To prevent server storage DoS, there should be per-user limits to the disk space allocated to individual users. While having such a limit might not be practical, it would already be great to have a per-user limit on the number of offline messages and MAM messages. I'm not sure which behaviour should ensue when the storage is full (sending an error sounds reasonable for mod_offline, but mod_mam should maybe just kill the oldest messages).

I'd like to see this addition as well. I've witnessed a DoS where one user received over 17GB in offline messages.

• tags Status-Accepted

Decided to go with a limit on the number of items in the store, as this is the easiest to implement across storage backends. It doesn't have to be 100% accurate.

• title Disk space limits for mod_offline and mod_mam Item count limits for archive stores

• owner MattJ
• tags Status-Started

• tags Milestone-0.11

This is almost complete, but has a couple of minor issues before we can merge it. It won't be ready for 0.11.

• tags Milestone-0.11 Milestone-0.11

• tags Milestone-0.11 Milestone-0.12

• tags Priority-High

Done in https://hg.prosody.im/trunk/rev/f76bd399267c and following commits

• tags Status-Fixed

great news. thanks!