
 
 # ### IMAP/POP
 
@@ -152,7 +178,7 @@ EOF
 # Setting a `postmaster_address` is required or LMTP won't start. An alias
 # will be created automatically by our management daemon.
 tools/editconf.py /etc/dovecot/conf.d/15-lda.conf \
-	postmaster_address=postmaster@$PRIMARY_HOSTNAME
+	"postmaster_address=postmaster@$PRIMARY_HOSTNAME"
 
 # ### Sieve
 
@@ -201,14 +227,14 @@ chown -R mail:dovecot /etc/dovecot
 chmod -R o-rwx /etc/dovecot
 
 # Ensure mailbox files have a directory that exists and are owned by the mail user.
-mkdir -p $STORAGE_ROOT/mail/mailboxes
-chown -R mail:mail $STORAGE_ROOT/mail/mailboxes
+mkdir -p "$STORAGE_ROOT/mail/mailboxes"
+chown -R mail:mail "$STORAGE_ROOT/mail/mailboxes"
 
 # Same for the sieve scripts.
-mkdir -p $STORAGE_ROOT/mail/sieve
-mkdir -p $STORAGE_ROOT/mail/sieve/global_before
-mkdir -p $STORAGE_ROOT/mail/sieve/global_after
-chown -R mail:mail $STORAGE_ROOT/mail/sieve
+mkdir -p "$STORAGE_ROOT/mail/sieve"
+mkdir -p "$STORAGE_ROOT/mail/sieve/global_before"
+mkdir -p "$STORAGE_ROOT/mail/sieve/global_after"
+chown -R mail:mail "$STORAGE_ROOT/mail/sieve"
 
 # Allow the IMAP/POP ports in the firewall.
 ufw_allow imaps
diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index 24969513..6653f061 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -55,9 +55,9 @@ apt_install postfix postfix-sqlite postfix-pcre postgrey ca-certificates
 # * Set the SMTP banner (which must have the hostname first, then anything).
 tools/editconf.py /etc/postfix/main.cf \
 	inet_interfaces=all \
-	smtp_bind_address=$PRIVATE_IP \
-	smtp_bind_address6=$PRIVATE_IPV6 \
-	myhostname=$PRIMARY_HOSTNAME\
+	smtp_bind_address="$PRIVATE_IP" \
+	smtp_bind_address6="$PRIVATE_IPV6" \
+	myhostname="$PRIMARY_HOSTNAME"\
 	smtpd_banner="\$myhostname ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)" \
 	mydestination=localhost
 
@@ -138,9 +138,9 @@ sed -i "s/PUBLIC_IP/$PUBLIC_IP/" /etc/postfix/outgoing_mail_header_filters
 tools/editconf.py /etc/postfix/main.cf \
 	smtpd_tls_security_level=may\
 	smtpd_tls_auth_only=yes \
-	smtpd_tls_cert_file=$STORAGE_ROOT/ssl/ssl_certificate.pem \
-	smtpd_tls_key_file=$STORAGE_ROOT/ssl/ssl_private_key.pem \
-	smtpd_tls_dh1024_param_file=$STORAGE_ROOT/ssl/dh2048.pem \
+	smtpd_tls_cert_file="$STORAGE_ROOT/ssl/ssl_certificate.pem" \
+	smtpd_tls_key_file="$STORAGE_ROOT/ssl/ssl_private_key.pem" \
+	smtpd_tls_dh1024_param_file="$STORAGE_ROOT/ssl/dh2048.pem" \
 	smtpd_tls_protocols="!SSLv2,!SSLv3" \
 	smtpd_tls_ciphers=medium \
 	tls_medium_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA \
@@ -238,7 +238,7 @@ tools/editconf.py /etc/postfix/main.cf  -e lmtp_destination_recipient_limit=
 # "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
 tools/editconf.py /etc/postfix/main.cf \
 	smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99]" \
-	smtpd_recipient_restrictions="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],reject_unlisted_recipient,check_policy_service inet:127.0.0.1:10023"
+	smtpd_recipient_restrictions="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],reject_unlisted_recipient,check_policy_service inet:127.0.0.1:10023,check_policy_service inet:127.0.0.1:12340"
 
 # Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
 # Postgrey listens on the same interface (and not IPv6, for instance).
@@ -260,17 +260,17 @@ tools/editconf.py /etc/default/postgrey \
 
 
 # If the $STORAGE_ROOT/mail/postgrey is empty, copy the postgrey database over from the old location
-if [ ! -d $STORAGE_ROOT/mail/postgrey/db ]; then
+if [ ! -d "$STORAGE_ROOT/mail/postgrey/db" ]; then
 	# Stop the service
 	service postgrey stop
 	# Ensure the new paths for postgrey db exists
-	mkdir -p $STORAGE_ROOT/mail/postgrey/db
+	mkdir -p "$STORAGE_ROOT/mail/postgrey/db"
 	# Move over database files
-	mv /var/lib/postgrey/* $STORAGE_ROOT/mail/postgrey/db/ || true
+	mv /var/lib/postgrey/* "$STORAGE_ROOT/mail/postgrey/db/" || true
 fi
 # Ensure permissions are set
-chown -R postgrey:postgrey $STORAGE_ROOT/mail/postgrey/
-chmod 700 $STORAGE_ROOT/mail/postgrey/{,db}
+chown -R postgrey:postgrey "$STORAGE_ROOT/mail/postgrey/"
+chmod 700 "$STORAGE_ROOT/mail/postgrey/"{,db}
 
 # We are going to setup a newer whitelist for postgrey, the version included in the distribution is old
 cat > /etc/cron.daily/mailinabox-postgrey-whitelist << EOF;
diff --git a/setup/mail-users.sh b/setup/mail-users.sh
index b570f037..99dcea37 100755
--- a/setup/mail-users.sh
+++ b/setup/mail-users.sh
@@ -18,12 +18,14 @@ source /etc/mailinabox.conf # load global vars
 db_path=$STORAGE_ROOT/mail/users.sqlite
 
 # Create an empty database if it doesn't yet exist.
-if [ ! -f $db_path ]; then
-	echo Creating new user database: $db_path;
-	echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra, privileges TEXT NOT NULL DEFAULT '');" | sqlite3 $db_path;
-	echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 $db_path;
-	echo "CREATE TABLE mfa (id INTEGER PRIMARY KEY AUTOINCREMENT, user_id INTEGER NOT NULL, type TEXT NOT NULL, secret TEXT NOT NULL, mru_token TEXT, label TEXT, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE);" | sqlite3 $db_path;
-	echo "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 $db_path;
+if [ ! -f "$db_path" ]; then
+	echo "Creating new user database: $db_path";
+	echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra, privileges TEXT NOT NULL DEFAULT '', quota TEXT NOT NULL DEFAULT '0');" | sqlite3 $db_path;
+	echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 "$db_path";
+	echo "CREATE TABLE mfa (id INTEGER PRIMARY KEY AUTOINCREMENT, user_id INTEGER NOT NULL, type TEXT NOT NULL, secret TEXT NOT NULL, mru_token TEXT, label TEXT, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE);" | sqlite3 "$db_path";
+	echo "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 "$db_path";
+elif sqlite3 $db_path ".schema users" | grep --invert-match quota; then
+    echo "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';" | sqlite3 $db_path;
 fi
 
 # ### User Authentication
@@ -51,7 +53,7 @@ driver = sqlite
 connect = $db_path
 default_pass_scheme = SHA512-CRYPT
 password_query = SELECT email as user, password FROM users WHERE email='%u';
-user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home FROM users WHERE email='%u';
+user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home, '*:bytes=' || quota AS quota_rule FROM users WHERE email='%u';
 iterate_query = SELECT email AS user FROM users;
 EOF
 chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions
@@ -159,4 +161,5 @@ EOF
 restart_service postfix
 restart_service dovecot
 
-
+# force a recalculation of all user quotas
+doveadm quota recalc -A
diff --git a/setup/webmail.sh b/setup/webmail.sh
old mode 100755
new mode 100644
index 3cff1416..c6380bd5
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -22,8 +22,8 @@ source /etc/mailinabox.conf # load global vars
 echo "Installing Roundcube (webmail)..."
 apt_install \
 	dbconfig-common \
-	php${PHP_VER}-cli php${PHP_VER}-sqlite3 php${PHP_VER}-intl php${PHP_VER}-common php${PHP_VER}-curl php${PHP_VER}-imap \
-	php${PHP_VER}-gd php${PHP_VER}-pspell php${PHP_VER}-mbstring libjs-jquery libjs-jquery-mousewheel libmagic1 \
+	php"${PHP_VER}"-cli php"${PHP_VER}"-sqlite3 php"${PHP_VER}"-intl php"${PHP_VER}"-common php"${PHP_VER}"-curl php"${PHP_VER}"-imap \
+	php"${PHP_VER}"-gd php"${PHP_VER}"-pspell php"${PHP_VER}"-mbstring libjs-jquery libjs-jquery-mousewheel libmagic1 \
 	sqlite3
 
 # Install Roundcube from source if it is not already present or if it is out of date.
@@ -145,6 +145,7 @@ cat > $RCM_CONFIG <<EOF;
 \$config['session_path'] = '/mail/';
 /* prevent CSRF, requires php 7.3+ */
 \$config['session_samesite'] = 'Strict';
+\$config['quota_zero_as_unlimited'] = true;
 ?>
 EOF
 
@@ -170,8 +171,8 @@ cat > ${RCM_PLUGIN_DIR}/carddav/config.inc.php <<EOF;
 EOF
 
 # Create writable directories.
-mkdir -p /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
-chown -R www-data:www-data /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
+mkdir -p /var/log/roundcubemail /var/tmp/roundcubemail "$STORAGE_ROOT/mail/roundcube"
+chown -R www-data:www-data /var/log/roundcubemail /var/tmp/roundcubemail "$STORAGE_ROOT/mail/roundcube"
 
 # Ensure the log file monitored by fail2ban exists, or else fail2ban can't start.
 sudo -u www-data touch /var/log/roundcubemail/errors.log
@@ -194,10 +195,10 @@ usermod -a -G dovecot www-data
 
 # set permissions so that PHP can use users.sqlite
 # could use dovecot instead of www-data, but not sure it matters
-chown root:www-data $STORAGE_ROOT/mail
-chmod 775 $STORAGE_ROOT/mail
-chown root:www-data $STORAGE_ROOT/mail/users.sqlite
-chmod 664 $STORAGE_ROOT/mail/users.sqlite
+chown root:www-data "$STORAGE_ROOT/mail"
+chmod 775 "$STORAGE_ROOT/mail"
+chown root:www-data "$STORAGE_ROOT/mail/users.sqlite"
+chmod 664 "$STORAGE_ROOT/mail/users.sqlite"
 
 # Fix Carddav permissions:
 chown -f -R root:www-data ${RCM_PLUGIN_DIR}/carddav
@@ -205,9 +206,9 @@ chown -f -R root:www-data ${RCM_PLUGIN_DIR}/carddav
 chmod -R 774 ${RCM_PLUGIN_DIR}/carddav
 
 # Run Roundcube database migration script (database is created if it does not exist)
-php$PHP_VER ${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube
-chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
-chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
+php"$PHP_VER" ${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube
+chown www-data:www-data "$STORAGE_ROOT/mail/roundcube/roundcube.sqlite"
+chmod 664 "$STORAGE_ROOT/mail/roundcube/roundcube.sqlite"
 
 # Patch the Roundcube code to eliminate an issue that causes postfix to reject our sqlite
 # user database (see https://github.com/mail-in-a-box/mailinabox/issues/2185)
@@ -217,8 +218,8 @@ sed -i.miabold 's/^[^#]\+.\+PRAGMA journal_mode = WAL.\+$/#&/' \
 # Because Roundcube wants to set the PRAGMA we just deleted from the source, we apply it here
 # to the roundcube database (see https://github.com/roundcube/roundcubemail/issues/8035)
 # Database should exist, created by migration script
-hide_output sqlite3 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite 'PRAGMA journal_mode=WAL;'
+hide_output sqlite3 "$STORAGE_ROOT/mail/roundcube/roundcube.sqlite" 'PRAGMA journal_mode=WAL;'
 
 # Enable PHP modules.
-phpenmod -v $PHP_VER imap
-restart_service php$PHP_VER-fpm
+phpenmod -v "$PHP_VER" imap
+restart_service php"$PHP_VER"-fpm

From 39700387afbfff54ed927e688d04caa4a8a9e858 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 14:27:11 -0400
Subject: [PATCH 02/55] fixing subprocess import

---
 management/mailconfig.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index f9c8f237..1cd4ec40 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -10,6 +10,8 @@
 # address entered by the user.
 
 import os, sqlite3, re
+import subprocess
+
 import utils
 from email_validator import validate_email as validate_email_, EmailNotValidError
 import idna

From 173501e8b0ac0f3479f2a6712c0cf1872df33542 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 21:01:09 -0400
Subject: [PATCH 03/55] fixing imap sed script

---
 setup/mail-dovecot.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 1a9fb1fc..baab4b76 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -67,9 +67,9 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
 cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
-sed -i "s/#mail_plugins = .*/mail_plugins = \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
-if ! grep -q "mail_plugins = \$mail_plugins imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
-    sed -i "s/mail_plugins = .*/mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf
+sed -i "s/#mail_plugins =(.*)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
+if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
+    sed -i "s/mail_plugins =\(.*\)/mail_plugins =\1 imap_quota/" /etc/dovecot/conf.d/20-imap.conf
 fi
 
 # configure stuff for quota support

From 51c483117dac1b55dc253ff64d7319dff3babd25 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 21:15:05 -0400
Subject: [PATCH 04/55] fixing parens

---
 setup/mail-dovecot.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index baab4b76..0cfeafc4 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -67,7 +67,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
 cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
-sed -i "s/#mail_plugins =(.*)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
+sed -i "s/#mail_plugins =\(.*\)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
 if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
     sed -i "s/mail_plugins =\(.*\)/mail_plugins =\1 imap_quota/" /etc/dovecot/conf.d/20-imap.conf
 fi

From 0cd8e4db62b237c170f4688b7d07ef2f0cbd03a5 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 22:22:47 -0400
Subject: [PATCH 05/55] fixing imap sed script

---
 setup/mail-dovecot.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 0cfeafc4..99989d32 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -69,7 +69,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
 sed -i "s/#mail_plugins =\(.*\)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
 if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
-    sed -i "s/mail_plugins =\(.*\)/mail_plugins =\1 imap_quota/" /etc/dovecot/conf.d/20-imap.conf
+  sed -i "s/\(mail_plugins =.*\)/\1\n  mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf
 fi
 
 # configure stuff for quota support

From 8a1e803f48a1e824bf785337eb816a8e3bf6a503 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Mon, 8 Jul 2024 20:14:27 -0400
Subject: [PATCH 06/55] removing duplicate conf

---
 conf/dovecot/conf.d/15-mailboxes.conf | 63 ---------------------------
 setup/mail-dovecot.sh                 |  2 +-
 2 files changed, 1 insertion(+), 64 deletions(-)
 delete mode 100644 conf/dovecot/conf.d/15-mailboxes.conf

diff --git a/conf/dovecot/conf.d/15-mailboxes.conf b/conf/dovecot/conf.d/15-mailboxes.conf
deleted file mode 100644
index 58e2efed..00000000
--- a/conf/dovecot/conf.d/15-mailboxes.conf
+++ /dev/null
@@ -1,63 +0,0 @@
-## NOTE: This file is automatically generated by Mail-in-a-Box.
-##       Do not edit this file. It is continually updated by
-##       Mail-in-a-Box and your changes will be lost.
-##
-##       Mail-in-a-Box machines are not meant to be modified.
-##       If you modify any system configuration you are on
-##       your own --- please do not ask for help from us.
-
-namespace inbox {
-  # Automatically create & subscribe some folders.
-  # * Create and subscribe the INBOX folder.
-  # * Our sieve rule for spam expects that the Spam folder exists.
-  # * Z-Push must be configured with the same settings in conf/zpush/backend_imap.php (#580).
-
-  # MUA notes:
-  # * Roundcube will show an error if the user tries to delete a message before the Trash folder exists (#359).
-  # * K-9 mail will poll every 90 seconds if a Drafts folder does not exist.
-  # * Apple's OS X Mail app will create 'Sent Messages' if it doesn't see a folder with the \Sent flag (#571, #573) and won't be able to archive messages unless 'Archive' exists (#581).
-  # * Thunderbird's default in its UI is 'Archives' (plural) but it will configure new accounts to use whatever we say here (#581).
-
-  # auto:
-  # 'create' will automatically create this mailbox.
-  # 'subscribe' will both create and subscribe to the mailbox.
-
-  # special_use is a space separated list of IMAP SPECIAL-USE
-  # attributes as specified by RFC 6154:
-  # \All \Archive \Drafts \Flagged \Junk \Sent \Trash
-
-  mailbox INBOX {
-    auto = subscribe
-  }
-  mailbox Spam {
-    special_use = \Junk
-    auto = subscribe
-  }
-  mailbox Drafts {
-    special_use = \Drafts
-    auto = subscribe
-  }
-  mailbox Sent {
-    special_use = \Sent
-    auto = subscribe
-  }
-  mailbox Trash {
-    special_use = \Trash
-    auto = subscribe
-  }
-  mailbox Archive {
-    special_use = \Archive
-    auto = subscribe
-  }
-
-  # dovevot's standard mailboxes configuration file marks two sent folders
-  # with the \Sent attribute, just in case clients don't agree about which
-  # they're using. We'll keep that, plus add Junk as an alterative for Spam.
-  # These are not auto-created.
-  mailbox "Sent Messages" {
-    special_use = \Sent
-  }
-  mailbox Junk {
-    special_use = \Junk
-  }
-}
diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 99989d32..5e8eb93d 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -66,7 +66,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 	first_valid_uid=0
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
-cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
+cp conf/dovecot-mailboxes.conf /etc/dovecot/conf.d/15-mailboxes.conf
 sed -i "s/#mail_plugins =\(.*\)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
 if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
   sed -i "s/\(mail_plugins =.*\)/\1\n  mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf

From 1c66f69fd9f5f874de540523be54077863d9be43 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Mon, 8 Jul 2024 20:25:46 -0400
Subject: [PATCH 07/55] using migrations for alter table command

---
 setup/mail-users.sh | 2 --
 setup/migrate.py    | 7 +++++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/setup/mail-users.sh b/setup/mail-users.sh
index 99dcea37..58576585 100755
--- a/setup/mail-users.sh
+++ b/setup/mail-users.sh
@@ -24,8 +24,6 @@ if [ ! -f "$db_path" ]; then
 	echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 "$db_path";
 	echo "CREATE TABLE mfa (id INTEGER PRIMARY KEY AUTOINCREMENT, user_id INTEGER NOT NULL, type TEXT NOT NULL, secret TEXT NOT NULL, mru_token TEXT, label TEXT, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE);" | sqlite3 "$db_path";
 	echo "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 "$db_path";
-elif sqlite3 $db_path ".schema users" | grep --invert-match quota; then
-    echo "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';" | sqlite3 $db_path;
 fi
 
 # ### User Authentication
diff --git a/setup/migrate.py b/setup/migrate.py
index 066e0e03..9f0ddc97 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -190,6 +190,13 @@ def migration_14(env):
 	db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
 	shell("check_call", ["sqlite3", db, "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);"])
 
+def migration_15(env):
+	# Add a column to the users table to store their quota limit.  Default to '0' for unlimited.
+	db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
+	shell("check_call", ["sqlite3", db,
+						 "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';"])
+
+
 ###########################################################
 
 def get_current_migration():

From 4e9c564c5df527f2c287da8bc22c27d6fde4268d Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Mon, 8 Jul 2024 20:37:42 -0400
Subject: [PATCH 08/55] fixing cli commands

---
 management/cli.py | 11 +++++------
 setup/migrate.py  |  1 -
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index 1c3fa4bd..4f7a273c 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -9,13 +9,13 @@
 import sys, getpass, urllib.request, urllib.error, json, csv
 import contextlib
 
-def mgmt(cmd, data=None, is_json=False):
+def mgmt(cmd, data=None, is_json=False, method='GET'):
 	# The base URL for the management daemon. (Listens on IPv4 only.)
 	mgmt_uri = 'http://127.0.0.1:10222'
 
 	setup_key_auth(mgmt_uri)
 
-	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None)
+	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None, method=method)
 	try:
 		response = urllib.request.urlopen(req)
 	except urllib.error.HTTPError as e:
@@ -66,7 +66,7 @@ if len(sys.argv) < 2:
   {cli} user password user@domain.com [password]
   {cli} user remove user@domain.com
   {cli} user make-admin user@domain.com
-  {cli} user quota user@domain [new-quota]
+  {cli} user quota user@domain [new-quota]       (get or set user quota)
   {cli} user remove-admin user@domain.com
   {cli} user admins                              (lists admins)
   {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -124,12 +124,12 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 				print(user['email'])
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
-	# Set a user's quota
+	# Get a user's quota
 	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
 	# Set a user's quota
-	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] })
+	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] }, method='POST')
 
 elif sys.argv[1] == "user" and len(sys.argv) == 5 and sys.argv[2:4] == ["mfa", "show"]:
 	# Show MFA status for a user.
@@ -161,4 +161,3 @@ elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
-
diff --git a/setup/migrate.py b/setup/migrate.py
index 9f0ddc97..ec5fdf9c 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -276,4 +276,3 @@ if __name__ == "__main__":
 	elif sys.argv[-1] == "--migrate":
 		# Perform migrations.
 		run_migrations()
-

From 7c7b744605ed3a78c1c3f956601033bb547948d3 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Fri, 12 Jul 2024 13:54:49 -0400
Subject: [PATCH 09/55] removing the ability to configure the default quota --
 default quota is always unlimited.

---
 management/cli.py               |  7 -------
 management/daemon.py            | 27 ++-------------------------
 management/mailconfig.py        |  6 +-----
 management/templates/users.html | 11 +----------
 setup/migrate.py                |  3 +--
 5 files changed, 5 insertions(+), 49 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index 4f7a273c..b45e912f 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -60,7 +60,6 @@ def setup_key_auth(mgmt_uri):
 
 if len(sys.argv) < 2:
 	print("""Usage:
-  {cli} system default-quota [new default]       (set default quota for system)
   {cli} user                                     (lists users)
   {cli} user add user@domain.com [password]
   {cli} user password user@domain.com [password]
@@ -152,12 +151,6 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "add" and len(sys.argv) == 5:
 elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 	print(mgmt("/mail/aliases/remove", { "address": sys.argv[3] }))
 
-elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 3:
-	print(mgmt("/system/default-quota?text=1"))
-
-elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 4:
-	print(mgmt("/system/default-quota", { "default_quota": sys.argv[3]}))
-
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
diff --git a/management/daemon.py b/management/daemon.py
index e850e6c6..2ad8c480 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -21,7 +21,7 @@ import auth, utils
 from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
 from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege
 from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains, add_mail_alias, remove_mail_alias
-from mailconfig import get_mail_quota, set_mail_quota, get_default_quota, validate_quota
+from mailconfig import get_mail_quota, set_mail_quota
 from mfa import get_public_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa
 import contextlib
 
@@ -192,7 +192,7 @@ def mail_users():
 @app.route('/mail/users/add', methods=['POST'])
 @authorized_personnel_only
 def mail_users_add():
-	quota = request.form.get('quota', get_default_quota(env))
+	quota = request.form.get('quota', '0')
 	try:
 		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), quota, env)
 	except ValueError as e:
@@ -675,29 +675,6 @@ def privacy_status_set():
 	utils.write_settings(config, env)
 	return "OK"
 
-@app.route('/system/default-quota', methods=["GET"])
-@authorized_personnel_only
-def default_quota_get():
-	if request.values.get('text'):
-		return get_default_quota(env)
-	else:
-		return json_response({
-			"default-quota": get_default_quota(env),
-		})
-
-@app.route('/system/default-quota', methods=["POST"])
-@authorized_personnel_only
-def default_quota_set():
-	config = utils.load_settings(env)
-	try:
-		config["default-quota"] = validate_quota(request.values.get('default_quota'))
-		utils.write_settings(config, env)
-
-	except ValueError as e:
-		return ("ERROR: %s" % str(e), 400)
-
-	return "OK"
-
 # MUNIN
 
 @app.route('/munin/')
diff --git a/management/mailconfig.py b/management/mailconfig.py
index 1cd4ec40..d61bb8f1 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -344,7 +344,7 @@ def add_mail_user(email, pw, privs, quota, env):
 			if validation: return validation
 
 	if quota is None:
-		quota = get_default_quota()
+		quota = '0'
 
 	try:
 		quota = validate_quota(quota)
@@ -429,10 +429,6 @@ def dovecot_quota_recalc(email):
 	# force dovecot to recalculate the quota info for the user.
 	subprocess.call(["doveadm", "quota", "recalc", "-u", email])
 
-def get_default_quota(env):
-	config = utils.load_settings(env)
-	return config.get("default-quota", '0')
-
 def validate_quota(quota):
 	# validate quota
 	quota = quota.strip().upper()
diff --git a/management/templates/users.html b/management/templates/users.html
index da04fcc9..e46b8391 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -30,7 +30,7 @@
   </div>
   <div class="form-group">
       <label class="sr-only" for="adduserQuota">Quota</label>
-      <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;">
+      <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;" value="0">
   </div>
   <button type="submit" class="btn btn-primary">Add User</button>
 </form>
@@ -165,15 +165,6 @@ curl -X POST -d "email=new_user@mydomail.com" https://{{hostname}}/admin/mail/us
 
 <script>
 function show_users() {
-  api(
-    "/system/default-quota",
-    "GET",
-    {},
-    function(r) {
-      $('#adduserQuota').val(r['default-quota']);
-    }
-  );
-
   $('#user_table tbody').html("<tr><td colspan='2' class='text-muted'>Loading...</td></tr>")
   api(
     "/mail/users",
diff --git a/setup/migrate.py b/setup/migrate.py
index ec5fdf9c..84bc5ab0 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -193,8 +193,7 @@ def migration_14(env):
 def migration_15(env):
 	# Add a column to the users table to store their quota limit.  Default to '0' for unlimited.
 	db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
-	shell("check_call", ["sqlite3", db,
-						 "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';"])
+	shell("check_call", ["sqlite3", db, "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';"])
 
 
 ###########################################################

From c91db7bc4f801e00fa59b87d296e424e8b5d5e41 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Fri, 12 Jul 2024 14:01:12 -0400
Subject: [PATCH 10/55] removing box count / message count feature

---
 management/mailconfig.py        | 5 -----
 management/templates/users.html | 5 -----
 2 files changed, 10 deletions(-)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index d61bb8f1..098adf2f 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -145,7 +145,6 @@ def get_mail_users_ex(env, with_archived=False):
 
 		(user, domain) = email.split('@')
 		box_size = 0
-		box_count = 0
 		box_quota = 0
 		percent = ''
 		try:
@@ -155,7 +154,6 @@ def get_mail_users_ex(env, with_archived=False):
 				for line in f.readlines():
 					(size, count) = line.split(' ')
 					box_size += int(size)
-					box_count += int(count)
 
 			try:
 				percent = (box_size / box_quota) * 100
@@ -164,7 +162,6 @@ def get_mail_users_ex(env, with_archived=False):
 
 		except:
 			box_size = '?'
-			box_count = '?'
 			box_quota = '?'
 			percent = '?'
 
@@ -178,7 +175,6 @@ def get_mail_users_ex(env, with_archived=False):
 			"box_quota": box_quota,
 			"box_size": sizeof_fmt(box_size) if box_size != '?' else box_size,
 			"percent": '%3.0f%%' % percent if type(percent) != str else percent,
-			"box_count": box_count,
 			"status": "active",
 		}
 		users.append(user)
@@ -197,7 +193,6 @@ def get_mail_users_ex(env, with_archived=False):
 						"privileges": [],
 						"status": "inactive",
 						"mailbox": mbox,
-                        "box_count": '?',
                         "box_size": '?',
                         "box_quota": '?',
                         "percent": '?',
diff --git a/management/templates/users.html b/management/templates/users.html
index e46b8391..e45fac05 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -63,7 +63,6 @@
   <tr id="user-template">
     <td class='address'>
     </td>
-    <td class="box-count row-center"></td>
     <td class="box-size row-center"></td>
     <td class="percent row-center"></td>
 	<td class="quota row-center">
@@ -193,10 +192,6 @@ function show_users() {
           n.attr('data-email', user.email);
           n.attr('data-quota', user.quota);
           n.find('.address').text(user.email);
-          n.find('.box-count').text((user.box_count).toLocaleString('en'));
-          if (user.box_count == '?') {
-            n.find('.box-count').attr('title', 'Message count is unkown')
-          }
           n.find('.box-size').text(user.box_size);
           if (user.box_size == '?') {
             n.find('.box-size').attr('title', 'Mailbox size is unkown')

From 4cafe680a0dbee755a065e54874451158ad636a9 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Fri, 12 Jul 2024 14:01:12 -0400
Subject: [PATCH 11/55] removing box count / message count feature

---
 management/mailconfig.py        | 5 -----
 management/templates/users.html | 5 -----
 2 files changed, 10 deletions(-)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index d61bb8f1..098adf2f 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -145,7 +145,6 @@ def get_mail_users_ex(env, with_archived=False):
 
 		(user, domain) = email.split('@')
 		box_size = 0
-		box_count = 0
 		box_quota = 0
 		percent = ''
 		try:
@@ -155,7 +154,6 @@ def get_mail_users_ex(env, with_archived=False):
 				for line in f.readlines():
 					(size, count) = line.split(' ')
 					box_size += int(size)
-					box_count += int(count)
 
 			try:
 				percent = (box_size / box_quota) * 100
@@ -164,7 +162,6 @@ def get_mail_users_ex(env, with_archived=False):
 
 		except:
 			box_size = '?'
-			box_count = '?'
 			box_quota = '?'
 			percent = '?'
 
@@ -178,7 +175,6 @@ def get_mail_users_ex(env, with_archived=False):
 			"box_quota": box_quota,
 			"box_size": sizeof_fmt(box_size) if box_size != '?' else box_size,
 			"percent": '%3.0f%%' % percent if type(percent) != str else percent,
-			"box_count": box_count,
 			"status": "active",
 		}
 		users.append(user)
@@ -197,7 +193,6 @@ def get_mail_users_ex(env, with_archived=False):
 						"privileges": [],
 						"status": "inactive",
 						"mailbox": mbox,
-                        "box_count": '?',
                         "box_size": '?',
                         "box_quota": '?',
                         "percent": '?',
diff --git a/management/templates/users.html b/management/templates/users.html
index e46b8391..e45fac05 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -63,7 +63,6 @@
   <tr id="user-template">
     <td class='address'>
     </td>
-    <td class="box-count row-center"></td>
     <td class="box-size row-center"></td>
     <td class="percent row-center"></td>
 	<td class="quota row-center">
@@ -193,10 +192,6 @@ function show_users() {
           n.attr('data-email', user.email);
           n.attr('data-quota', user.quota);
           n.find('.address').text(user.email);
-          n.find('.box-count').text((user.box_count).toLocaleString('en'));
-          if (user.box_count == '?') {
-            n.find('.box-count').attr('title', 'Message count is unkown')
-          }
           n.find('.box-size').text(user.box_size);
           if (user.box_size == '?') {
             n.find('.box-size').attr('title', 'Mailbox size is unkown')

From 4b5f4b0b9e82de5d4fb265c2c974ef41fbb5d145 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Fri, 12 Jul 2024 15:28:47 -0400
Subject: [PATCH 12/55] fixed missing column heading

---
 management/templates/users.html | 1 -
 1 file changed, 1 deletion(-)

diff --git a/management/templates/users.html b/management/templates/users.html
index e45fac05..0b9aea99 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -47,7 +47,6 @@
   <thead>
     <tr>
       <th width="35%">Email Address</th>
-      <th class="row-center">Messages</th>
       <th class="row-center">Size</th>
       <th class="row-center">Used</th>
       <th class="row-center">Quota</th>

From 77c6a53f8182df400befcbd872e84bc3db34c3bd Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Sat, 7 Sep 2024 10:47:31 -0400
Subject: [PATCH 13/55] fix syntax errors

---
 management/mailconfig.py        | 4 ++--
 management/templates/users.html | 8 +++++---
 setup/mail-dovecot.sh           | 4 ++--
 setup/mail-users.sh             | 3 ++-
 4 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index 3404ae87..d9b7d7c3 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -328,7 +328,7 @@ def get_mail_users_ex(env, with_archived=False):
 		#email = rec['maildrop'][0]
 		email = rec['mail'][0]
 		privileges = rec['mailaccess']
-		quota = rec['mailboxQuota'][0] if len(rec['mailboxQuota']>0) else '0'
+		quota = rec['mailboxQuota'][0] if len(rec['mailboxQuota'])>0 else '0'
 		display_name = rec['cn'][0]
 		active_accounts.add(email)
 
@@ -384,7 +384,7 @@ def get_mail_users_ex(env, with_archived=False):
 						"privileges": [],
 						"status": "inactive",
 						"mailbox": mbox,
-						"display_name": ""
+						"display_name": "",
                         "box_size": '?',
                         "box_quota": '?',
                         "percent": '?',
diff --git a/management/templates/users.html b/management/templates/users.html
index 84c65e99..0a48bf0d 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -32,11 +32,13 @@
     </select>
   </div>
   <div class="form-group">
-    <label class="sr-only" for="adduserQuota">Quota</label>
-    <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;" value="0">
     <div>Display Name</div>
     <input id="adduserDisplayName" class="form-control" type="text" placeholder="eg: John Smith">
   </div>
+  <div class="form-group">
+    <div>Quota</div>
+    <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;" value="0">
+  </div>
   <div class="text-center">
     <div>&nbsp;</div>
     <button type="submit" class="btn btn-primary">Add User</button>
@@ -249,7 +251,7 @@ function do_add_user() {
       email: email,
       password: pw,
       privileges: privs,
-      quota: quota
+      quota: quota,
       display_name: display_name
     },
     function(r) {
diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index cd8b800d..64635968 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -85,9 +85,9 @@ fi
 if ! grep -q "quota_status_success = DUNNO" /etc/dovecot/conf.d/90-quota.conf; then
     cat > /etc/dovecot/conf.d/90-quota.conf << EOF;
 plugin {
-  quota = maildir
+  quota = maildir:User quota
 
-  quota_grace = 10%
+  quota_grace = 10%%
 
   quota_status_success = DUNNO
   quota_status_nouser = DUNNO
diff --git a/setup/mail-users.sh b/setup/mail-users.sh
index c6cf9b8c..b6e36acd 100755
--- a/setup/mail-users.sh
+++ b/setup/mail-users.sh
@@ -88,8 +88,9 @@ pass_attrs = maildrop=user
 #   Post-login information specific to the user (eg. quotas).  For
 #   lmtp delivery, pass_filter is not used, and postfix has already
 #   rewritten the envelope using the maildrop address.
+#   %$ is expanded to mailboxQuota's value.
 user_filter = (&(objectClass=mailUser)(|(mail=%u)(maildrop=%u)))
-user_attrs = maildrop=user mailboxQuota=quota_rule=*:bytes=%\$
+user_attrs = maildrop=user,mailboxQuota=quota_rule=*:bytes=%\$
 
 # Account iteration for various dovecot tools (doveadm)
 iterate_filter = (objectClass=mailUser)

From daca497679cac20658186579b0e5bfd28423bd8a Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Sat, 7 Sep 2024 10:48:05 -0400
Subject: [PATCH 14/55] remove method argument use, it breaks other commands

---
 management/cli.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/management/cli.py b/management/cli.py
index 28aa3912..f48b889c 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -24,7 +24,7 @@ def mgmt(cmd, data=None, is_json=False, method='GET'):
 
 	setup_key_auth(mgmt_uri)
 
-	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None, method=method)
+	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None) #, method=method)
 	try:
 		response = urllib.request.urlopen(req)
 	except urllib.error.HTTPError as e:

From f676307a9745aeb3756575748320dfd2ef39fa74 Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Sat, 7 Sep 2024 10:48:44 -0400
Subject: [PATCH 15/55] add additional dovecot quota-related attributes to
 mailUser

---
 conf/schema/postfix.schema | 57 +++++++++++++++++++++++++++++++++-----
 1 file changed, 50 insertions(+), 7 deletions(-)

diff --git a/conf/schema/postfix.schema b/conf/schema/postfix.schema
index 19679ce8..d04273f4 100644
--- a/conf/schema/postfix.schema
+++ b/conf/schema/postfix.schema
@@ -56,31 +56,74 @@ attributetype ( MiabLDAPmailAttributeType:1 NAME 'mailMember' DESC 'RFC6532 utf8
 # create a utf8 version of core 'domainComponent'
 attributetype ( MiabLDAPmailAttributeType:2 NAME 'dcIntl' DESC 'UTF8 domain component' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
-# create a mda/lda user mailbox quota (for dovecot)
-# format: number | number 'K' | number 'M' | number 'G'
+# Create mda/lda user mailbox quota settings (for dovecot)
+# format: number | number 'B' | number 'K' | number 'M' | number 'G'
+#
+# Dovecot supports more than one quota rule (but no way to use a
+# multi-valued attribute). Also add additional attributes for
+# more quota rules even though we're not necessarily
+# using them because we might in the future which could help avoid a
+# schema update. Dovecot supports "as many quota rules as you want"
+
 attributetype ( MiabLDAPmailAttributeType:3
 	DESC 'MDA/LDA user mailbox quota'
 	NAME 'mailboxQuota'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
 	EQUALITY caseExactMatch )
 
-# dovecot supports more than one quota rule (but no way to use a
-# multi-valued attribute). add a second attribute for a second quota
-# rule even though we're not using more than one anticipating that we
-# might in the future and avoid a schema update
 attributetype ( MiabLDAPmailAttributeType:4
 	DESC 'MDA/LDA user mailbox quota 2'
 	NAME 'mailboxQuota2'
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
 	EQUALITY caseExactMatch )
 
+attributetype ( MiabLDAPmailAttributeType:5
+	DESC 'MDA/LDA user mailbox quota 3'
+	NAME 'mailboxQuota3'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+	EQUALITY caseExactMatch )
+
+attributetype ( MiabLDAPmailAttributeType:6
+	DESC 'MDA/LDA user mailbox quota 4'
+	NAME 'mailboxQuota4'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+	EQUALITY caseExactMatch )
+
+attributetype ( MiabLDAPmailAttributeType:7
+	DESC 'MDA/LDA user mailbox quota 5'
+	NAME 'mailboxQuota5'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+	EQUALITY caseExactMatch )
+
+attributetype ( MiabLDAPmailAttributeType:8
+	DESC 'MDA/LDA user mailbox quota 6'
+	NAME 'mailboxQuota6'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+	EQUALITY caseExactMatch )
+
+# Dovecot can maintain a flag indicating whether a user is over or
+# under quota. It's use is not required, but enables postfix to reject
+# messages without queuing them when a mailbox is full. The value
+# should be dovecot boolean value 'yes', or 'no'.
+
+attributetype ( MiabLDAPmailAttributeType:9
+	DESC 'MDA/LDA over quota flag'
+	NAME 'mailboxOverQuotaFlag'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+	EQUALITY caseIgnoreMatch )
+
+
+#
+# object classes
+#
+
 objectclass ( 1.3.6.1.4.1.15347.2.1
 	NAME 'mailUser'
 	DESC 'E-Mail User'
 	SUP top
 	AUXILIARY
 	MUST ( uid $ mail $ maildrop )
-	MAY ( cn $ mailbox $ maildest $ mailaccess $ mailboxQuota )
+	MAY ( cn $ mailbox $ maildest $ mailaccess $ mailboxQuota $ mailboxQuota2 $ mailboxQuota3 $ mailboxQuota4 $ mailboxQuota5 $ mailboxQuota6 $ mailboxOverQuotaFlag )
 	)
 
 objectclass ( 1.3.6.1.4.1.15347.2.2

From 8aa76dc5dea99b7217a614e33831b601239d6500 Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Sat, 7 Sep 2024 10:49:24 -0400
Subject: [PATCH 16/55] don't include Drafts and Sent folders in quota

---
 setup/mail-users.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/setup/mail-users.sh b/setup/mail-users.sh
index b6e36acd..68090aab 100755
--- a/setup/mail-users.sh
+++ b/setup/mail-users.sh
@@ -90,7 +90,10 @@ pass_attrs = maildrop=user
 #   rewritten the envelope using the maildrop address.
 #   %$ is expanded to mailboxQuota's value.
 user_filter = (&(objectClass=mailUser)(|(mail=%u)(maildrop=%u)))
-user_attrs = maildrop=user,mailboxQuota=quota_rule=*:bytes=%\$
+user_attrs = maildrop=user, \
+             mailboxQuota=quota_rule=*:bytes=%\$, \
+             =quota_rule2=Drafts:ignore, \
+             =quota_rule3=Sent:ignore
 
 # Account iteration for various dovecot tools (doveadm)
 iterate_filter = (objectClass=mailUser)

From 2040d4b193daff2cc61a8c152636a32f7314ff28 Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Sat, 7 Sep 2024 10:49:46 -0400
Subject: [PATCH 17/55] add a quota test

---
 tests/suites/_mgmt-functions.sh  |  65 +++++++++----
 tests/suites/management-users.sh | 155 ++++++++++++++++++++++++++-----
 tests/test_mail.py               |  26 +++++-
 3 files changed, 204 insertions(+), 42 deletions(-)

diff --git a/tests/suites/_mgmt-functions.sh b/tests/suites/_mgmt-functions.sh
index 44e2471b..079e7b8d 100644
--- a/tests/suites/_mgmt-functions.sh
+++ b/tests/suites/_mgmt-functions.sh
@@ -34,11 +34,11 @@ mgmt_start() {
 	MGMT_ADMIN_PW="$(generate_password)"
 
 	delete_user "$MGMT_ADMIN_EMAIL"
-	
+
 	record "[Creating a new account with admin rights for management tests]"
 	create_user "$MGMT_ADMIN_EMAIL" "$MGMT_ADMIN_PW" "admin"
 	MGMT_ADMIN_DN="$ATTR_DN"
-	record "Created: $MGMT_ADMIN_EMAIL at $MGMT_ADMIN_DN"	
+	record "Created: $MGMT_ADMIN_EMAIL at $MGMT_ADMIN_DN"
 }
 
 mgmt_end() {
@@ -191,7 +191,7 @@ mgmt_assert_privileges_add() {
 mgmt_get_totp_token() {
 	local secret="$1"
 	local mru_token="$2"
-	
+
 	TOTP_TOKEN="" # this is set to the acquired token on success
 
 	# the user would normally give the secret to an authenticator app
@@ -202,7 +202,7 @@ mgmt_get_totp_token() {
 	record "[Get the current token for the secret '$secret']"
 
 	local count=0
-	
+
 	while [ -z "$TOTP_TOKEN" -a $count -lt 10 ]; do
 		TOTP_TOKEN="$(totp_current_token "$secret" 2>>"$TEST_OF")"
 		if [ $? -ne 0 ]; then
@@ -218,13 +218,13 @@ mgmt_get_totp_token() {
 			record "Success: token is '$TOTP_TOKEN'"
 			return 0
 		fi
-		
+
 		let count+=1
 	done
 
 	record "Failed: timeout !"
 	TOTP_TOKEN=""
-	return 1	
+	return 1
 }
 
 mgmt_mfa_status() {
@@ -246,7 +246,7 @@ mgmt_totp_enable() {
 	#   returns 1 if a REST error occured. $REST_ERROR has the message
 	#   returns 2 if some other error occured
 	#
-	
+
 	local user="$1"
 	local pw="$2"
 	local label="$3"  # optional
@@ -258,7 +258,7 @@ mgmt_totp_enable() {
 	if ! mgmt_mfa_status "$user" "$pw"; then
 		return 1
 	fi
-	
+
 	TOTP_SECRET="$(/usr/bin/jq -r ".new_mfa.totp.secret" <<<"$REST_OUTPUT")"
 	if [ $? -ne 0 ]; then
 		record "Unable to obtain setup totp secret - is 'jq' installed?"
@@ -271,11 +271,11 @@ mgmt_totp_enable() {
 	else
 		record "Found TOTP secret '$TOTP_SECRET'"
 	fi
-	
+
 	if ! mgmt_get_totp_token "$TOTP_SECRET"; then
 		return 2
 	fi
-	
+
 	# 2. enable TOTP
 	record "Enabling TOTP using the secret and token"
 	if ! mgmt_rest_as_user "POST" "/admin/mfa/totp/enable" "$user" "$pw" "secret=$TOTP_SECRET" "token=$TOTP_TOKEN" "label=$label"; then
@@ -284,7 +284,7 @@ mgmt_totp_enable() {
 	else
 		record "Success: POST /mfa/totp/enable: '$REST_OUTPUT'"
 	fi
-		
+
 	return 0
 }
 
@@ -318,7 +318,7 @@ mgmt_mfa_disable() {
 	local user="$1"
 	local pw="$2"
 	local mfa_id="$3"
-	
+
 	record "[Disable MFA for $user]"
 	if [ "$mfa_id" == "all" ]; then
 		mfa_id=""
@@ -327,7 +327,7 @@ mgmt_mfa_disable() {
 		if ! mgmt_mfa_status "$user" "$pw"; then
 			return 1
 		fi
-		
+
 		mfa_id="$(/usr/bin/jq -r ".enabled_mfa[0].id" <<<"$REST_OUTPUT")"
 		if [ $? -ne 0 ]; then
 			record "Unable to use /usr/bin/jq - is it installed?"
@@ -338,9 +338,9 @@ mgmt_mfa_disable() {
 			return 3
 		fi
 	fi
-	
 
-	
+
+
 	if ! mgmt_rest_as_user "POST" "/admin/mfa/disable" "$user" "$pw" "mfa-id=$mfa_id"
 	then
 		REST_ERROR="Failed: POST /admin/mfa/disable: $REST_ERROR"
@@ -387,7 +387,7 @@ mgmt_assert_admin_login() {
 		if [ $code -ne 0 ]; then
 			test_failure "Unable to run jq ($code) on /admin/login json"
 			return 1
-				
+
 		elif [ "$status" == "null" ]; then
 			test_failure "No 'status' in /admin/login json"
 			return 1
@@ -395,8 +395,39 @@ mgmt_assert_admin_login() {
 		elif [ "$status" != "$expected_status" ]; then
 			test_failure "Expected a login status of '$expected_status', but got '$status'"
 			return 1
-			
+
 		fi
 	fi
 	return 0
 }
+
+
+mgmt_get_user_quota() {
+    local user="$1"
+    record "[get user $user quota]"
+	mgmt_rest GET "/admin/mail/users/quota?email=$user"
+	local rc=$?
+    # REST_OUTPUT contains json, eg:
+    #   { "email": "alice@somedomain.com", "quota": "5000" }
+    if [ $rc -eq 0 ]; then
+        # output to stdout the quota value
+        QUOTA="$(/usr/bin/jq -r ".quota" <<<"$REST_OUTPUT" 2>>$TEST_OF)"
+        if [ $? -ne 0 ]; then
+            record "could not obtain quota member from json using jq"
+            rc=1
+        fi
+    else
+        QUOTA="error"
+    fi
+	return $rc
+
+}
+
+mgmt_set_user_quota() {
+    local user="$1"
+    local quota="$2"
+    record "[set user $user quota to $quota]"
+	mgmt_rest POST "/admin/mail/users/quota" "email=$user" "quota=$quota"
+	local rc=$?
+	return $rc
+}
diff --git a/tests/suites/management-users.sh b/tests/suites/management-users.sh
index 01344a28..0487c76b 100644
--- a/tests/suites/management-users.sh
+++ b/tests/suites/management-users.sh
@@ -8,7 +8,7 @@
 ##### details.
 #####
 
-#	
+#
 # User management tests
 
 _test_mixed_case() {
@@ -29,16 +29,16 @@ _test_mixed_case() {
 			test_failure "Creation of a user with the same email address, but different case, succeeded."
 			test_failure "${REST_ERROR}"
 		fi
-		
+
 		# create an alias group with alice in it
 		mgmt_assert_create_alias_group "${aliases[0]}" "${alices[1]}"
 	fi
 
 	# create local user bob
 	mgmt_assert_create_user "${bobs[0]}" "$bob_pw"
-	
+
 	assert_check_logs
-	
+
 
 	# send mail from bob to alice
 	#
@@ -60,7 +60,7 @@ _test_mixed_case() {
 		output="$($PYMAIL -subj "$subject" -no-send $PRIVATE_IP ${alices[3]} "$alice_pw" 2>&1)"
 		assert_python_success $? "$output"
 		assert_check_logs
-		
+
 		# send mail from alice as the alias to bob, ensure bob got it
 		#
 		record "[Mailing to bob as alias from alice]"
@@ -87,7 +87,7 @@ test_mixed_case_users() {
 	# send mail from that user as the alias to the other user
 
 	test_start "mixed-case-users"
-	
+
 	local alices=(alice@mgmt.somedomain.com
 				  aLICE@mgmt.somedomain.com
 				  aLiCe@mgmt.somedomain.com
@@ -102,7 +102,7 @@ test_mixed_case_users() {
 				   ALICE@mgmt.anotherdomain.com)
 
 	_test_mixed_case "${alices[*]}" "${bobs[*]}" "${aliases[*]}"
-	
+
 	test_end
 }
 
@@ -115,7 +115,7 @@ test_mixed_case_domains() {
 	# send mail from that user as the alias to the other user
 
 	test_start "mixed-case-domains"
-	
+
 	local alices=(alice@mgmt.somedomain.com
 				  alice@MGMT.somedomain.com
 				  alice@mgmt.SOMEDOMAIN.com
@@ -128,9 +128,9 @@ test_mixed_case_domains() {
 	local aliases=(alice@MGMT.anotherdomain.com
 				   alice@mgmt.ANOTHERDOMAIN.com
 				   alice@Mgmt.AnotherDomain.Com)
-	
+
 	_test_mixed_case "${alices[*]}" "${bobs[*]}" "${aliases[*]}"
-	
+
 	test_end
 }
 
@@ -178,7 +178,7 @@ test_intl_domains() {
 			[ ! -z "$ATTR_DN" ] && record_search "$ATTR_DN"
 		else
 			record_search "$ATTR_DN"
-			
+
 			# required aliases are automatically created and should
 			# have both mail addresses (idna and utf8)
 			get_attribute "$LDAP_ALIASES_BASE" "(mail=abuse@$intl_person_idna_domain)" "mail"
@@ -191,7 +191,7 @@ test_intl_domains() {
 				test_failure "Require alias abuse@$intl_person_idna_domain expected to contain both idna and utf8 mail addresses"
 				record_search "$ATTR_DN"
 			fi
-			
+
 			# ensure user is removed as is expected by the remaining tests
 			mgmt_delete_user "$intl_person_idna"
 		fi
@@ -204,7 +204,7 @@ test_intl_domains() {
 		test_failure "No required alias should not exist for the $intl_person_domain domain"
 		record_search "$ATTR_DN"
 	fi
-	
+
 	# create local users bob and mary
 	mgmt_assert_create_user "$bob" "$bob_pw"
 	mgmt_assert_create_user "$mary" "$mary_pw"
@@ -212,7 +212,7 @@ test_intl_domains() {
 	# create intl alias with local user bob and intl_person in it
 	if mgmt_assert_create_alias_group "$alias" "$bob" "$intl_person"; then
 		# examine LDAP server to verify IDNA-encodings
-		
+
 		# 1. the mail attribute for the alias should have both the
 		# idna and utf8 addresses
 		get_attribute "$LDAP_ALIASES_BASE" "(mail=$alias)" "mail"
@@ -238,7 +238,7 @@ test_intl_domains() {
 
 	# re-create intl alias with local user bob only
 	mgmt_assert_create_alias_group "$alias" "$bob"
-	
+
 	assert_check_logs
 
 	if ! have_test_failures; then
@@ -300,18 +300,18 @@ test_totp() {
 		record "Expect a login failure..."
 		mgmt_assert_admin_login "$alice" "$alice_pw" "missing-totp-token"
 	fi
-	
+
 
 	# logging into /admin/me with a password and a token should
 	# succeed, and an api_key generated
 	local api_key
-	if ! have_test_failures; then		
+	if ! have_test_failures; then
 		record "Try using a password and a token to get the user api key, we may have to wait 30 seconds to get a new token..."
 
 		local old_totp_token="$TOTP_TOKEN"
 		if ! mgmt_get_totp_token "$TOTP_SECRET" "$TOTP_TOKEN"; then
 			test_failure "Could not obtain a new TOTP token"
-			
+
 		else
 			# we have a new token, try logging in ...
 			# the token must be placed in the header "x-auth-token"
@@ -331,7 +331,7 @@ test_totp() {
 	fi
 
 	# we should be able to login using the user's api key
-	if ! have_test_failures; then		
+	if ! have_test_failures; then
 		record "[Use the session key to enum users]"
 		if ! mgmt_rest_as_user "GET" "/admin/mail/users?format=json" "$alice" "$api_key"; then
 			test_failure "Unable to use the session key to issue a rest call: $REST_ERROR"
@@ -342,7 +342,7 @@ test_totp() {
 
 	# disable totp on the account - login should work with just the password
 	# and the ldap entry should not have the 'totpUser' objectClass
-	if ! have_test_failures; then		
+	if ! have_test_failures; then
 		if mgmt_assert_mfa_disable "$alice" "$api_key"; then
 			mgmt_assert_admin_login "$alice" "$alice_pw" "ok"
 		fi
@@ -354,19 +354,130 @@ test_totp() {
 	else
 		check_logs
 	fi
-	
+
 	mgmt_assert_delete_user "$alice"
 	test_end
 }
 
 
 
+test_mailbox_quotas() {
+    test_start "mailbox-quotas"
+
+    # create standard user alice
+    local alice="alice@somedomain.com"
+    create_user "$alice" "alice"
+
+    # quota should be unlimited for newly added users
+    if ! mgmt_get_user_quota "$alice"; then
+        test_failure "Unable to get $alice's quota: $REST_ERROR"
+    elif [ "$QUOTA" != "0" -a "$QUOTA" != "unlimited" ]; then
+        test_failure "A newly created user should have unlimited quota"
+    fi
+
+    # get alice's current total number of messages. should be 0 unless
+    # the account was "archived"
+    local count_messages="$(doveadm -f json quota get -u "$alice" | jq -r '.[] | select(.type=="MESSAGE") | .value')"
+    record "$alice currently has $count_messages messages"
+
+    # set alice's quota to a small number
+    local quota_value="5K"
+    if ! mgmt_set_user_quota "$alice" "$quota_value"
+    then
+        test_failure "Unable to set $alice's quota: $REST_ERROR"
+    else
+        # read back the quota - make sure it's what we set
+        if ! mgmt_get_user_quota "$alice" || [ "$QUOTA" != "$quota_value" ]
+        then
+            test_failure "Setting quota failed - expected quota does not match current quota: $REST_OUTPUT $REST_ERROR QUOTA=$QUOTA"
+
+        else
+            record_search "(mail=$alice)"
+        fi
+    fi
+
+    if ! have_test_failures; then
+        # send messages large enough to exceed the quota
+        local output
+        local subjects=()
+        local msgidx=0
+        local body="$(python3 -c 'for i in range(0,int(512/4)): print("abc\n", end="")')"
+        local quota_exceeded="no"
+
+        while ! have_test_failures && [ $msgidx -lt 10 ]; do
+            record ""
+            record "[send msg $msgidx]"
+            local subj="msg$msgidx - $(generate_password)"
+            output="$($PYMAIL -smtp-debug -body-from-stdin -no-delete -subj "$subj" $PRIVATE_IP $alice alice <<<"$body" 2>&1)"
+		    if ! assert_python_success $? "$output"; then
+                break
+            fi
+
+            # You'd expect that the send would fail when the quota is
+            # exceeded, but it doesn't. Postfix accepts it into it's
+            # queue, then bounces the message back to sender with
+            # delivery status notification (DSN) of 5.2.2 when it
+            # processes the queue.
+            #
+            # The debugging messages (turned on by the -smtp-debug
+            # argument) hold the internal postfix message id, so
+            # extract that, then grep the logs to see if the message
+            # was bounced due to 5.2.2.
+
+            local postid="$(awk '/^data: .* queued as/  { match($0," as "); print substr($0,RSTART+4,10); exit }' <<<"$output" 2>>$TEST_OF)"
+            record "Extracted POSTID=$postid"
+            if [ ! -z "$postid" ]; then
+                /usr/sbin/postqueue -f >>"$TEST_OF" 2>&1
+                flush_logs
+                record "[dovecot and postfix logs for msg $msgidx]"
+                record "logs: $(grep "$postid" /var/log/mail.log)"
+
+                if grep "$postid" /var/log/mail.log | grep "status=bounced" | grep -Fq "5.2.2"; then
+                    # success - message was rejected
+                    quota_exceeded="yes"
+                    break
+                fi
+            fi
+
+            subjects+=( "$subj" )
+            let msgidx+=1
+            # doveadm quota get -u "$alice" >>"$TEST_OF" 2>&1
+        done
+
+        if ! have_test_failures && [ "$quota_exceeded" = "no" ]; then
+            test_failure "Quota restriction was not enforced by dovecot after sending $msgidx messages"
+        fi
+
+        # cleanup: delete the messages
+        msgidx=0
+        for subj in "${subjects[@]}"; do
+            record "[delete msg $msgidx]"
+            record "subj=$subj"
+            $PYMAIL -no-send -timeout 2 -subj "$subj" $PRIVATE_IP $alice alice >>$TEST_OF 2>&1
+            let msgidx+=1
+        done
+
+        # verify cleanup worked
+        local cur_count_messages="$(doveadm -f json quota get -u "$alice" | jq -r '.[] | select(.type=="MESSAGE") | .value')"
+        if [ $count_messages -ne $cur_count_messages ]; then
+            test_failure "Cleanup failed: test account $alice started with $count_messages but ended up with $cur_count_messages"
+        fi
+    fi
+
+    # cleanup: delete the test user
+    delete_user "$alice"
+    test_end
+}
+
+
+
+
 suite_start "management-users" mgmt_start
 
 test_totp
 test_mixed_case_domains
 test_mixed_case_users
 test_intl_domains
+test_mailbox_quotas
 
 suite_end mgmt_end
-
diff --git a/tests/test_mail.py b/tests/test_mail.py
index a7bd1e0e..68bae37c 100755
--- a/tests/test_mail.py
+++ b/tests/test_mail.py
@@ -28,6 +28,8 @@ def usage():
 	print("    -no-send: don't send, just delete")
 	print("    -no-delete: don't delete, just send")
 	print("    -timeout <seconds>: how long to wait for message")
+	print("    -body-from-stdin: read the message body from stdin")
+	print("    -smtp-debug: output debugging messages")
 	print("");
 	sys.exit(1)
 
@@ -48,6 +50,8 @@ delete_msg=True  # login to imap and delete message
 wait_timeout=30  # abandon timeout wiating for message delivery
 wait_cycle_sleep=5  # delay between delivery checks
 subject="Mail-in-a-Box Automated Test Message " + uuid.uuid4().hex  # message subject
+body_from_stdin=False
+smtp_debug=False
 
 # process command line
 argi=1
@@ -81,6 +85,12 @@ while argi<len(sys.argv):
 	elif arg=="-timeout" and arg_remaining>1:
 		wait_timeout=int(sys.argv[argi+1])
 		argi+=2
+	elif arg=="-body-from-stdin":
+		body_from_stdin = True
+		argi+=1
+	elif arg=="-smtp-debug":
+		smtp_debug = True
+		argi+=1
 	else:
 		usage()
 
@@ -100,14 +110,20 @@ headerfrom = if_unset(headerfrom, emailfrom)
 emailto = if_unset(emailto, login)
 emailto_pw = if_unset(emailto_pw, pw)
 
+if body_from_stdin:
+	body=sys.stdin.readlines()
+else:
+	body=['This is a test message. It should be automatically deleted by the test script.']
+
 msg = """From: {headerfrom}
 To: {emailto}
 Subject: {subject}
 
-This is a test message. It should be automatically deleted by the test script.""".format(
+{body}""".format(
 	headerfrom=headerfrom,
 	emailto=emailto,
 	subject=subject,
+	body=''.join(body)
 	)
 
 def imap_login(host, login, pw):
@@ -162,7 +178,8 @@ def smtp_login(host, login, pw, port):
 		server.starttls()
 	else:
 		server = smtplib.SMTP_SSL(host)
-	#server.set_debuglevel(1)
+	if smtp_debug:
+		server.set_debuglevel(1)
 
 	# Verify that the EHLO name matches the server's reverse DNS.
 	ipaddr = socket.gethostbyname(host) # IPv4 only!
@@ -191,7 +208,10 @@ def smtp_login(host, login, pw, port):
 if send_msg:
 	# Attempt to send a mail.
 	server = smtp_login(host, login, pw, port)
-	server.sendmail(emailfrom, [emailto], msg)
+	# sendmail: "If this method does not raise an exception, it returns a dictionary, with one entry for each recipient that was refused. Each entry contains a tuple of the SMTP error code and the accompanying error message sent by the server."
+	errors = server.sendmail(emailfrom, [emailto], msg)
+	#print(errors)
+	#if errors: raise ValueError(errors)
 	server.quit()
 	print("SMTP submission is OK.")
 

From 97080b1c2a4a8efe0f725adf06ad57aecfb06999 Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Sat, 7 Sep 2024 15:28:26 -0400
Subject: [PATCH 18/55] run python unbuffered so output always appears in the
 correct order even when running shell scripts

---
 setup/migrate.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup/migrate.py b/setup/migrate.py
index b1ce972e..aa47b8e8 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/python3 -u
 # -*- indent-tabs-mode: t; tab-width: 8; python-indent-offset: 8; -*-
 #####
 ##### This file is part of Mail-in-a-Box-LDAP which is released under the
@@ -471,7 +471,7 @@ def run_miabldap_migrations():
 			migration_id = 0
 		else:
 			print()
-			print("%s file doesn't exists. Skipping migration..." % (migration_id_file,))
+			print("%s file doesn't exist. Skipping migration..." % (migration_id_file,))
 			return
 
 	ourver = int(migration_id)

From 555acc77038cf9bea20f28888c8d66858dd00eae Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Sat, 7 Sep 2024 15:29:42 -0400
Subject: [PATCH 19/55] don't compare quota fields when comparing states
 against older miab

---
 tests/lib/installed-state.sh         | 38 ++++++++++++++++++----------
 tests/system-setup/setup-defaults.sh |  3 ++-
 2 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/tests/lib/installed-state.sh b/tests/lib/installed-state.sh
index 3b5b1512..6b48c37c 100644
--- a/tests/lib/installed-state.sh
+++ b/tests/lib/installed-state.sh
@@ -19,16 +19,16 @@ parse_miab_version_string() {
     local tmpfile
     tmpfile=$(mktemp)
     awk -F- '
-/^v[0-9]+\./ { split($1,a,"."); print "MAJOR="substr(a[1],2); print "MINOR="a[2]; print "RELEASE="$2; next }  
+/^v[0-9]+\./ { split($1,a,"."); print "MAJOR="substr(a[1],2); print "MINOR="a[2]; print "RELEASE="$2; next }
 
 $1 ~ /^v[0-9]+[a-z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"a"+1; print "RELEASE="; next }
 
 $1 ~ /^v[0-9]+[A-Z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"A"+1; print "RELEASE="; next }
 
-$1 ~ /^v[0-9]+$/ { print "MAJOR="substr($1,2); print "MINOR="; print "RELEASE="; next } 
+$1 ~ /^v[0-9]+$/ { print "MAJOR="substr($1,2); print "MINOR="; print "RELEASE="; next }
 
 { exit 1 }' >> "$tmpfile" <<< "$1"
-    
+
     if [ $? -ne 0 ]; then
         rm -f "$tmpfile"
         return 1
@@ -79,7 +79,7 @@ installed_state_capture() {
     echo "MAJOR=$MAJOR" >>"$info"
     echo "MINOR=$MINOR" >>"$info"
     echo "RELEASE=$RELEASE" >>"$info"
-    
+
     echo "GIT_ORIGIN='$(git remote -v | grep ^origin | grep 'fetch)$' | awk '{print $2}')'" >>"$info"
     echo "MIGRATION_VERSION=$([ -e "$STORAGE_ROOT/mailinabox.version" ] && cat "$STORAGE_ROOT/mailinabox.version")" >>"$info"
     echo "MIGRATION_ML_VERSION=$([ -e "$STORAGE_ROOT/mailinabox-ldap.version" ] && cat "$STORAGE_ROOT/mailinabox-ldap.version")" >>"$info"
@@ -114,7 +114,7 @@ installed_state_capture() {
             return 3
         fi
     done
-    
+
     return 0
 }
 
@@ -123,7 +123,7 @@ installed_state_capture() {
 installed_state_compare() {
     local s1="$1"
     local s2="$2"
-    
+
     local output
     local changed="false"
 
@@ -138,13 +138,15 @@ installed_state_compare() {
     RELEASE_A="${RELEASE:-0}"
     PROD_A="miab"
     grep "mailinabox-ldap" <<<"$GIT_ORIGIN" >/dev/null && PROD_A="miabldap"
-    
+    MIGRATION_ML_VERSION_A="${MIGRATION_ML_VERSION:-0}"
+
     source "$s2/info.txt"
     MAJOR_B="$MAJOR"
     MINOR_B="${MINOR:-0}"
     RELEASE_B="${RELEASE:-0}"
     PROD_B="miab"
     grep "mailinabox-ldap" <<<"$GIT_ORIGIN" >/dev/null && PROD_B="miabldap"
+    MIGRATION_ML_VERSION_B="${MIGRATION_ML_VERSION:-0}"
 
     cmptype="${PROD_A}2${PROD_B}"
 
@@ -155,7 +157,7 @@ installed_state_compare() {
     cp "$s1/aliases.json" "$s1/aliases-cmp.json" || changed="true"
     cp "$s2/users.json" "$s2/users-cmp.json" || changed="true"
     cp "$s2/aliases.json" "$s2/aliases-cmp.json" || changed="true"
-    
+
     if [ "$cmptype" = "miab2miabldap" ]
     then
         # user display names is a feature added to MiaB-LDAP that is
@@ -164,7 +166,7 @@ installed_state_compare() {
 
         # alias descriptions is a feature added to MiaB-LDAP that is
         # not in MiaB
-        grep -v '"description":' "$s2/aliases.json" > "$s2/aliases-cmp.json" || changed="true"        
+        grep -v '"description":' "$s2/aliases.json" > "$s2/aliases-cmp.json" || changed="true"
     fi
 
     # cmp: v0.54 to current
@@ -177,8 +179,16 @@ installed_state_compare() {
         # s2: re-sort aliases
         jq -c ".[] | .aliases | sort_by(.address) | .[] | {address:.address, forwards_to:.forwards_to, permitted_senders:.permitted_senders, auto:.auto, description:.description}"  "$s2/aliases.json" > "$s2/aliases-cmp.json"
     fi
-    
-    
+
+    if [ $MIGRATION_ML_VERSION_A -le 2 -a $MIGRATION_ML_VERSION_B -ge 3 ]; then
+        # miabldap migration level <=2 does not have quota fields, so
+        # remove them from the comparison
+        grep -vE '"(quota|box_quota|box_size|percent)":' "$s2/users.json" > "$s2/users-cmp2.json" || changed="true"
+        cp "$s2/users-cmp2.json" "$s2/users-cmp.json" && rm -f "$s2/users-cmp2.json"
+    fi
+
+
+
     #
     # users
     #
@@ -195,7 +205,7 @@ installed_state_compare() {
     #
     # aliases
     #
-    
+
     H2 "Aliases"
     output="$(diff "$s1/aliases-cmp.json" "$s2/aliases-cmp.json" 2>&1)"
     if [ $? -ne 0 ]; then
@@ -241,13 +251,13 @@ installed_state_compare() {
 # $4 == "SOA" { print $1" "$3" "$4" "$5" "$6" "$8" "$10" "$12; next } \
 # { for(i=1;i<=NF;i++) if (i!=2) printf("%s ",$i); print ""; }' \
 #                 "$s1/zones/$zone" > "$t1"
-            
+
 #             awk '\
 # $4 == "RRSIG" || $4 == "NSEC3" { next; } \
 # $4 == "SOA" { print $1" "$3" "$4" "$5" "$6" "$8" "$10" "$12; next } \
 # { for(i=1;i<=NF;i++) if (i!=2) printf("%s ",$i); print ""; }' \
 #                 "$s2/zones/$zone" > "$t2"
-            
+
 #             output="$(diff "$t1" "$t2" 2>&1)"
 #             if [ $? -ne 0 ]; then
 #                 echo "CHANGED zone: $zone"
diff --git a/tests/system-setup/setup-defaults.sh b/tests/system-setup/setup-defaults.sh
index 028325b9..161cc814 100755
--- a/tests/system-setup/setup-defaults.sh
+++ b/tests/system-setup/setup-defaults.sh
@@ -64,7 +64,7 @@ export UPSTREAM_TAG="${UPSTREAM_TAG:-}"
 
 # For setup scripts that install miabldap releases (eg. upgrade tests)
 export MIABLDAP_GIT="${MIABLDAP_GIT:-https://github.com/downtownallday/mailinabox-ldap.git}"
-export MIABLDAP_RELEASE_TAG="${MIABLDAP_RELEASE_TAG:-v60}"
+export MIABLDAP_RELEASE_TAG="${MIABLDAP_RELEASE_TAG:-v70}"
 
 # When running tests that require php, use this version of php. This
 # should be the same as what's in setup/functions.sh.
@@ -73,3 +73,4 @@ export PHP_VER=8.0
 # Tag of last version supported on Ubuntu Bionic 18.04
 UPSTREAM_FINAL_RELEASE_TAG_BIONIC64=v57a
 MIABLDAP_FINAL_RELEASE_TAG_BIONIC64=f6cd8f56c3bcb20969c6cf66c040c8efa3773f3a
+MIABLDAP_INITIAL_RELEASE_TAG_JAMMY64=v60

From 816f12e3bdb2097a5b9b292b46d30f2ed93b8cbb Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Sat, 7 Sep 2024 17:11:56 -0400
Subject: [PATCH 20/55] fix file to grep

---
 tests/lib/installed-state.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/lib/installed-state.sh b/tests/lib/installed-state.sh
index 6b48c37c..174b37e5 100644
--- a/tests/lib/installed-state.sh
+++ b/tests/lib/installed-state.sh
@@ -183,7 +183,7 @@ installed_state_compare() {
     if [ $MIGRATION_ML_VERSION_A -le 2 -a $MIGRATION_ML_VERSION_B -ge 3 ]; then
         # miabldap migration level <=2 does not have quota fields, so
         # remove them from the comparison
-        grep -vE '"(quota|box_quota|box_size|percent)":' "$s2/users.json" > "$s2/users-cmp2.json" || changed="true"
+        grep -vE '"(quota|box_quota|box_size|percent)":' "$s2/users-cmp.json" > "$s2/users-cmp2.json" || changed="true"
         cp "$s2/users-cmp2.json" "$s2/users-cmp.json" && rm -f "$s2/users-cmp2.json"
     fi
 

From 939d6f04c34e8cc5078677fedb6f9fa0293e56d9 Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Wed, 11 Sep 2024 15:58:34 -0400
Subject: [PATCH 21/55] =?UTF-8?q?Allow=20Trash=20to=20exceed=20quota=20by?=
 =?UTF-8?q?=20100M=20"mostly=20to=20allow=20the=20clients=E2=80=99=20move-?=
 =?UTF-8?q?to-Trash=20feature=20work=20while=20user=20is=20deleting=20mess?=
 =?UTF-8?q?ages=20to=20get=20under=20quota"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 setup/mail-users.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/setup/mail-users.sh b/setup/mail-users.sh
index 68090aab..026977a4 100755
--- a/setup/mail-users.sh
+++ b/setup/mail-users.sh
@@ -92,8 +92,9 @@ pass_attrs = maildrop=user
 user_filter = (&(objectClass=mailUser)(|(mail=%u)(maildrop=%u)))
 user_attrs = maildrop=user, \
              mailboxQuota=quota_rule=*:bytes=%\$, \
-             =quota_rule2=Drafts:ignore, \
-             =quota_rule3=Sent:ignore
+             =quota_rule2=Trash:storage=+100M, \
+             =quota_rule3=Drafts:ignore, \
+             =quota_rule4=Sent:ignore
 
 # Account iteration for various dovecot tools (doveadm)
 iterate_filter = (objectClass=mailUser)

From 6f3bf9151b0a342b1109df41e6111d3918756260 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 27 Apr 2024 18:41:35 -0400
Subject: [PATCH 22/55] bringing in quota changes

---
 conf/dovecot/conf.d/15-mailboxes.conf |  63 +++++++++++++
 management/cli.py                     |  20 +++++
 management/daemon.py                  |  49 ++++++++++-
 management/mailconfig.py              | 122 ++++++++++++++++++++++++--
 management/status_checks.py           |   4 +-
 management/templates/users.html       | 106 ++++++++++++++++++++--
 setup/bootstrap.sh                    |   1 -
 setup/mail-dovecot.sh                 |  28 +++++-
 setup/mail-postfix.sh                 |   2 +-
 setup/mail-users.sh                   |   7 +-
 setup/webmail.sh                      |   1 +
 11 files changed, 382 insertions(+), 21 deletions(-)
 create mode 100644 conf/dovecot/conf.d/15-mailboxes.conf

diff --git a/conf/dovecot/conf.d/15-mailboxes.conf b/conf/dovecot/conf.d/15-mailboxes.conf
new file mode 100644
index 00000000..58e2efed
--- /dev/null
+++ b/conf/dovecot/conf.d/15-mailboxes.conf
@@ -0,0 +1,63 @@
+## NOTE: This file is automatically generated by Mail-in-a-Box.
+##       Do not edit this file. It is continually updated by
+##       Mail-in-a-Box and your changes will be lost.
+##
+##       Mail-in-a-Box machines are not meant to be modified.
+##       If you modify any system configuration you are on
+##       your own --- please do not ask for help from us.
+
+namespace inbox {
+  # Automatically create & subscribe some folders.
+  # * Create and subscribe the INBOX folder.
+  # * Our sieve rule for spam expects that the Spam folder exists.
+  # * Z-Push must be configured with the same settings in conf/zpush/backend_imap.php (#580).
+
+  # MUA notes:
+  # * Roundcube will show an error if the user tries to delete a message before the Trash folder exists (#359).
+  # * K-9 mail will poll every 90 seconds if a Drafts folder does not exist.
+  # * Apple's OS X Mail app will create 'Sent Messages' if it doesn't see a folder with the \Sent flag (#571, #573) and won't be able to archive messages unless 'Archive' exists (#581).
+  # * Thunderbird's default in its UI is 'Archives' (plural) but it will configure new accounts to use whatever we say here (#581).
+
+  # auto:
+  # 'create' will automatically create this mailbox.
+  # 'subscribe' will both create and subscribe to the mailbox.
+
+  # special_use is a space separated list of IMAP SPECIAL-USE
+  # attributes as specified by RFC 6154:
+  # \All \Archive \Drafts \Flagged \Junk \Sent \Trash
+
+  mailbox INBOX {
+    auto = subscribe
+  }
+  mailbox Spam {
+    special_use = \Junk
+    auto = subscribe
+  }
+  mailbox Drafts {
+    special_use = \Drafts
+    auto = subscribe
+  }
+  mailbox Sent {
+    special_use = \Sent
+    auto = subscribe
+  }
+  mailbox Trash {
+    special_use = \Trash
+    auto = subscribe
+  }
+  mailbox Archive {
+    special_use = \Archive
+    auto = subscribe
+  }
+
+  # dovevot's standard mailboxes configuration file marks two sent folders
+  # with the \Sent attribute, just in case clients don't agree about which
+  # they're using. We'll keep that, plus add Junk as an alterative for Spam.
+  # These are not auto-created.
+  mailbox "Sent Messages" {
+    special_use = \Sent
+  }
+  mailbox Junk {
+    special_use = \Junk
+  }
+}
diff --git a/management/cli.py b/management/cli.py
index 70dbe894..1c3fa4bd 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -60,11 +60,13 @@ def setup_key_auth(mgmt_uri):
 
 if len(sys.argv) < 2:
 	print("""Usage:
+  {cli} system default-quota [new default]       (set default quota for system)
   {cli} user                                     (lists users)
   {cli} user add user@domain.com [password]
   {cli} user password user@domain.com [password]
   {cli} user remove user@domain.com
   {cli} user make-admin user@domain.com
+  {cli} user quota user@domain [new-quota]
   {cli} user remove-admin user@domain.com
   {cli} user admins                              (lists admins)
   {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -88,6 +90,10 @@ elif sys.argv[1] == "user" and len(sys.argv) == 2:
 			print(user['email'], end='')
 			if "admin" in user['privileges']:
 				print("*", end='')
+			if user['quota'] == '0':
+				print(" unlimited", end='')
+			else:
+				print(" " + user['quota'], end='')
 			print()
 
 elif sys.argv[1] == "user" and sys.argv[2] in {"add", "password"}:
@@ -117,6 +123,14 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 			if "admin" in user['privileges']:
 				print(user['email'])
 
+elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
+	# Set a user's quota
+	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
+
+elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
+	# Set a user's quota
+	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] })
+
 elif sys.argv[1] == "user" and len(sys.argv) == 5 and sys.argv[2:4] == ["mfa", "show"]:
 	# Show MFA status for a user.
 	status = mgmt("/mfa/status", { "user": sys.argv[4] }, is_json=True)
@@ -138,6 +152,12 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "add" and len(sys.argv) == 5:
 elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 	print(mgmt("/mail/aliases/remove", { "address": sys.argv[3] }))
 
+elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 3:
+	print(mgmt("/system/default-quota?text=1"))
+
+elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 4:
+	print(mgmt("/system/default-quota", { "default_quota": sys.argv[3]}))
+
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
diff --git a/management/daemon.py b/management/daemon.py
index 3aa6eed2..e850e6c6 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -21,6 +21,7 @@ import auth, utils
 from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
 from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege
 from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains, add_mail_alias, remove_mail_alias
+from mailconfig import get_mail_quota, set_mail_quota, get_default_quota, validate_quota
 from mfa import get_public_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa
 import contextlib
 
@@ -191,8 +192,31 @@ def mail_users():
 @app.route('/mail/users/add', methods=['POST'])
 @authorized_personnel_only
 def mail_users_add():
+	quota = request.form.get('quota', get_default_quota(env))
 	try:
-		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), env)
+		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), quota, env)
+	except ValueError as e:
+		return (str(e), 400)
+
+@app.route('/mail/users/quota', methods=['GET'])
+@authorized_personnel_only
+def get_mail_users_quota():
+	email = request.values.get('email', '')
+	quota = get_mail_quota(email, env)
+
+	if request.values.get('text'):
+		return quota
+
+	return json_response({
+		"email": email,
+		"quota": quota
+	})
+
+@app.route('/mail/users/quota', methods=['POST'])
+@authorized_personnel_only
+def mail_users_quota():
+	try:
+		return set_mail_quota(request.form.get('email', ''), request.form.get('quota'), env)
 	except ValueError as e:
 		return (str(e), 400)
 
@@ -651,6 +675,29 @@ def privacy_status_set():
 	utils.write_settings(config, env)
 	return "OK"
 
+@app.route('/system/default-quota', methods=["GET"])
+@authorized_personnel_only
+def default_quota_get():
+	if request.values.get('text'):
+		return get_default_quota(env)
+	else:
+		return json_response({
+			"default-quota": get_default_quota(env),
+		})
+
+@app.route('/system/default-quota', methods=["POST"])
+@authorized_personnel_only
+def default_quota_set():
+	config = utils.load_settings(env)
+	try:
+		config["default-quota"] = validate_quota(request.values.get('default_quota'))
+		utils.write_settings(config, env)
+
+	except ValueError as e:
+		return ("ERROR: %s" % str(e), 400)
+
+	return "OK"
+
 # MUNIN
 
 @app.route('/munin/')
diff --git a/management/mailconfig.py b/management/mailconfig.py
index e623eace..6d53885b 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -102,6 +102,18 @@ def get_mail_users(env):
 	users = [ row[0] for row in c.fetchall() ]
 	return utils.sort_email_addresses(users, env)
 
+def sizeof_fmt(num):
+	for unit in ['','K','M','G','T']:
+		if abs(num) < 1024.0:
+			if abs(num) > 99:
+				return "%3.0f%s" % (num, unit)
+			else:
+				return "%2.1f%s" % (num, unit)
+
+		num /= 1024.0
+
+	return str(num)
+
 def get_mail_users_ex(env, with_archived=False):
 	# Returns a complex data structure of all user accounts, optionally
 	# including archived (status="inactive") accounts.
@@ -125,13 +137,46 @@ def get_mail_users_ex(env, with_archived=False):
 	users = []
 	active_accounts = set()
 	c = open_database(env)
-	c.execute('SELECT email, privileges FROM users')
-	for email, privileges in c.fetchall():
+	c.execute('SELECT email, privileges, quota FROM users')
+	for email, privileges, quota in c.fetchall():
 		active_accounts.add(email)
 
+		(user, domain) = email.split('@')
+		box_size = 0
+		box_count = 0
+		box_quota = 0
+		percent = ''
+		try:
+			dirsize_file = os.path.join(env['STORAGE_ROOT'], 'mail/mailboxes/%s/%s/maildirsize' % (domain, user))
+			with open(dirsize_file, 'r') as f:
+				box_quota = int(f.readline().split('S')[0])
+				for line in f.readlines():
+					(size, count) = line.split(' ')
+					box_size += int(size)
+					box_count += int(count)
+
+			try:
+				percent = (box_size / box_quota) * 100
+			except:
+				percent = 'Error'
+
+		except:
+			box_size = '?'
+			box_count = '?'
+			box_quota = '?'
+			percent = '?'
+
+		if quota == '0':
+			percent = ''
+
 		user = {
 			"email": email,
 			"privileges": parse_privs(privileges),
+            "quota": quota,
+			"box_quota": box_quota,
+			"box_size": sizeof_fmt(box_size) if box_size != '?' else box_size,
+			"percent": '%3.0f%%' % percent if type(percent) != str else percent,
+			"box_count": box_count,
 			"status": "active",
 		}
 		users.append(user)
@@ -150,6 +195,10 @@ def get_mail_users_ex(env, with_archived=False):
 						"privileges": [],
 						"status": "inactive",
 						"mailbox": mbox,
+                        "box_count": '?',
+                        "box_size": '?',
+                        "box_quota": '?',
+                        "percent": '?',
 					}
 					users.append(user)
 
@@ -266,7 +315,7 @@ def get_mail_domains(env, filter_aliases=lambda alias : True, users_only=False):
 		domains.extend([get_domain(address, as_unicode=False) for address, _, _, auto in get_mail_aliases(env) if filter_aliases(address) and not auto ])
 	return set(domains)
 
-def add_mail_user(email, pw, privs, env):
+def add_mail_user(email, pw, privs, quota, env):
 	# validate email
 	if email.strip() == "":
 		return ("No email address provided.", 400)
@@ -292,6 +341,14 @@ def add_mail_user(email, pw, privs, env):
 			validation = validate_privilege(p)
 			if validation: return validation
 
+	if quota is None:
+		quota = get_default_quota()
+
+	try:
+		quota = validate_quota(quota)
+	except ValueError as e:
+		return (str(e), 400)
+
 	# get the database
 	conn, c = open_database(env, with_connection=True)
 
@@ -300,14 +357,16 @@ def add_mail_user(email, pw, privs, env):
 
 	# add the user to the database
 	try:
-		c.execute("INSERT INTO users (email, password, privileges) VALUES (?, ?, ?)",
-			(email, pw, "\n".join(privs)))
+		c.execute("INSERT INTO users (email, password, privileges, quota) VALUES (?, ?, ?, ?)",
+			(email, pw, "\n".join(privs), quota))
 	except sqlite3.IntegrityError:
 		return ("User already exists.", 400)
 
 	# write databasebefore next step
 	conn.commit()
 
+	dovecot_quota_recalc(email)
+
 	# Update things in case any new domains are added.
 	return kick(env, "mail user added")
 
@@ -332,6 +391,59 @@ def hash_password(pw):
 	# http://wiki2.dovecot.org/Authentication/PasswordSchemes
 	return utils.shell('check_output', ["/usr/bin/doveadm", "pw", "-s", "SHA512-CRYPT", "-p", pw]).strip()
 
+
+def get_mail_quota(email, env):
+	conn, c = open_database(env, with_connection=True)
+	c.execute("SELECT quota FROM users WHERE email=?", (email,))
+	rows = c.fetchall()
+	if len(rows) != 1:
+		return ("That's not a user (%s)." % email, 400)
+
+	return rows[0][0]
+
+
+def set_mail_quota(email, quota, env):
+	# validate that password is acceptable
+	quota = validate_quota(quota)
+
+	# update the database
+	conn, c = open_database(env, with_connection=True)
+	c.execute("UPDATE users SET quota=? WHERE email=?", (quota, email))
+	if c.rowcount != 1:
+		return ("That's not a user (%s)." % email, 400)
+	conn.commit()
+
+	dovecot_quota_recalc(email)
+
+	return "OK"
+
+def dovecot_quota_recalc(email):
+	# dovecot processes running for the user will not recognize the new quota setting
+	# a reload is necessary to reread the quota setting, but it will also shut down
+	# running dovecot processes.  Email clients generally log back in when they lose
+	# a connection.
+	# subprocess.call(['doveadm', 'reload'])
+
+	# force dovecot to recalculate the quota info for the user.
+	subprocess.call(["doveadm", "quota", "recalc", "-u", email])
+
+def get_default_quota(env):
+	config = utils.load_settings(env)
+	return config.get("default-quota", '0')
+
+def validate_quota(quota):
+	# validate quota
+	quota = quota.strip().upper()
+
+	if quota == "":
+		raise ValueError("No quota provided.")
+	if re.search(r"[\s,.]", quota):
+		raise ValueError("Quotas cannot contain spaces, commas, or decimal points.")
+	if not re.match(r'^[\d]+[GM]?$', quota):
+		raise ValueError("Invalid quota.")
+
+	return quota
+
 def get_mail_password(email, env):
 	# Gets the hashed password for a user. Passwords are stored in Dovecot's
 	# password format, with a prefixed scheme.
diff --git a/management/status_checks.py b/management/status_checks.py
index 51f8e631..0ba9c3c5 100755
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -282,7 +282,7 @@ def run_network_checks(env, output):
 	# The user might have ended up on an IP address that was previously in use
 	# by a spammer, or the user may be deploying on a residential network. We
 	# will not be able to reliably send mail in these cases.
-	
+
 	# See https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now. for
 	# information on spamhaus return codes
 	rev_ip4 = ".".join(reversed(env['PUBLIC_IP'].split('.')))
@@ -721,7 +721,7 @@ def check_mail_domain(domain, env, output):
 	# Stop if the domain is listed in the Spamhaus Domain Block List.
 	# The user might have chosen a domain that was previously in use by a spammer
 	# and will not be able to reliably send mail.
-	
+
 	# See https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now. for
 	# information on spamhaus return codes
 	dbl = query_dns(domain+'.dbl.spamhaus.org', "A", nxdomain=None)
diff --git a/management/templates/users.html b/management/templates/users.html
index 4924c7c8..da04fcc9 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -6,6 +6,7 @@
 #user_table .account_inactive .if_active { display: none; }
 #user_table .account_active .if_inactive { display: none; }
 #user_table .account_active.if_inactive { display: none; }
+.row-center { text-align: center; }
 </style>
 
 <h3>Add a mail user</h3>
@@ -27,6 +28,10 @@
       <option value="admin">Administrator</option>
     </select>
   </div>
+  <div class="form-group">
+      <label class="sr-only" for="adduserQuota">Quota</label>
+      <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;">
+  </div>
   <button type="submit" class="btn btn-primary">Add User</button>
 </form>
 <ul style="margin-top: 1em; padding-left: 1.5em; font-size: 90%;">
@@ -34,13 +39,18 @@
   <li>Use <a href="#aliases">aliases</a> to create email addresses that forward to existing accounts.</li>
   <li>Administrators get access to this control panel.</li>
   <li>User accounts cannot contain any international (non-ASCII) characters, but <a href="#aliases">aliases</a> can.</li>
+  <li>Quotas may not contain any spaces, commas or decimal points. Suffixes of G (gigabytes) and M (megabytes) are allowed.  For unlimited storage enter 0 (zero)</li>
 </ul>
 
 <h3>Existing mail users</h3>
 <table id="user_table" class="table" style="width: auto">
   <thead>
     <tr>
-      <th width="50%">Email Address</th>
+      <th width="35%">Email Address</th>
+      <th class="row-center">Messages</th>
+      <th class="row-center">Size</th>
+      <th class="row-center">Used</th>
+      <th class="row-center">Quota</th>
       <th>Actions</th>
     </tr>
   </thead>
@@ -53,10 +63,22 @@
   <tr id="user-template">
     <td class='address'>
     </td>
+    <td class="box-count row-center"></td>
+    <td class="box-size row-center"></td>
+    <td class="percent row-center"></td>
+	<td class="quota row-center">
+	</td>
     <td class='actions'>
         <span class='privs'>
         </span>
 
+        <span class="if_active">
+          <a href="#" onclick="users_set_quota(this); return false;" class='setquota' title="Set Quota">
+              set quota
+          </a>
+          |
+        </span>
+
         <span class="if_active">
           <a href="#" onclick="users_set_password(this); return false;" class='setpw' title="Set Password">
             set password
@@ -97,10 +119,28 @@
 <table class="table" style="margin-top: .5em">
 <thead><th>Verb</th> <th>Action</th><th></th></thead>
 <tr><td>GET</td><td><i>(none)</i></td> <td>Returns a list of existing mail users. Adding <code>?format=json</code> to the URL will give JSON-encoded results.</td></tr>
-<tr><td>POST</td><td>/add</td> <td>Adds a new mail user. Required POST-body parameters are <code>email</code> and <code>password</code>.</td></tr>
-<tr><td>POST</td><td>/remove</td> <td>Removes a mail user. Required POST-body parameter is <code>email</code>.</td></tr>
+<tr>
+    <td>POST</td>
+    <td>/add</td>
+    <td>Adds a new mail user. Required POST-body parameters are <code>email</code> and <code>password</code>. Optional parameters: <code>privilege=admin</code> and <code>quota</code></td>
+</tr>
+<tr>
+    <td>POST</td>
+    <td>/remove</td>
+    <td>Removes a mail user. Required POST-by parameter is <code>email</code>.</td>
+</tr>
 <tr><td>POST</td><td>/privileges/add</td> <td>Used to make a mail user an admin. Required POST-body parameters are <code>email</code> and <code>privilege=admin</code>.</td></tr>
 <tr><td>POST</td><td>/privileges/remove</td> <td>Used to remove the admin privilege from a mail user. Required POST-body parameter is <code>email</code>.</td></tr>
+<tr>
+    <td>GET</td>
+    <td>/quota</td>
+    <td>Get the quota for a mail user. Required POST-body parameters are <code>email</code> and will return JSON result</td>
+</tr>
+<tr>
+    <td>POST</td>
+    <td>/quota</td>
+    <td>Set the quota for a mail user. Required POST-body parameters are <code>email</code> and <code>quota</code>.</td>
+</tr>
 </table>
 
 <h4>Examples:</h4>
@@ -125,6 +165,15 @@ curl -X POST -d "email=new_user@mydomail.com" https://{{hostname}}/admin/mail/us
 
 <script>
 function show_users() {
+  api(
+    "/system/default-quota",
+    "GET",
+    {},
+    function(r) {
+      $('#adduserQuota').val(r['default-quota']);
+    }
+  );
+
   $('#user_table tbody').html("<tr><td colspan='2' class='text-muted'>Loading...</td></tr>")
   api(
     "/mail/users",
@@ -133,7 +182,7 @@ function show_users() {
     function(r) {
       $('#user_table tbody').html("");
       for (var i = 0; i < r.length; i++) {
-        var hdr = $("<tr><th colspan='2' style='background-color: #EEE'></th></tr>");
+        var hdr = $("<tr><th colspan='6' style='background-color: #EEE'></th></tr>");
         hdr.find('th').text(r[i].domain);
         $('#user_table tbody').append(hdr);
 
@@ -151,7 +200,18 @@ function show_users() {
           n2.addClass("account_" + user.status);
 
           n.attr('data-email', user.email);
-          n.find('.address').text(user.email)
+          n.attr('data-quota', user.quota);
+          n.find('.address').text(user.email);
+          n.find('.box-count').text((user.box_count).toLocaleString('en'));
+          if (user.box_count == '?') {
+            n.find('.box-count').attr('title', 'Message count is unkown')
+          }
+          n.find('.box-size').text(user.box_size);
+          if (user.box_size == '?') {
+            n.find('.box-size').attr('title', 'Mailbox size is unkown')
+          }
+          n.find('.percent').text(user.percent);
+          n.find('.quota').text((user.quota == '0') ? 'unlimited' : user.quota);
           n2.find('.restore_info tt').text(user.mailbox);
 
           if (user.status == 'inactive') continue;
@@ -180,13 +240,15 @@ function do_add_user() {
   var email = $("#adduserEmail").val();
   var pw = $("#adduserPassword").val();
   var privs = $("#adduserPrivs").val();
+  var quota = $("#adduserQuota").val();
   api(
     "/mail/users/add",
     "POST",
     {
       email: email,
       password: pw,
-      privileges: privs
+      privileges: privs,
+      quota: quota
     },
     function(r) {
       // Responses are multiple lines of pre-formatted text.
@@ -228,6 +290,36 @@ function users_set_password(elem) {
     });
 }
 
+function users_set_quota(elem) {
+    var email = $(elem).parents('tr').attr('data-email');
+    var quota = $(elem).parents('tr').attr('data-quota');
+
+    show_modal_confirm(
+        "Set Quota",
+        $("<p>Set quota for <b>" + email + "</b>?</p>" +
+            "<p>" +
+            "<label for='users_set_quota' style='display: block; font-weight: normal'>Quota:</label>" +
+            "<input type='text' id='users_set_quota' value='" + quota + "'></p>" +
+            "<p><small>Quotas may not contain any spaces or commas.  Suffixes of G (gigabytes) and M (megabytes) are allowed.</small></p>" +
+            "<p><small>For unlimited storage enter 0 (zero)</small></p>"),
+        "Set Quota",
+        function() {
+            api(
+                "/mail/users/quota",
+                "POST",
+                {
+                    email: email,
+                    quota: $('#users_set_quota').val()
+                },
+                function(r) {
+                    show_users();
+                },
+                function(r) {
+                    show_modal_error("Set Quota", r);
+                });
+        });
+}
+
 function users_remove(elem) {
   var email = $(elem).parents('tr').attr('data-email');
 
@@ -293,7 +385,7 @@ function generate_random_password() {
   var charset = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789"; // confusable characters skipped
   for (var i = 0; i < 12; i++)
     pw += charset.charAt(Math.floor(Math.random() * charset.length));
-  show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></pr");
+  show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></p>");
   return false; // cancel click
 }
 </script>
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index 00d1b214..6f85bec9 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -89,4 +89,3 @@ fi
 
 # Start setup script.
 setup/start.sh
-
diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index b146e44a..1a9fb1fc 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -66,7 +66,33 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 	first_valid_uid=0
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
-cp conf/dovecot-mailboxes.conf /etc/dovecot/conf.d/15-mailboxes.conf
+cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
+sed -i "s/#mail_plugins = .*/mail_plugins = \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
+if ! grep -q "mail_plugins = \$mail_plugins imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
+    sed -i "s/mail_plugins = .*/mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf
+fi
+
+# configure stuff for quota support
+if ! grep -q "quota_status_success = DUNNO" /etc/dovecot/conf.d/90-quota.conf; then
+    cat > /etc/dovecot/conf.d/90-quota.conf << EOF;
+plugin {
+  quota = maildir
+
+  quota_grace = 10%
+
+  quota_status_success = DUNNO
+  quota_status_nouser = DUNNO
+  quota_status_overquota = "522 5.2.2 Mailbox is full"
+}
+
+service quota-status {
+    executable = quota-status -p postfix
+    inet_listener {
+        port = 12340
+    }
+}
+EOF
+fi
 
 # ### IMAP/POP
 
diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index 7b642a2a..5a4c7fec 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -238,7 +238,7 @@ tools/editconf.py /etc/postfix/main.cf  -e lmtp_destination_recipient_limit=
 # "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
 tools/editconf.py /etc/postfix/main.cf \
 	smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99]" \
-	smtpd_recipient_restrictions="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],reject_unlisted_recipient,check_policy_service inet:127.0.0.1:10023"
+	smtpd_recipient_restrictions="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],reject_unlisted_recipient,check_policy_service inet:127.0.0.1:10023,check_policy_service inet:127.0.0.1:12340"
 
 # Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
 # Postgrey listens on the same interface (and not IPv6, for instance).
diff --git a/setup/mail-users.sh b/setup/mail-users.sh
index 25a21c41..9b943cef 100755
--- a/setup/mail-users.sh
+++ b/setup/mail-users.sh
@@ -20,7 +20,7 @@ db_path=$STORAGE_ROOT/mail/users.sqlite
 # Create an empty database if it doesn't yet exist.
 if [ ! -f "$db_path" ]; then
 	echo "Creating new user database: $db_path";
-	echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra, privileges TEXT NOT NULL DEFAULT '');" | sqlite3 "$db_path";
+	echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra, privileges TEXT NOT NULL DEFAULT '', quota TEXT NOT NULL DEFAULT '0');" | sqlite3 "$db_path";
 	echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 "$db_path";
 	echo "CREATE TABLE mfa (id INTEGER PRIMARY KEY AUTOINCREMENT, user_id INTEGER NOT NULL, type TEXT NOT NULL, secret TEXT NOT NULL, mru_token TEXT, label TEXT, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE);" | sqlite3 "$db_path";
 	echo "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 "$db_path";
@@ -51,7 +51,7 @@ driver = sqlite
 connect = $db_path
 default_pass_scheme = SHA512-CRYPT
 password_query = SELECT email as user, password FROM users WHERE email='%u';
-user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home FROM users WHERE email='%u';
+user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home, '*:bytes=' || quota AS quota_rule FROM users WHERE email='%u';
 iterate_query = SELECT email AS user FROM users;
 EOF
 chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions
@@ -159,4 +159,5 @@ EOF
 restart_service postfix
 restart_service dovecot
 
-
+# force a recalculation of all user quotas
+doveadm quota recalc -A
diff --git a/setup/webmail.sh b/setup/webmail.sh
index 4591119c..3fc4f230 100644
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -145,6 +145,7 @@ cat > $RCM_CONFIG <<EOF;
 \$config['session_path'] = '/mail/';
 /* prevent CSRF, requires php 7.3+ */
 \$config['session_samesite'] = 'Strict';
+\$config['quota_zero_as_unlimited'] = true;
 ?>
 EOF
 

From 1cbf06c42a3c472d3b555e62ee037ee93296fe6f Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 14:27:11 -0400
Subject: [PATCH 23/55] fixing subprocess import

---
 management/mailconfig.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index 6d53885b..ae366310 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -10,6 +10,8 @@
 # address entered by the user.
 
 import os, sqlite3, re
+import subprocess
+
 import utils
 from email_validator import validate_email as validate_email_, EmailNotValidError
 import idna

From bf96bb93f3c30cc724081937ffd59fd0ee72ffe7 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 21:01:09 -0400
Subject: [PATCH 24/55] fixing imap sed script

---
 setup/mail-dovecot.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 1a9fb1fc..baab4b76 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -67,9 +67,9 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
 cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
-sed -i "s/#mail_plugins = .*/mail_plugins = \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
-if ! grep -q "mail_plugins = \$mail_plugins imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
-    sed -i "s/mail_plugins = .*/mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf
+sed -i "s/#mail_plugins =(.*)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
+if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
+    sed -i "s/mail_plugins =\(.*\)/mail_plugins =\1 imap_quota/" /etc/dovecot/conf.d/20-imap.conf
 fi
 
 # configure stuff for quota support

From 8bc59caffccc76f2cafd37f69d1373fde98a3448 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 21:15:05 -0400
Subject: [PATCH 25/55] fixing parens

---
 setup/mail-dovecot.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index baab4b76..0cfeafc4 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -67,7 +67,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
 cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
-sed -i "s/#mail_plugins =(.*)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
+sed -i "s/#mail_plugins =\(.*\)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
 if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
     sed -i "s/mail_plugins =\(.*\)/mail_plugins =\1 imap_quota/" /etc/dovecot/conf.d/20-imap.conf
 fi

From 7b57861ac9d53ddc45fc8cb5e8c4e9a7bd02c780 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 22:22:47 -0400
Subject: [PATCH 26/55] fixing imap sed script

---
 setup/mail-dovecot.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 0cfeafc4..99989d32 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -69,7 +69,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
 sed -i "s/#mail_plugins =\(.*\)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
 if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
-    sed -i "s/mail_plugins =\(.*\)/mail_plugins =\1 imap_quota/" /etc/dovecot/conf.d/20-imap.conf
+  sed -i "s/\(mail_plugins =.*\)/\1\n  mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf
 fi
 
 # configure stuff for quota support

From 1f37e16db420bcf1e6d2d0a1a1577a6083384fe1 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Mon, 8 Jul 2024 20:14:27 -0400
Subject: [PATCH 27/55] removing duplicate conf

---
 conf/dovecot/conf.d/15-mailboxes.conf | 63 ---------------------------
 setup/mail-dovecot.sh                 |  2 +-
 2 files changed, 1 insertion(+), 64 deletions(-)
 delete mode 100644 conf/dovecot/conf.d/15-mailboxes.conf

diff --git a/conf/dovecot/conf.d/15-mailboxes.conf b/conf/dovecot/conf.d/15-mailboxes.conf
deleted file mode 100644
index 58e2efed..00000000
--- a/conf/dovecot/conf.d/15-mailboxes.conf
+++ /dev/null
@@ -1,63 +0,0 @@
-## NOTE: This file is automatically generated by Mail-in-a-Box.
-##       Do not edit this file. It is continually updated by
-##       Mail-in-a-Box and your changes will be lost.
-##
-##       Mail-in-a-Box machines are not meant to be modified.
-##       If you modify any system configuration you are on
-##       your own --- please do not ask for help from us.
-
-namespace inbox {
-  # Automatically create & subscribe some folders.
-  # * Create and subscribe the INBOX folder.
-  # * Our sieve rule for spam expects that the Spam folder exists.
-  # * Z-Push must be configured with the same settings in conf/zpush/backend_imap.php (#580).
-
-  # MUA notes:
-  # * Roundcube will show an error if the user tries to delete a message before the Trash folder exists (#359).
-  # * K-9 mail will poll every 90 seconds if a Drafts folder does not exist.
-  # * Apple's OS X Mail app will create 'Sent Messages' if it doesn't see a folder with the \Sent flag (#571, #573) and won't be able to archive messages unless 'Archive' exists (#581).
-  # * Thunderbird's default in its UI is 'Archives' (plural) but it will configure new accounts to use whatever we say here (#581).
-
-  # auto:
-  # 'create' will automatically create this mailbox.
-  # 'subscribe' will both create and subscribe to the mailbox.
-
-  # special_use is a space separated list of IMAP SPECIAL-USE
-  # attributes as specified by RFC 6154:
-  # \All \Archive \Drafts \Flagged \Junk \Sent \Trash
-
-  mailbox INBOX {
-    auto = subscribe
-  }
-  mailbox Spam {
-    special_use = \Junk
-    auto = subscribe
-  }
-  mailbox Drafts {
-    special_use = \Drafts
-    auto = subscribe
-  }
-  mailbox Sent {
-    special_use = \Sent
-    auto = subscribe
-  }
-  mailbox Trash {
-    special_use = \Trash
-    auto = subscribe
-  }
-  mailbox Archive {
-    special_use = \Archive
-    auto = subscribe
-  }
-
-  # dovevot's standard mailboxes configuration file marks two sent folders
-  # with the \Sent attribute, just in case clients don't agree about which
-  # they're using. We'll keep that, plus add Junk as an alterative for Spam.
-  # These are not auto-created.
-  mailbox "Sent Messages" {
-    special_use = \Sent
-  }
-  mailbox Junk {
-    special_use = \Junk
-  }
-}
diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 99989d32..5e8eb93d 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -66,7 +66,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 	first_valid_uid=0
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
-cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
+cp conf/dovecot-mailboxes.conf /etc/dovecot/conf.d/15-mailboxes.conf
 sed -i "s/#mail_plugins =\(.*\)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
 if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
   sed -i "s/\(mail_plugins =.*\)/\1\n  mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf

From 1cb67f545e1a6067645923e872bea48f92e9374e Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Mon, 8 Jul 2024 20:25:46 -0400
Subject: [PATCH 28/55] using migrations for alter table command

---
 setup/migrate.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/setup/migrate.py b/setup/migrate.py
index 94bea923..3d76aabc 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -190,6 +190,13 @@ def migration_14(env):
 	db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
 	shell("check_call", ["sqlite3", db, "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);"])
 
+def migration_15(env):
+	# Add a column to the users table to store their quota limit.  Default to '0' for unlimited.
+	db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
+	shell("check_call", ["sqlite3", db,
+						 "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';"])
+
+
 ###########################################################
 
 def get_current_migration():

From c01a1d5493a090eeb4e0ce3b4dfffaf031af2cb4 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Mon, 8 Jul 2024 20:37:42 -0400
Subject: [PATCH 29/55] fixing cli commands

---
 management/cli.py | 11 +++++------
 setup/migrate.py  |  1 -
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index 1c3fa4bd..4f7a273c 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -9,13 +9,13 @@
 import sys, getpass, urllib.request, urllib.error, json, csv
 import contextlib
 
-def mgmt(cmd, data=None, is_json=False):
+def mgmt(cmd, data=None, is_json=False, method='GET'):
 	# The base URL for the management daemon. (Listens on IPv4 only.)
 	mgmt_uri = 'http://127.0.0.1:10222'
 
 	setup_key_auth(mgmt_uri)
 
-	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None)
+	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None, method=method)
 	try:
 		response = urllib.request.urlopen(req)
 	except urllib.error.HTTPError as e:
@@ -66,7 +66,7 @@ if len(sys.argv) < 2:
   {cli} user password user@domain.com [password]
   {cli} user remove user@domain.com
   {cli} user make-admin user@domain.com
-  {cli} user quota user@domain [new-quota]
+  {cli} user quota user@domain [new-quota]       (get or set user quota)
   {cli} user remove-admin user@domain.com
   {cli} user admins                              (lists admins)
   {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -124,12 +124,12 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 				print(user['email'])
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
-	# Set a user's quota
+	# Get a user's quota
 	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
 	# Set a user's quota
-	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] })
+	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] }, method='POST')
 
 elif sys.argv[1] == "user" and len(sys.argv) == 5 and sys.argv[2:4] == ["mfa", "show"]:
 	# Show MFA status for a user.
@@ -161,4 +161,3 @@ elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
-
diff --git a/setup/migrate.py b/setup/migrate.py
index 3d76aabc..fc0649dc 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -276,4 +276,3 @@ if __name__ == "__main__":
 	elif sys.argv[-1] == "--migrate":
 		# Perform migrations.
 		run_migrations()
-

From ceaf5338be09f2f779e4ff737e9849bfcff07e36 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Fri, 12 Jul 2024 13:54:49 -0400
Subject: [PATCH 30/55] removing the ability to configure the default quota --
 default quota is always unlimited.

---
 management/cli.py               |  7 -------
 management/daemon.py            | 27 ++-------------------------
 management/mailconfig.py        |  6 +-----
 management/templates/users.html | 11 +----------
 setup/migrate.py                |  3 +--
 5 files changed, 5 insertions(+), 49 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index 4f7a273c..b45e912f 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -60,7 +60,6 @@ def setup_key_auth(mgmt_uri):
 
 if len(sys.argv) < 2:
 	print("""Usage:
-  {cli} system default-quota [new default]       (set default quota for system)
   {cli} user                                     (lists users)
   {cli} user add user@domain.com [password]
   {cli} user password user@domain.com [password]
@@ -152,12 +151,6 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "add" and len(sys.argv) == 5:
 elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 	print(mgmt("/mail/aliases/remove", { "address": sys.argv[3] }))
 
-elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 3:
-	print(mgmt("/system/default-quota?text=1"))
-
-elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 4:
-	print(mgmt("/system/default-quota", { "default_quota": sys.argv[3]}))
-
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
diff --git a/management/daemon.py b/management/daemon.py
index e850e6c6..2ad8c480 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -21,7 +21,7 @@ import auth, utils
 from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
 from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege
 from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains, add_mail_alias, remove_mail_alias
-from mailconfig import get_mail_quota, set_mail_quota, get_default_quota, validate_quota
+from mailconfig import get_mail_quota, set_mail_quota
 from mfa import get_public_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa
 import contextlib
 
@@ -192,7 +192,7 @@ def mail_users():
 @app.route('/mail/users/add', methods=['POST'])
 @authorized_personnel_only
 def mail_users_add():
-	quota = request.form.get('quota', get_default_quota(env))
+	quota = request.form.get('quota', '0')
 	try:
 		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), quota, env)
 	except ValueError as e:
@@ -675,29 +675,6 @@ def privacy_status_set():
 	utils.write_settings(config, env)
 	return "OK"
 
-@app.route('/system/default-quota', methods=["GET"])
-@authorized_personnel_only
-def default_quota_get():
-	if request.values.get('text'):
-		return get_default_quota(env)
-	else:
-		return json_response({
-			"default-quota": get_default_quota(env),
-		})
-
-@app.route('/system/default-quota', methods=["POST"])
-@authorized_personnel_only
-def default_quota_set():
-	config = utils.load_settings(env)
-	try:
-		config["default-quota"] = validate_quota(request.values.get('default_quota'))
-		utils.write_settings(config, env)
-
-	except ValueError as e:
-		return ("ERROR: %s" % str(e), 400)
-
-	return "OK"
-
 # MUNIN
 
 @app.route('/munin/')
diff --git a/management/mailconfig.py b/management/mailconfig.py
index ae366310..2f44bf25 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -344,7 +344,7 @@ def add_mail_user(email, pw, privs, quota, env):
 			if validation: return validation
 
 	if quota is None:
-		quota = get_default_quota()
+		quota = '0'
 
 	try:
 		quota = validate_quota(quota)
@@ -429,10 +429,6 @@ def dovecot_quota_recalc(email):
 	# force dovecot to recalculate the quota info for the user.
 	subprocess.call(["doveadm", "quota", "recalc", "-u", email])
 
-def get_default_quota(env):
-	config = utils.load_settings(env)
-	return config.get("default-quota", '0')
-
 def validate_quota(quota):
 	# validate quota
 	quota = quota.strip().upper()
diff --git a/management/templates/users.html b/management/templates/users.html
index da04fcc9..e46b8391 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -30,7 +30,7 @@
   </div>
   <div class="form-group">
       <label class="sr-only" for="adduserQuota">Quota</label>
-      <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;">
+      <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;" value="0">
   </div>
   <button type="submit" class="btn btn-primary">Add User</button>
 </form>
@@ -165,15 +165,6 @@ curl -X POST -d "email=new_user@mydomail.com" https://{{hostname}}/admin/mail/us
 
 <script>
 function show_users() {
-  api(
-    "/system/default-quota",
-    "GET",
-    {},
-    function(r) {
-      $('#adduserQuota').val(r['default-quota']);
-    }
-  );
-
   $('#user_table tbody').html("<tr><td colspan='2' class='text-muted'>Loading...</td></tr>")
   api(
     "/mail/users",
diff --git a/setup/migrate.py b/setup/migrate.py
index fc0649dc..375e7e8f 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -193,8 +193,7 @@ def migration_14(env):
 def migration_15(env):
 	# Add a column to the users table to store their quota limit.  Default to '0' for unlimited.
 	db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
-	shell("check_call", ["sqlite3", db,
-						 "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';"])
+	shell("check_call", ["sqlite3", db, "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';"])
 
 
 ###########################################################

From febb5c32343b85438756415697031b46377694e2 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Fri, 12 Jul 2024 14:01:12 -0400
Subject: [PATCH 31/55] removing box count / message count feature

---
 management/mailconfig.py        | 5 -----
 management/templates/users.html | 5 -----
 2 files changed, 10 deletions(-)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index 2f44bf25..68adfba0 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -145,7 +145,6 @@ def get_mail_users_ex(env, with_archived=False):
 
 		(user, domain) = email.split('@')
 		box_size = 0
-		box_count = 0
 		box_quota = 0
 		percent = ''
 		try:
@@ -155,7 +154,6 @@ def get_mail_users_ex(env, with_archived=False):
 				for line in f.readlines():
 					(size, count) = line.split(' ')
 					box_size += int(size)
-					box_count += int(count)
 
 			try:
 				percent = (box_size / box_quota) * 100
@@ -164,7 +162,6 @@ def get_mail_users_ex(env, with_archived=False):
 
 		except:
 			box_size = '?'
-			box_count = '?'
 			box_quota = '?'
 			percent = '?'
 
@@ -178,7 +175,6 @@ def get_mail_users_ex(env, with_archived=False):
 			"box_quota": box_quota,
 			"box_size": sizeof_fmt(box_size) if box_size != '?' else box_size,
 			"percent": '%3.0f%%' % percent if type(percent) != str else percent,
-			"box_count": box_count,
 			"status": "active",
 		}
 		users.append(user)
@@ -197,7 +193,6 @@ def get_mail_users_ex(env, with_archived=False):
 						"privileges": [],
 						"status": "inactive",
 						"mailbox": mbox,
-                        "box_count": '?',
                         "box_size": '?',
                         "box_quota": '?',
                         "percent": '?',
diff --git a/management/templates/users.html b/management/templates/users.html
index e46b8391..e45fac05 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -63,7 +63,6 @@
   <tr id="user-template">
     <td class='address'>
     </td>
-    <td class="box-count row-center"></td>
     <td class="box-size row-center"></td>
     <td class="percent row-center"></td>
 	<td class="quota row-center">
@@ -193,10 +192,6 @@ function show_users() {
           n.attr('data-email', user.email);
           n.attr('data-quota', user.quota);
           n.find('.address').text(user.email);
-          n.find('.box-count').text((user.box_count).toLocaleString('en'));
-          if (user.box_count == '?') {
-            n.find('.box-count').attr('title', 'Message count is unkown')
-          }
           n.find('.box-size').text(user.box_size);
           if (user.box_size == '?') {
             n.find('.box-size').attr('title', 'Mailbox size is unkown')

From 12c95122b77b2a1e09830d6caa8a021c6c7a6332 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Fri, 12 Jul 2024 15:28:47 -0400
Subject: [PATCH 32/55] fixed missing column heading

---
 management/templates/users.html | 1 -
 1 file changed, 1 deletion(-)

diff --git a/management/templates/users.html b/management/templates/users.html
index e45fac05..0b9aea99 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -47,7 +47,6 @@
   <thead>
     <tr>
       <th width="35%">Email Address</th>
-      <th class="row-center">Messages</th>
       <th class="row-center">Size</th>
       <th class="row-center">Used</th>
       <th class="row-center">Quota</th>

From 826ef372b846e6bf1a831d32a4fea225d552768d Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Tue, 1 Oct 2024 19:17:27 -0400
Subject: [PATCH 33/55] Revert "fixing cli commands"

This reverts commit a4a08980f84360abcd009de9dc7ef8c6fcb529c4.
---
 management/cli.py | 11 ++++++-----
 setup/migrate.py  |  1 +
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index b45e912f..10e8439d 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -9,13 +9,13 @@
 import sys, getpass, urllib.request, urllib.error, json, csv
 import contextlib
 
-def mgmt(cmd, data=None, is_json=False, method='GET'):
+def mgmt(cmd, data=None, is_json=False):
 	# The base URL for the management daemon. (Listens on IPv4 only.)
 	mgmt_uri = 'http://127.0.0.1:10222'
 
 	setup_key_auth(mgmt_uri)
 
-	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None, method=method)
+	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None)
 	try:
 		response = urllib.request.urlopen(req)
 	except urllib.error.HTTPError as e:
@@ -65,7 +65,7 @@ if len(sys.argv) < 2:
   {cli} user password user@domain.com [password]
   {cli} user remove user@domain.com
   {cli} user make-admin user@domain.com
-  {cli} user quota user@domain [new-quota]       (get or set user quota)
+  {cli} user quota user@domain [new-quota]
   {cli} user remove-admin user@domain.com
   {cli} user admins                              (lists admins)
   {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -123,12 +123,12 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 				print(user['email'])
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
-	# Get a user's quota
+	# Set a user's quota
 	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
 	# Set a user's quota
-	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] }, method='POST')
+	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] })
 
 elif sys.argv[1] == "user" and len(sys.argv) == 5 and sys.argv[2:4] == ["mfa", "show"]:
 	# Show MFA status for a user.
@@ -154,3 +154,4 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
+
diff --git a/setup/migrate.py b/setup/migrate.py
index 375e7e8f..4c161e45 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -275,3 +275,4 @@ if __name__ == "__main__":
 	elif sys.argv[-1] == "--migrate":
 		# Perform migrations.
 		run_migrations()
+

From 1bff0a458f31a9901b4433f42e4df7d657ea3a61 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Tue, 1 Oct 2024 19:20:19 -0400
Subject: [PATCH 34/55] cli script fixes were broken

---
 management/cli.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index 10e8439d..f01c8062 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -65,7 +65,7 @@ if len(sys.argv) < 2:
   {cli} user password user@domain.com [password]
   {cli} user remove user@domain.com
   {cli} user make-admin user@domain.com
-  {cli} user quota user@domain [new-quota]
+  {cli} user quota user@domain [new-quota]       (get or set user quota)
   {cli} user remove-admin user@domain.com
   {cli} user admins                              (lists admins)
   {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -123,7 +123,7 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 				print(user['email'])
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
-	# Set a user's quota
+	# Get a user's quota
 	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
@@ -154,4 +154,3 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
-

From 0ff96f70d4a93db07eafb82bfeffec115e8dd65e Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Wed, 2 Oct 2024 12:25:28 -0400
Subject: [PATCH 35/55] cli.py user now prints '0' rather than 'unlimited' for
 quota

---
 management/cli.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index f01c8062..457901de 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -89,9 +89,7 @@ elif sys.argv[1] == "user" and len(sys.argv) == 2:
 			print(user['email'], end='')
 			if "admin" in user['privileges']:
 				print("*", end='')
-			if user['quota'] == '0':
-				print(" unlimited", end='')
-			else:
+			if 'quota' in user:
 				print(" " + user['quota'], end='')
 			print()
 

From a9d31f7925d80e1e2cd0f61cc939295365f1b065 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Wed, 2 Oct 2024 12:26:22 -0400
Subject: [PATCH 36/55] removing 'quota' from user output

---
 management/cli.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index 457901de..d902b893 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -89,8 +89,6 @@ elif sys.argv[1] == "user" and len(sys.argv) == 2:
 			print(user['email'], end='')
 			if "admin" in user['privileges']:
 				print("*", end='')
-			if 'quota' in user:
-				print(" " + user['quota'], end='')
 			print()
 
 elif sys.argv[1] == "user" and sys.argv[2] in {"add", "password"}:

From 884c23d1b7e0ba533f1ba8302c209d28eef4af4f Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Wed, 2 Oct 2024 12:27:00 -0400
Subject: [PATCH 37/55] % is a special character

---
 setup/mail-dovecot.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 5e8eb93d..06504862 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -78,7 +78,7 @@ if ! grep -q "quota_status_success = DUNNO" /etc/dovecot/conf.d/90-quota.conf; t
 plugin {
   quota = maildir
 
-  quota_grace = 10%
+  quota_grace = 10%%
 
   quota_status_success = DUNNO
   quota_status_nouser = DUNNO

From ce45217ab8f6d5d5bef73794da07e025e2c55b30 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 27 Apr 2024 18:41:35 -0400
Subject: [PATCH 38/55] bringing in quota changes

---
 conf/dovecot/conf.d/15-mailboxes.conf |  63 +++++++++++++
 management/cli.py                     |  20 +++++
 management/daemon.py                  |  49 ++++++++++-
 management/mailconfig.py              | 122 ++++++++++++++++++++++++--
 management/templates/users.html       | 106 ++++++++++++++++++++--
 setup/bootstrap.sh                    |   1 -
 setup/mail-dovecot.sh                 |  28 +++++-
 setup/mail-postfix.sh                 |   2 +-
 setup/mail-users.sh                   |   7 +-
 setup/webmail.sh                      |   1 +
 10 files changed, 380 insertions(+), 19 deletions(-)
 create mode 100644 conf/dovecot/conf.d/15-mailboxes.conf

diff --git a/conf/dovecot/conf.d/15-mailboxes.conf b/conf/dovecot/conf.d/15-mailboxes.conf
new file mode 100644
index 00000000..58e2efed
--- /dev/null
+++ b/conf/dovecot/conf.d/15-mailboxes.conf
@@ -0,0 +1,63 @@
+## NOTE: This file is automatically generated by Mail-in-a-Box.
+##       Do not edit this file. It is continually updated by
+##       Mail-in-a-Box and your changes will be lost.
+##
+##       Mail-in-a-Box machines are not meant to be modified.
+##       If you modify any system configuration you are on
+##       your own --- please do not ask for help from us.
+
+namespace inbox {
+  # Automatically create & subscribe some folders.
+  # * Create and subscribe the INBOX folder.
+  # * Our sieve rule for spam expects that the Spam folder exists.
+  # * Z-Push must be configured with the same settings in conf/zpush/backend_imap.php (#580).
+
+  # MUA notes:
+  # * Roundcube will show an error if the user tries to delete a message before the Trash folder exists (#359).
+  # * K-9 mail will poll every 90 seconds if a Drafts folder does not exist.
+  # * Apple's OS X Mail app will create 'Sent Messages' if it doesn't see a folder with the \Sent flag (#571, #573) and won't be able to archive messages unless 'Archive' exists (#581).
+  # * Thunderbird's default in its UI is 'Archives' (plural) but it will configure new accounts to use whatever we say here (#581).
+
+  # auto:
+  # 'create' will automatically create this mailbox.
+  # 'subscribe' will both create and subscribe to the mailbox.
+
+  # special_use is a space separated list of IMAP SPECIAL-USE
+  # attributes as specified by RFC 6154:
+  # \All \Archive \Drafts \Flagged \Junk \Sent \Trash
+
+  mailbox INBOX {
+    auto = subscribe
+  }
+  mailbox Spam {
+    special_use = \Junk
+    auto = subscribe
+  }
+  mailbox Drafts {
+    special_use = \Drafts
+    auto = subscribe
+  }
+  mailbox Sent {
+    special_use = \Sent
+    auto = subscribe
+  }
+  mailbox Trash {
+    special_use = \Trash
+    auto = subscribe
+  }
+  mailbox Archive {
+    special_use = \Archive
+    auto = subscribe
+  }
+
+  # dovevot's standard mailboxes configuration file marks two sent folders
+  # with the \Sent attribute, just in case clients don't agree about which
+  # they're using. We'll keep that, plus add Junk as an alterative for Spam.
+  # These are not auto-created.
+  mailbox "Sent Messages" {
+    special_use = \Sent
+  }
+  mailbox Junk {
+    special_use = \Junk
+  }
+}
diff --git a/management/cli.py b/management/cli.py
index 70dbe894..1c3fa4bd 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -60,11 +60,13 @@ def setup_key_auth(mgmt_uri):
 
 if len(sys.argv) < 2:
 	print("""Usage:
+  {cli} system default-quota [new default]       (set default quota for system)
   {cli} user                                     (lists users)
   {cli} user add user@domain.com [password]
   {cli} user password user@domain.com [password]
   {cli} user remove user@domain.com
   {cli} user make-admin user@domain.com
+  {cli} user quota user@domain [new-quota]
   {cli} user remove-admin user@domain.com
   {cli} user admins                              (lists admins)
   {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -88,6 +90,10 @@ elif sys.argv[1] == "user" and len(sys.argv) == 2:
 			print(user['email'], end='')
 			if "admin" in user['privileges']:
 				print("*", end='')
+			if user['quota'] == '0':
+				print(" unlimited", end='')
+			else:
+				print(" " + user['quota'], end='')
 			print()
 
 elif sys.argv[1] == "user" and sys.argv[2] in {"add", "password"}:
@@ -117,6 +123,14 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 			if "admin" in user['privileges']:
 				print(user['email'])
 
+elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
+	# Set a user's quota
+	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
+
+elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
+	# Set a user's quota
+	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] })
+
 elif sys.argv[1] == "user" and len(sys.argv) == 5 and sys.argv[2:4] == ["mfa", "show"]:
 	# Show MFA status for a user.
 	status = mgmt("/mfa/status", { "user": sys.argv[4] }, is_json=True)
@@ -138,6 +152,12 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "add" and len(sys.argv) == 5:
 elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 	print(mgmt("/mail/aliases/remove", { "address": sys.argv[3] }))
 
+elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 3:
+	print(mgmt("/system/default-quota?text=1"))
+
+elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 4:
+	print(mgmt("/system/default-quota", { "default_quota": sys.argv[3]}))
+
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
diff --git a/management/daemon.py b/management/daemon.py
index 3aa6eed2..e850e6c6 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -21,6 +21,7 @@ import auth, utils
 from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
 from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege
 from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains, add_mail_alias, remove_mail_alias
+from mailconfig import get_mail_quota, set_mail_quota, get_default_quota, validate_quota
 from mfa import get_public_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa
 import contextlib
 
@@ -191,8 +192,31 @@ def mail_users():
 @app.route('/mail/users/add', methods=['POST'])
 @authorized_personnel_only
 def mail_users_add():
+	quota = request.form.get('quota', get_default_quota(env))
 	try:
-		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), env)
+		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), quota, env)
+	except ValueError as e:
+		return (str(e), 400)
+
+@app.route('/mail/users/quota', methods=['GET'])
+@authorized_personnel_only
+def get_mail_users_quota():
+	email = request.values.get('email', '')
+	quota = get_mail_quota(email, env)
+
+	if request.values.get('text'):
+		return quota
+
+	return json_response({
+		"email": email,
+		"quota": quota
+	})
+
+@app.route('/mail/users/quota', methods=['POST'])
+@authorized_personnel_only
+def mail_users_quota():
+	try:
+		return set_mail_quota(request.form.get('email', ''), request.form.get('quota'), env)
 	except ValueError as e:
 		return (str(e), 400)
 
@@ -651,6 +675,29 @@ def privacy_status_set():
 	utils.write_settings(config, env)
 	return "OK"
 
+@app.route('/system/default-quota', methods=["GET"])
+@authorized_personnel_only
+def default_quota_get():
+	if request.values.get('text'):
+		return get_default_quota(env)
+	else:
+		return json_response({
+			"default-quota": get_default_quota(env),
+		})
+
+@app.route('/system/default-quota', methods=["POST"])
+@authorized_personnel_only
+def default_quota_set():
+	config = utils.load_settings(env)
+	try:
+		config["default-quota"] = validate_quota(request.values.get('default_quota'))
+		utils.write_settings(config, env)
+
+	except ValueError as e:
+		return ("ERROR: %s" % str(e), 400)
+
+	return "OK"
+
 # MUNIN
 
 @app.route('/munin/')
diff --git a/management/mailconfig.py b/management/mailconfig.py
index e623eace..6d53885b 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -102,6 +102,18 @@ def get_mail_users(env):
 	users = [ row[0] for row in c.fetchall() ]
 	return utils.sort_email_addresses(users, env)
 
+def sizeof_fmt(num):
+	for unit in ['','K','M','G','T']:
+		if abs(num) < 1024.0:
+			if abs(num) > 99:
+				return "%3.0f%s" % (num, unit)
+			else:
+				return "%2.1f%s" % (num, unit)
+
+		num /= 1024.0
+
+	return str(num)
+
 def get_mail_users_ex(env, with_archived=False):
 	# Returns a complex data structure of all user accounts, optionally
 	# including archived (status="inactive") accounts.
@@ -125,13 +137,46 @@ def get_mail_users_ex(env, with_archived=False):
 	users = []
 	active_accounts = set()
 	c = open_database(env)
-	c.execute('SELECT email, privileges FROM users')
-	for email, privileges in c.fetchall():
+	c.execute('SELECT email, privileges, quota FROM users')
+	for email, privileges, quota in c.fetchall():
 		active_accounts.add(email)
 
+		(user, domain) = email.split('@')
+		box_size = 0
+		box_count = 0
+		box_quota = 0
+		percent = ''
+		try:
+			dirsize_file = os.path.join(env['STORAGE_ROOT'], 'mail/mailboxes/%s/%s/maildirsize' % (domain, user))
+			with open(dirsize_file, 'r') as f:
+				box_quota = int(f.readline().split('S')[0])
+				for line in f.readlines():
+					(size, count) = line.split(' ')
+					box_size += int(size)
+					box_count += int(count)
+
+			try:
+				percent = (box_size / box_quota) * 100
+			except:
+				percent = 'Error'
+
+		except:
+			box_size = '?'
+			box_count = '?'
+			box_quota = '?'
+			percent = '?'
+
+		if quota == '0':
+			percent = ''
+
 		user = {
 			"email": email,
 			"privileges": parse_privs(privileges),
+            "quota": quota,
+			"box_quota": box_quota,
+			"box_size": sizeof_fmt(box_size) if box_size != '?' else box_size,
+			"percent": '%3.0f%%' % percent if type(percent) != str else percent,
+			"box_count": box_count,
 			"status": "active",
 		}
 		users.append(user)
@@ -150,6 +195,10 @@ def get_mail_users_ex(env, with_archived=False):
 						"privileges": [],
 						"status": "inactive",
 						"mailbox": mbox,
+                        "box_count": '?',
+                        "box_size": '?',
+                        "box_quota": '?',
+                        "percent": '?',
 					}
 					users.append(user)
 
@@ -266,7 +315,7 @@ def get_mail_domains(env, filter_aliases=lambda alias : True, users_only=False):
 		domains.extend([get_domain(address, as_unicode=False) for address, _, _, auto in get_mail_aliases(env) if filter_aliases(address) and not auto ])
 	return set(domains)
 
-def add_mail_user(email, pw, privs, env):
+def add_mail_user(email, pw, privs, quota, env):
 	# validate email
 	if email.strip() == "":
 		return ("No email address provided.", 400)
@@ -292,6 +341,14 @@ def add_mail_user(email, pw, privs, env):
 			validation = validate_privilege(p)
 			if validation: return validation
 
+	if quota is None:
+		quota = get_default_quota()
+
+	try:
+		quota = validate_quota(quota)
+	except ValueError as e:
+		return (str(e), 400)
+
 	# get the database
 	conn, c = open_database(env, with_connection=True)
 
@@ -300,14 +357,16 @@ def add_mail_user(email, pw, privs, env):
 
 	# add the user to the database
 	try:
-		c.execute("INSERT INTO users (email, password, privileges) VALUES (?, ?, ?)",
-			(email, pw, "\n".join(privs)))
+		c.execute("INSERT INTO users (email, password, privileges, quota) VALUES (?, ?, ?, ?)",
+			(email, pw, "\n".join(privs), quota))
 	except sqlite3.IntegrityError:
 		return ("User already exists.", 400)
 
 	# write databasebefore next step
 	conn.commit()
 
+	dovecot_quota_recalc(email)
+
 	# Update things in case any new domains are added.
 	return kick(env, "mail user added")
 
@@ -332,6 +391,59 @@ def hash_password(pw):
 	# http://wiki2.dovecot.org/Authentication/PasswordSchemes
 	return utils.shell('check_output', ["/usr/bin/doveadm", "pw", "-s", "SHA512-CRYPT", "-p", pw]).strip()
 
+
+def get_mail_quota(email, env):
+	conn, c = open_database(env, with_connection=True)
+	c.execute("SELECT quota FROM users WHERE email=?", (email,))
+	rows = c.fetchall()
+	if len(rows) != 1:
+		return ("That's not a user (%s)." % email, 400)
+
+	return rows[0][0]
+
+
+def set_mail_quota(email, quota, env):
+	# validate that password is acceptable
+	quota = validate_quota(quota)
+
+	# update the database
+	conn, c = open_database(env, with_connection=True)
+	c.execute("UPDATE users SET quota=? WHERE email=?", (quota, email))
+	if c.rowcount != 1:
+		return ("That's not a user (%s)." % email, 400)
+	conn.commit()
+
+	dovecot_quota_recalc(email)
+
+	return "OK"
+
+def dovecot_quota_recalc(email):
+	# dovecot processes running for the user will not recognize the new quota setting
+	# a reload is necessary to reread the quota setting, but it will also shut down
+	# running dovecot processes.  Email clients generally log back in when they lose
+	# a connection.
+	# subprocess.call(['doveadm', 'reload'])
+
+	# force dovecot to recalculate the quota info for the user.
+	subprocess.call(["doveadm", "quota", "recalc", "-u", email])
+
+def get_default_quota(env):
+	config = utils.load_settings(env)
+	return config.get("default-quota", '0')
+
+def validate_quota(quota):
+	# validate quota
+	quota = quota.strip().upper()
+
+	if quota == "":
+		raise ValueError("No quota provided.")
+	if re.search(r"[\s,.]", quota):
+		raise ValueError("Quotas cannot contain spaces, commas, or decimal points.")
+	if not re.match(r'^[\d]+[GM]?$', quota):
+		raise ValueError("Invalid quota.")
+
+	return quota
+
 def get_mail_password(email, env):
 	# Gets the hashed password for a user. Passwords are stored in Dovecot's
 	# password format, with a prefixed scheme.
diff --git a/management/templates/users.html b/management/templates/users.html
index 4924c7c8..da04fcc9 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -6,6 +6,7 @@
 #user_table .account_inactive .if_active { display: none; }
 #user_table .account_active .if_inactive { display: none; }
 #user_table .account_active.if_inactive { display: none; }
+.row-center { text-align: center; }
 </style>
 
 <h3>Add a mail user</h3>
@@ -27,6 +28,10 @@
       <option value="admin">Administrator</option>
     </select>
   </div>
+  <div class="form-group">
+      <label class="sr-only" for="adduserQuota">Quota</label>
+      <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;">
+  </div>
   <button type="submit" class="btn btn-primary">Add User</button>
 </form>
 <ul style="margin-top: 1em; padding-left: 1.5em; font-size: 90%;">
@@ -34,13 +39,18 @@
   <li>Use <a href="#aliases">aliases</a> to create email addresses that forward to existing accounts.</li>
   <li>Administrators get access to this control panel.</li>
   <li>User accounts cannot contain any international (non-ASCII) characters, but <a href="#aliases">aliases</a> can.</li>
+  <li>Quotas may not contain any spaces, commas or decimal points. Suffixes of G (gigabytes) and M (megabytes) are allowed.  For unlimited storage enter 0 (zero)</li>
 </ul>
 
 <h3>Existing mail users</h3>
 <table id="user_table" class="table" style="width: auto">
   <thead>
     <tr>
-      <th width="50%">Email Address</th>
+      <th width="35%">Email Address</th>
+      <th class="row-center">Messages</th>
+      <th class="row-center">Size</th>
+      <th class="row-center">Used</th>
+      <th class="row-center">Quota</th>
       <th>Actions</th>
     </tr>
   </thead>
@@ -53,10 +63,22 @@
   <tr id="user-template">
     <td class='address'>
     </td>
+    <td class="box-count row-center"></td>
+    <td class="box-size row-center"></td>
+    <td class="percent row-center"></td>
+	<td class="quota row-center">
+	</td>
     <td class='actions'>
         <span class='privs'>
         </span>
 
+        <span class="if_active">
+          <a href="#" onclick="users_set_quota(this); return false;" class='setquota' title="Set Quota">
+              set quota
+          </a>
+          |
+        </span>
+
         <span class="if_active">
           <a href="#" onclick="users_set_password(this); return false;" class='setpw' title="Set Password">
             set password
@@ -97,10 +119,28 @@
 <table class="table" style="margin-top: .5em">
 <thead><th>Verb</th> <th>Action</th><th></th></thead>
 <tr><td>GET</td><td><i>(none)</i></td> <td>Returns a list of existing mail users. Adding <code>?format=json</code> to the URL will give JSON-encoded results.</td></tr>
-<tr><td>POST</td><td>/add</td> <td>Adds a new mail user. Required POST-body parameters are <code>email</code> and <code>password</code>.</td></tr>
-<tr><td>POST</td><td>/remove</td> <td>Removes a mail user. Required POST-body parameter is <code>email</code>.</td></tr>
+<tr>
+    <td>POST</td>
+    <td>/add</td>
+    <td>Adds a new mail user. Required POST-body parameters are <code>email</code> and <code>password</code>. Optional parameters: <code>privilege=admin</code> and <code>quota</code></td>
+</tr>
+<tr>
+    <td>POST</td>
+    <td>/remove</td>
+    <td>Removes a mail user. Required POST-by parameter is <code>email</code>.</td>
+</tr>
 <tr><td>POST</td><td>/privileges/add</td> <td>Used to make a mail user an admin. Required POST-body parameters are <code>email</code> and <code>privilege=admin</code>.</td></tr>
 <tr><td>POST</td><td>/privileges/remove</td> <td>Used to remove the admin privilege from a mail user. Required POST-body parameter is <code>email</code>.</td></tr>
+<tr>
+    <td>GET</td>
+    <td>/quota</td>
+    <td>Get the quota for a mail user. Required POST-body parameters are <code>email</code> and will return JSON result</td>
+</tr>
+<tr>
+    <td>POST</td>
+    <td>/quota</td>
+    <td>Set the quota for a mail user. Required POST-body parameters are <code>email</code> and <code>quota</code>.</td>
+</tr>
 </table>
 
 <h4>Examples:</h4>
@@ -125,6 +165,15 @@ curl -X POST -d "email=new_user@mydomail.com" https://{{hostname}}/admin/mail/us
 
 <script>
 function show_users() {
+  api(
+    "/system/default-quota",
+    "GET",
+    {},
+    function(r) {
+      $('#adduserQuota').val(r['default-quota']);
+    }
+  );
+
   $('#user_table tbody').html("<tr><td colspan='2' class='text-muted'>Loading...</td></tr>")
   api(
     "/mail/users",
@@ -133,7 +182,7 @@ function show_users() {
     function(r) {
       $('#user_table tbody').html("");
       for (var i = 0; i < r.length; i++) {
-        var hdr = $("<tr><th colspan='2' style='background-color: #EEE'></th></tr>");
+        var hdr = $("<tr><th colspan='6' style='background-color: #EEE'></th></tr>");
         hdr.find('th').text(r[i].domain);
         $('#user_table tbody').append(hdr);
 
@@ -151,7 +200,18 @@ function show_users() {
           n2.addClass("account_" + user.status);
 
           n.attr('data-email', user.email);
-          n.find('.address').text(user.email)
+          n.attr('data-quota', user.quota);
+          n.find('.address').text(user.email);
+          n.find('.box-count').text((user.box_count).toLocaleString('en'));
+          if (user.box_count == '?') {
+            n.find('.box-count').attr('title', 'Message count is unkown')
+          }
+          n.find('.box-size').text(user.box_size);
+          if (user.box_size == '?') {
+            n.find('.box-size').attr('title', 'Mailbox size is unkown')
+          }
+          n.find('.percent').text(user.percent);
+          n.find('.quota').text((user.quota == '0') ? 'unlimited' : user.quota);
           n2.find('.restore_info tt').text(user.mailbox);
 
           if (user.status == 'inactive') continue;
@@ -180,13 +240,15 @@ function do_add_user() {
   var email = $("#adduserEmail").val();
   var pw = $("#adduserPassword").val();
   var privs = $("#adduserPrivs").val();
+  var quota = $("#adduserQuota").val();
   api(
     "/mail/users/add",
     "POST",
     {
       email: email,
       password: pw,
-      privileges: privs
+      privileges: privs,
+      quota: quota
     },
     function(r) {
       // Responses are multiple lines of pre-formatted text.
@@ -228,6 +290,36 @@ function users_set_password(elem) {
     });
 }
 
+function users_set_quota(elem) {
+    var email = $(elem).parents('tr').attr('data-email');
+    var quota = $(elem).parents('tr').attr('data-quota');
+
+    show_modal_confirm(
+        "Set Quota",
+        $("<p>Set quota for <b>" + email + "</b>?</p>" +
+            "<p>" +
+            "<label for='users_set_quota' style='display: block; font-weight: normal'>Quota:</label>" +
+            "<input type='text' id='users_set_quota' value='" + quota + "'></p>" +
+            "<p><small>Quotas may not contain any spaces or commas.  Suffixes of G (gigabytes) and M (megabytes) are allowed.</small></p>" +
+            "<p><small>For unlimited storage enter 0 (zero)</small></p>"),
+        "Set Quota",
+        function() {
+            api(
+                "/mail/users/quota",
+                "POST",
+                {
+                    email: email,
+                    quota: $('#users_set_quota').val()
+                },
+                function(r) {
+                    show_users();
+                },
+                function(r) {
+                    show_modal_error("Set Quota", r);
+                });
+        });
+}
+
 function users_remove(elem) {
   var email = $(elem).parents('tr').attr('data-email');
 
@@ -293,7 +385,7 @@ function generate_random_password() {
   var charset = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789"; // confusable characters skipped
   for (var i = 0; i < 12; i++)
     pw += charset.charAt(Math.floor(Math.random() * charset.length));
-  show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></pr");
+  show_modal_error("Random Password", "<p>Here, try this:</p> <p><code style='font-size: 110%'>" + pw + "</code></p>");
   return false; // cancel click
 }
 </script>
diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh
index 00d1b214..6f85bec9 100644
--- a/setup/bootstrap.sh
+++ b/setup/bootstrap.sh
@@ -89,4 +89,3 @@ fi
 
 # Start setup script.
 setup/start.sh
-
diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index b146e44a..1a9fb1fc 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -66,7 +66,33 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 	first_valid_uid=0
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
-cp conf/dovecot-mailboxes.conf /etc/dovecot/conf.d/15-mailboxes.conf
+cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
+sed -i "s/#mail_plugins = .*/mail_plugins = \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
+if ! grep -q "mail_plugins = \$mail_plugins imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
+    sed -i "s/mail_plugins = .*/mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf
+fi
+
+# configure stuff for quota support
+if ! grep -q "quota_status_success = DUNNO" /etc/dovecot/conf.d/90-quota.conf; then
+    cat > /etc/dovecot/conf.d/90-quota.conf << EOF;
+plugin {
+  quota = maildir
+
+  quota_grace = 10%
+
+  quota_status_success = DUNNO
+  quota_status_nouser = DUNNO
+  quota_status_overquota = "522 5.2.2 Mailbox is full"
+}
+
+service quota-status {
+    executable = quota-status -p postfix
+    inet_listener {
+        port = 12340
+    }
+}
+EOF
+fi
 
 # ### IMAP/POP
 
diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh
index 7b642a2a..5a4c7fec 100755
--- a/setup/mail-postfix.sh
+++ b/setup/mail-postfix.sh
@@ -238,7 +238,7 @@ tools/editconf.py /etc/postfix/main.cf  -e lmtp_destination_recipient_limit=
 # "450 4.7.1 Client host rejected: Service unavailable". This is a retry code, so the mail doesn't properly bounce. #NODOC
 tools/editconf.py /etc/postfix/main.cf \
 	smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_authenticated_sender_login_mismatch,reject_rhsbl_sender dbl.spamhaus.org=127.0.1.[2..99]" \
-	smtpd_recipient_restrictions="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],reject_unlisted_recipient,check_policy_service inet:127.0.0.1:10023"
+	smtpd_recipient_restrictions="permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org=127.0.0.[2..11],reject_unlisted_recipient,check_policy_service inet:127.0.0.1:10023,check_policy_service inet:127.0.0.1:12340"
 
 # Postfix connects to Postgrey on the 127.0.0.1 interface specifically. Ensure that
 # Postgrey listens on the same interface (and not IPv6, for instance).
diff --git a/setup/mail-users.sh b/setup/mail-users.sh
index 25a21c41..9b943cef 100755
--- a/setup/mail-users.sh
+++ b/setup/mail-users.sh
@@ -20,7 +20,7 @@ db_path=$STORAGE_ROOT/mail/users.sqlite
 # Create an empty database if it doesn't yet exist.
 if [ ! -f "$db_path" ]; then
 	echo "Creating new user database: $db_path";
-	echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra, privileges TEXT NOT NULL DEFAULT '');" | sqlite3 "$db_path";
+	echo "CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, email TEXT NOT NULL UNIQUE, password TEXT NOT NULL, extra, privileges TEXT NOT NULL DEFAULT '', quota TEXT NOT NULL DEFAULT '0');" | sqlite3 "$db_path";
 	echo "CREATE TABLE aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 "$db_path";
 	echo "CREATE TABLE mfa (id INTEGER PRIMARY KEY AUTOINCREMENT, user_id INTEGER NOT NULL, type TEXT NOT NULL, secret TEXT NOT NULL, mru_token TEXT, label TEXT, FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE);" | sqlite3 "$db_path";
 	echo "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);" | sqlite3 "$db_path";
@@ -51,7 +51,7 @@ driver = sqlite
 connect = $db_path
 default_pass_scheme = SHA512-CRYPT
 password_query = SELECT email as user, password FROM users WHERE email='%u';
-user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home FROM users WHERE email='%u';
+user_query = SELECT email AS user, "mail" as uid, "mail" as gid, "$STORAGE_ROOT/mail/mailboxes/%d/%n" as home, '*:bytes=' || quota AS quota_rule FROM users WHERE email='%u';
 iterate_query = SELECT email AS user FROM users;
 EOF
 chmod 0600 /etc/dovecot/dovecot-sql.conf.ext # per Dovecot instructions
@@ -159,4 +159,5 @@ EOF
 restart_service postfix
 restart_service dovecot
 
-
+# force a recalculation of all user quotas
+doveadm quota recalc -A
diff --git a/setup/webmail.sh b/setup/webmail.sh
index a203cb8c..64a27fd2 100644
--- a/setup/webmail.sh
+++ b/setup/webmail.sh
@@ -145,6 +145,7 @@ cat > $RCM_CONFIG <<EOF;
 \$config['session_path'] = '/mail/';
 /* prevent CSRF, requires php 7.3+ */
 \$config['session_samesite'] = 'Strict';
+\$config['quota_zero_as_unlimited'] = true;
 ?>
 EOF
 

From d8ab444d5924798b9b09f2ebcd541ac8c8db526a Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 14:27:11 -0400
Subject: [PATCH 39/55] fixing subprocess import

---
 management/mailconfig.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index 6d53885b..ae366310 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -10,6 +10,8 @@
 # address entered by the user.
 
 import os, sqlite3, re
+import subprocess
+
 import utils
 from email_validator import validate_email as validate_email_, EmailNotValidError
 import idna

From b4170e4095eaec7bf34740dc6e900f64b217bd1f Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 21:01:09 -0400
Subject: [PATCH 40/55] fixing imap sed script

---
 setup/mail-dovecot.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 1a9fb1fc..baab4b76 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -67,9 +67,9 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
 cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
-sed -i "s/#mail_plugins = .*/mail_plugins = \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
-if ! grep -q "mail_plugins = \$mail_plugins imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
-    sed -i "s/mail_plugins = .*/mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf
+sed -i "s/#mail_plugins =(.*)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
+if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
+    sed -i "s/mail_plugins =\(.*\)/mail_plugins =\1 imap_quota/" /etc/dovecot/conf.d/20-imap.conf
 fi
 
 # configure stuff for quota support

From 425903312109a92c21104b76baf170f7a631be1d Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 21:15:05 -0400
Subject: [PATCH 41/55] fixing parens

---
 setup/mail-dovecot.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index baab4b76..0cfeafc4 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -67,7 +67,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
 cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
-sed -i "s/#mail_plugins =(.*)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
+sed -i "s/#mail_plugins =\(.*\)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
 if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
     sed -i "s/mail_plugins =\(.*\)/mail_plugins =\1 imap_quota/" /etc/dovecot/conf.d/20-imap.conf
 fi

From 55bb35e3ef1cfbce561cf1f19276d48cbba854f2 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Sat, 4 May 2024 22:22:47 -0400
Subject: [PATCH 42/55] fixing imap sed script

---
 setup/mail-dovecot.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 0cfeafc4..99989d32 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -69,7 +69,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
 sed -i "s/#mail_plugins =\(.*\)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
 if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
-    sed -i "s/mail_plugins =\(.*\)/mail_plugins =\1 imap_quota/" /etc/dovecot/conf.d/20-imap.conf
+  sed -i "s/\(mail_plugins =.*\)/\1\n  mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf
 fi
 
 # configure stuff for quota support

From 67c502e97bb568702835d72d27d9ec8d52e0f311 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Mon, 8 Jul 2024 20:14:27 -0400
Subject: [PATCH 43/55] removing duplicate conf

---
 conf/dovecot/conf.d/15-mailboxes.conf | 63 ---------------------------
 setup/mail-dovecot.sh                 |  2 +-
 2 files changed, 1 insertion(+), 64 deletions(-)
 delete mode 100644 conf/dovecot/conf.d/15-mailboxes.conf

diff --git a/conf/dovecot/conf.d/15-mailboxes.conf b/conf/dovecot/conf.d/15-mailboxes.conf
deleted file mode 100644
index 58e2efed..00000000
--- a/conf/dovecot/conf.d/15-mailboxes.conf
+++ /dev/null
@@ -1,63 +0,0 @@
-## NOTE: This file is automatically generated by Mail-in-a-Box.
-##       Do not edit this file. It is continually updated by
-##       Mail-in-a-Box and your changes will be lost.
-##
-##       Mail-in-a-Box machines are not meant to be modified.
-##       If you modify any system configuration you are on
-##       your own --- please do not ask for help from us.
-
-namespace inbox {
-  # Automatically create & subscribe some folders.
-  # * Create and subscribe the INBOX folder.
-  # * Our sieve rule for spam expects that the Spam folder exists.
-  # * Z-Push must be configured with the same settings in conf/zpush/backend_imap.php (#580).
-
-  # MUA notes:
-  # * Roundcube will show an error if the user tries to delete a message before the Trash folder exists (#359).
-  # * K-9 mail will poll every 90 seconds if a Drafts folder does not exist.
-  # * Apple's OS X Mail app will create 'Sent Messages' if it doesn't see a folder with the \Sent flag (#571, #573) and won't be able to archive messages unless 'Archive' exists (#581).
-  # * Thunderbird's default in its UI is 'Archives' (plural) but it will configure new accounts to use whatever we say here (#581).
-
-  # auto:
-  # 'create' will automatically create this mailbox.
-  # 'subscribe' will both create and subscribe to the mailbox.
-
-  # special_use is a space separated list of IMAP SPECIAL-USE
-  # attributes as specified by RFC 6154:
-  # \All \Archive \Drafts \Flagged \Junk \Sent \Trash
-
-  mailbox INBOX {
-    auto = subscribe
-  }
-  mailbox Spam {
-    special_use = \Junk
-    auto = subscribe
-  }
-  mailbox Drafts {
-    special_use = \Drafts
-    auto = subscribe
-  }
-  mailbox Sent {
-    special_use = \Sent
-    auto = subscribe
-  }
-  mailbox Trash {
-    special_use = \Trash
-    auto = subscribe
-  }
-  mailbox Archive {
-    special_use = \Archive
-    auto = subscribe
-  }
-
-  # dovevot's standard mailboxes configuration file marks two sent folders
-  # with the \Sent attribute, just in case clients don't agree about which
-  # they're using. We'll keep that, plus add Junk as an alterative for Spam.
-  # These are not auto-created.
-  mailbox "Sent Messages" {
-    special_use = \Sent
-  }
-  mailbox Junk {
-    special_use = \Junk
-  }
-}
diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 99989d32..5e8eb93d 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -66,7 +66,7 @@ tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
 	first_valid_uid=0
 
 # Create, subscribe, and mark as special folders: INBOX, Drafts, Sent, Trash, Spam and Archive.
-cp conf/dovecot/conf.d/15-mailboxes.conf /etc/dovecot/conf.d/
+cp conf/dovecot-mailboxes.conf /etc/dovecot/conf.d/15-mailboxes.conf
 sed -i "s/#mail_plugins =\(.*\)/mail_plugins =\1 \$mail_plugins quota/" /etc/dovecot/conf.d/10-mail.conf
 if ! grep -q "mail_plugins.* imap_quota" /etc/dovecot/conf.d/20-imap.conf; then
   sed -i "s/\(mail_plugins =.*\)/\1\n  mail_plugins = \$mail_plugins imap_quota/" /etc/dovecot/conf.d/20-imap.conf

From 27c510319ff8d30bc652d2d126f1a57aeb7ed3f4 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Mon, 8 Jul 2024 20:25:46 -0400
Subject: [PATCH 44/55] using migrations for alter table command

---
 setup/migrate.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/setup/migrate.py b/setup/migrate.py
index 94bea923..3d76aabc 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -190,6 +190,13 @@ def migration_14(env):
 	db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
 	shell("check_call", ["sqlite3", db, "CREATE TABLE auto_aliases (id INTEGER PRIMARY KEY AUTOINCREMENT, source TEXT NOT NULL UNIQUE, destination TEXT NOT NULL, permitted_senders TEXT);"])
 
+def migration_15(env):
+	# Add a column to the users table to store their quota limit.  Default to '0' for unlimited.
+	db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
+	shell("check_call", ["sqlite3", db,
+						 "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';"])
+
+
 ###########################################################
 
 def get_current_migration():

From 8bb68d60a585457851c89f32f98a3cce7d867e61 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Mon, 8 Jul 2024 20:37:42 -0400
Subject: [PATCH 45/55] fixing cli commands

---
 management/cli.py | 11 +++++------
 setup/migrate.py  |  1 -
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index 1c3fa4bd..4f7a273c 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -9,13 +9,13 @@
 import sys, getpass, urllib.request, urllib.error, json, csv
 import contextlib
 
-def mgmt(cmd, data=None, is_json=False):
+def mgmt(cmd, data=None, is_json=False, method='GET'):
 	# The base URL for the management daemon. (Listens on IPv4 only.)
 	mgmt_uri = 'http://127.0.0.1:10222'
 
 	setup_key_auth(mgmt_uri)
 
-	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None)
+	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None, method=method)
 	try:
 		response = urllib.request.urlopen(req)
 	except urllib.error.HTTPError as e:
@@ -66,7 +66,7 @@ if len(sys.argv) < 2:
   {cli} user password user@domain.com [password]
   {cli} user remove user@domain.com
   {cli} user make-admin user@domain.com
-  {cli} user quota user@domain [new-quota]
+  {cli} user quota user@domain [new-quota]       (get or set user quota)
   {cli} user remove-admin user@domain.com
   {cli} user admins                              (lists admins)
   {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -124,12 +124,12 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 				print(user['email'])
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
-	# Set a user's quota
+	# Get a user's quota
 	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
 	# Set a user's quota
-	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] })
+	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] }, method='POST')
 
 elif sys.argv[1] == "user" and len(sys.argv) == 5 and sys.argv[2:4] == ["mfa", "show"]:
 	# Show MFA status for a user.
@@ -161,4 +161,3 @@ elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
-
diff --git a/setup/migrate.py b/setup/migrate.py
index 3d76aabc..fc0649dc 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -276,4 +276,3 @@ if __name__ == "__main__":
 	elif sys.argv[-1] == "--migrate":
 		# Perform migrations.
 		run_migrations()
-

From 654f5614af2740353ca667ab9e5960065295f4b3 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Fri, 12 Jul 2024 13:54:49 -0400
Subject: [PATCH 46/55] removing the ability to configure the default quota --
 default quota is always unlimited.

---
 management/cli.py               |  7 -------
 management/daemon.py            | 27 ++-------------------------
 management/mailconfig.py        |  6 +-----
 management/templates/users.html | 11 +----------
 setup/migrate.py                |  3 +--
 5 files changed, 5 insertions(+), 49 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index 4f7a273c..b45e912f 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -60,7 +60,6 @@ def setup_key_auth(mgmt_uri):
 
 if len(sys.argv) < 2:
 	print("""Usage:
-  {cli} system default-quota [new default]       (set default quota for system)
   {cli} user                                     (lists users)
   {cli} user add user@domain.com [password]
   {cli} user password user@domain.com [password]
@@ -152,12 +151,6 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "add" and len(sys.argv) == 5:
 elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 	print(mgmt("/mail/aliases/remove", { "address": sys.argv[3] }))
 
-elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 3:
-	print(mgmt("/system/default-quota?text=1"))
-
-elif sys.argv[1] == "system" and sys.argv[2] == "default-quota" and len(sys.argv) == 4:
-	print(mgmt("/system/default-quota", { "default_quota": sys.argv[3]}))
-
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
diff --git a/management/daemon.py b/management/daemon.py
index e850e6c6..2ad8c480 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -21,7 +21,7 @@ import auth, utils
 from mailconfig import get_mail_users, get_mail_users_ex, get_admins, add_mail_user, set_mail_password, remove_mail_user
 from mailconfig import get_mail_user_privileges, add_remove_mail_user_privilege
 from mailconfig import get_mail_aliases, get_mail_aliases_ex, get_mail_domains, add_mail_alias, remove_mail_alias
-from mailconfig import get_mail_quota, set_mail_quota, get_default_quota, validate_quota
+from mailconfig import get_mail_quota, set_mail_quota
 from mfa import get_public_mfa_state, provision_totp, validate_totp_secret, enable_mfa, disable_mfa
 import contextlib
 
@@ -192,7 +192,7 @@ def mail_users():
 @app.route('/mail/users/add', methods=['POST'])
 @authorized_personnel_only
 def mail_users_add():
-	quota = request.form.get('quota', get_default_quota(env))
+	quota = request.form.get('quota', '0')
 	try:
 		return add_mail_user(request.form.get('email', ''), request.form.get('password', ''), request.form.get('privileges', ''), quota, env)
 	except ValueError as e:
@@ -675,29 +675,6 @@ def privacy_status_set():
 	utils.write_settings(config, env)
 	return "OK"
 
-@app.route('/system/default-quota', methods=["GET"])
-@authorized_personnel_only
-def default_quota_get():
-	if request.values.get('text'):
-		return get_default_quota(env)
-	else:
-		return json_response({
-			"default-quota": get_default_quota(env),
-		})
-
-@app.route('/system/default-quota', methods=["POST"])
-@authorized_personnel_only
-def default_quota_set():
-	config = utils.load_settings(env)
-	try:
-		config["default-quota"] = validate_quota(request.values.get('default_quota'))
-		utils.write_settings(config, env)
-
-	except ValueError as e:
-		return ("ERROR: %s" % str(e), 400)
-
-	return "OK"
-
 # MUNIN
 
 @app.route('/munin/')
diff --git a/management/mailconfig.py b/management/mailconfig.py
index ae366310..2f44bf25 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -344,7 +344,7 @@ def add_mail_user(email, pw, privs, quota, env):
 			if validation: return validation
 
 	if quota is None:
-		quota = get_default_quota()
+		quota = '0'
 
 	try:
 		quota = validate_quota(quota)
@@ -429,10 +429,6 @@ def dovecot_quota_recalc(email):
 	# force dovecot to recalculate the quota info for the user.
 	subprocess.call(["doveadm", "quota", "recalc", "-u", email])
 
-def get_default_quota(env):
-	config = utils.load_settings(env)
-	return config.get("default-quota", '0')
-
 def validate_quota(quota):
 	# validate quota
 	quota = quota.strip().upper()
diff --git a/management/templates/users.html b/management/templates/users.html
index da04fcc9..e46b8391 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -30,7 +30,7 @@
   </div>
   <div class="form-group">
       <label class="sr-only" for="adduserQuota">Quota</label>
-      <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;">
+      <input type="text" class="form-control" id="adduserQuota" placeholder="Quota" style="width:5em;" value="0">
   </div>
   <button type="submit" class="btn btn-primary">Add User</button>
 </form>
@@ -165,15 +165,6 @@ curl -X POST -d "email=new_user@mydomail.com" https://{{hostname}}/admin/mail/us
 
 <script>
 function show_users() {
-  api(
-    "/system/default-quota",
-    "GET",
-    {},
-    function(r) {
-      $('#adduserQuota').val(r['default-quota']);
-    }
-  );
-
   $('#user_table tbody').html("<tr><td colspan='2' class='text-muted'>Loading...</td></tr>")
   api(
     "/mail/users",
diff --git a/setup/migrate.py b/setup/migrate.py
index fc0649dc..375e7e8f 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -193,8 +193,7 @@ def migration_14(env):
 def migration_15(env):
 	# Add a column to the users table to store their quota limit.  Default to '0' for unlimited.
 	db = os.path.join(env["STORAGE_ROOT"], 'mail/users.sqlite')
-	shell("check_call", ["sqlite3", db,
-						 "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';"])
+	shell("check_call", ["sqlite3", db, "ALTER TABLE users ADD COLUMN quota TEXT NOT NULL DEFAULT '0';"])
 
 
 ###########################################################

From bd5ba78a99f10c4d9210795a7fd5d69a1d7c6eff Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Fri, 12 Jul 2024 14:01:12 -0400
Subject: [PATCH 47/55] removing box count / message count feature

---
 management/mailconfig.py        | 5 -----
 management/templates/users.html | 5 -----
 2 files changed, 10 deletions(-)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index 2f44bf25..68adfba0 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -145,7 +145,6 @@ def get_mail_users_ex(env, with_archived=False):
 
 		(user, domain) = email.split('@')
 		box_size = 0
-		box_count = 0
 		box_quota = 0
 		percent = ''
 		try:
@@ -155,7 +154,6 @@ def get_mail_users_ex(env, with_archived=False):
 				for line in f.readlines():
 					(size, count) = line.split(' ')
 					box_size += int(size)
-					box_count += int(count)
 
 			try:
 				percent = (box_size / box_quota) * 100
@@ -164,7 +162,6 @@ def get_mail_users_ex(env, with_archived=False):
 
 		except:
 			box_size = '?'
-			box_count = '?'
 			box_quota = '?'
 			percent = '?'
 
@@ -178,7 +175,6 @@ def get_mail_users_ex(env, with_archived=False):
 			"box_quota": box_quota,
 			"box_size": sizeof_fmt(box_size) if box_size != '?' else box_size,
 			"percent": '%3.0f%%' % percent if type(percent) != str else percent,
-			"box_count": box_count,
 			"status": "active",
 		}
 		users.append(user)
@@ -197,7 +193,6 @@ def get_mail_users_ex(env, with_archived=False):
 						"privileges": [],
 						"status": "inactive",
 						"mailbox": mbox,
-                        "box_count": '?',
                         "box_size": '?',
                         "box_quota": '?',
                         "percent": '?',
diff --git a/management/templates/users.html b/management/templates/users.html
index e46b8391..e45fac05 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -63,7 +63,6 @@
   <tr id="user-template">
     <td class='address'>
     </td>
-    <td class="box-count row-center"></td>
     <td class="box-size row-center"></td>
     <td class="percent row-center"></td>
 	<td class="quota row-center">
@@ -193,10 +192,6 @@ function show_users() {
           n.attr('data-email', user.email);
           n.attr('data-quota', user.quota);
           n.find('.address').text(user.email);
-          n.find('.box-count').text((user.box_count).toLocaleString('en'));
-          if (user.box_count == '?') {
-            n.find('.box-count').attr('title', 'Message count is unkown')
-          }
           n.find('.box-size').text(user.box_size);
           if (user.box_size == '?') {
             n.find('.box-size').attr('title', 'Mailbox size is unkown')

From 08e69ca4598dfb14239fc4166372b9f70e6e657d Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Fri, 12 Jul 2024 15:28:47 -0400
Subject: [PATCH 48/55] fixed missing column heading

---
 management/templates/users.html | 1 -
 1 file changed, 1 deletion(-)

diff --git a/management/templates/users.html b/management/templates/users.html
index e45fac05..0b9aea99 100644
--- a/management/templates/users.html
+++ b/management/templates/users.html
@@ -47,7 +47,6 @@
   <thead>
     <tr>
       <th width="35%">Email Address</th>
-      <th class="row-center">Messages</th>
       <th class="row-center">Size</th>
       <th class="row-center">Used</th>
       <th class="row-center">Quota</th>

From c9d37be530b890d331896b5eb51f6299cbaee020 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Tue, 1 Oct 2024 19:17:27 -0400
Subject: [PATCH 49/55] Revert "fixing cli commands"

This reverts commit a4a08980f84360abcd009de9dc7ef8c6fcb529c4.
---
 management/cli.py | 11 ++++++-----
 setup/migrate.py  |  1 +
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index b45e912f..10e8439d 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -9,13 +9,13 @@
 import sys, getpass, urllib.request, urllib.error, json, csv
 import contextlib
 
-def mgmt(cmd, data=None, is_json=False, method='GET'):
+def mgmt(cmd, data=None, is_json=False):
 	# The base URL for the management daemon. (Listens on IPv4 only.)
 	mgmt_uri = 'http://127.0.0.1:10222'
 
 	setup_key_auth(mgmt_uri)
 
-	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None, method=method)
+	req = urllib.request.Request(mgmt_uri + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None)
 	try:
 		response = urllib.request.urlopen(req)
 	except urllib.error.HTTPError as e:
@@ -65,7 +65,7 @@ if len(sys.argv) < 2:
   {cli} user password user@domain.com [password]
   {cli} user remove user@domain.com
   {cli} user make-admin user@domain.com
-  {cli} user quota user@domain [new-quota]       (get or set user quota)
+  {cli} user quota user@domain [new-quota]
   {cli} user remove-admin user@domain.com
   {cli} user admins                              (lists admins)
   {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -123,12 +123,12 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 				print(user['email'])
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
-	# Get a user's quota
+	# Set a user's quota
 	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
 	# Set a user's quota
-	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] }, method='POST')
+	users = mgmt("/mail/users/quota", { "email": sys.argv[3], "quota": sys.argv[4] })
 
 elif sys.argv[1] == "user" and len(sys.argv) == 5 and sys.argv[2:4] == ["mfa", "show"]:
 	# Show MFA status for a user.
@@ -154,3 +154,4 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
+
diff --git a/setup/migrate.py b/setup/migrate.py
index 375e7e8f..4c161e45 100755
--- a/setup/migrate.py
+++ b/setup/migrate.py
@@ -275,3 +275,4 @@ if __name__ == "__main__":
 	elif sys.argv[-1] == "--migrate":
 		# Perform migrations.
 		run_migrations()
+

From 450c1924d81871bf1d6c1090ee3f1bc2c19edce8 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Tue, 1 Oct 2024 19:20:19 -0400
Subject: [PATCH 50/55] cli script fixes were broken

---
 management/cli.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index 10e8439d..f01c8062 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -65,7 +65,7 @@ if len(sys.argv) < 2:
   {cli} user password user@domain.com [password]
   {cli} user remove user@domain.com
   {cli} user make-admin user@domain.com
-  {cli} user quota user@domain [new-quota]
+  {cli} user quota user@domain [new-quota]       (get or set user quota)
   {cli} user remove-admin user@domain.com
   {cli} user admins                              (lists admins)
   {cli} user mfa show user@domain.com            (shows MFA devices for user, if any)
@@ -123,7 +123,7 @@ elif sys.argv[1] == "user" and sys.argv[2] == "admins":
 				print(user['email'])
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 4:
-	# Set a user's quota
+	# Get a user's quota
 	print(mgmt("/mail/users/quota?text=1&email=%s" % sys.argv[3]))
 
 elif sys.argv[1] == "user" and sys.argv[2] == "quota" and len(sys.argv) == 5:
@@ -154,4 +154,3 @@ elif sys.argv[1] == "alias" and sys.argv[2] == "remove" and len(sys.argv) == 4:
 else:
 	print("Invalid command-line arguments.")
 	sys.exit(1)
-

From ac383ced4dee3eb6cdb6f56df53bf905c7c746df Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Wed, 2 Oct 2024 12:25:28 -0400
Subject: [PATCH 51/55] cli.py user now prints '0' rather than 'unlimited' for
 quota

---
 management/cli.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index f01c8062..457901de 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -89,9 +89,7 @@ elif sys.argv[1] == "user" and len(sys.argv) == 2:
 			print(user['email'], end='')
 			if "admin" in user['privileges']:
 				print("*", end='')
-			if user['quota'] == '0':
-				print(" unlimited", end='')
-			else:
+			if 'quota' in user:
 				print(" " + user['quota'], end='')
 			print()
 

From 7f9a348d64ef73a0596a1ebc6216064785f3fe68 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Wed, 2 Oct 2024 12:26:22 -0400
Subject: [PATCH 52/55] removing 'quota' from user output

---
 management/cli.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/management/cli.py b/management/cli.py
index 457901de..d902b893 100755
--- a/management/cli.py
+++ b/management/cli.py
@@ -89,8 +89,6 @@ elif sys.argv[1] == "user" and len(sys.argv) == 2:
 			print(user['email'], end='')
 			if "admin" in user['privileges']:
 				print("*", end='')
-			if 'quota' in user:
-				print(" " + user['quota'], end='')
 			print()
 
 elif sys.argv[1] == "user" and sys.argv[2] in {"add", "password"}:

From 626bced707e109bb1fe574fe188079765485fb36 Mon Sep 17 00:00:00 2001
From: Chad Furman <chad@chadfurman.com>
Date: Wed, 2 Oct 2024 12:27:00 -0400
Subject: [PATCH 53/55] % is a special character

---
 setup/mail-dovecot.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh
index 5e8eb93d..06504862 100755
--- a/setup/mail-dovecot.sh
+++ b/setup/mail-dovecot.sh
@@ -78,7 +78,7 @@ if ! grep -q "quota_status_success = DUNNO" /etc/dovecot/conf.d/90-quota.conf; t
 plugin {
   quota = maildir
 
-  quota_grace = 10%
+  quota_grace = 10%%
 
   quota_status_success = DUNNO
   quota_status_nouser = DUNNO

From 43705acd089cecffbdf654280e314f53a1ecc34e Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Sun, 16 Feb 2025 20:00:40 -0500
Subject: [PATCH 54/55] Remove duplicate functions

---
 management/mailconfig.py | 36 ------------------------------------
 1 file changed, 36 deletions(-)

diff --git a/management/mailconfig.py b/management/mailconfig.py
index 1dbc4ae6..1722c76b 100755
--- a/management/mailconfig.py
+++ b/management/mailconfig.py
@@ -950,41 +950,6 @@ def validate_login(email, pw, env):
 	except ldap3.core.exceptions.LDAPInvalidCredentialsResult:
 		return False
 
-
-
-def get_mail_quota(email, env):
-	user = find_mail_user(env, email, ['mailboxQuota'])
-	if user is None:
-		return ("That's not a user (%s)." % email, 400)
-	if len(user['mailboxQuota'])==0:
-		return '0'
-	else:
-		return user['mailboxQuota'][0]
-
-def set_mail_quota(email, quota, env):
-	# validate that password is acceptable
-	quota = validate_quota(quota)
-
-	# update the database
-	conn = open_database(env)
-	user = find_mail_user(env, email, ['mailboxQuota'], conn)
-	if user is None:
-		return ("That's not a user (%s)." % email, 400)
-
-	conn.modify_record(user, { 'mailboxQuota': quota })
-	dovecot_quota_recalc(email)
-	return "OK"
-
-def dovecot_quota_recalc(email):
-	# dovecot processes running for the user will not recognize the new quota setting
-	# a reload is necessary to reread the quota setting, but it will also shut down
-	# running dovecot processes.  Email clients generally log back in when they lose
-	# a connection.
-	# subprocess.call(['doveadm', 'reload'])
-
-	# force dovecot to recalculate the quota info for the user.
-	subprocess.call(["doveadm", "quota", "recalc", "-u", email])
-
 def validate_quota(quota):
 	# validate quota
 	quota = quota.strip().upper()
@@ -998,7 +963,6 @@ def validate_quota(quota):
 
 	return quota
 
-
 def get_mail_quota(email, env):
 	user = find_mail_user(env, email, ['mailboxQuota'])
 	if user is None:

From 69acb6de77fb7a82738b37e919bacac0df069f0a Mon Sep 17 00:00:00 2001
From: downtownallday <downtownallday@gmail.com>
Date: Sun, 16 Feb 2025 20:28:14 -0500
Subject: [PATCH 55/55] Change upstream tag to main

---
 .github/workflows/commit-tests.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/commit-tests.yml b/.github/workflows/commit-tests.yml
index 98649937..a5f6df62 100644
--- a/.github/workflows/commit-tests.yml
+++ b/.github/workflows/commit-tests.yml
@@ -33,8 +33,7 @@ jobs:
     runs-on: ubuntu-22.04
     env:
       PRIMARY_HOSTNAME: box2.abc.com
-      # TODO: change UPSTREAM_TAG to 'main' once upstream is installable
-      UPSTREAM_TAG: v67
+      UPSTREAM_TAG: main
     steps:
       - uses: actions/checkout@v4
       - name: setup