Problems with IMAP/POP and dovecot director on backend (director_proxy_maybe)

dominik dominik at zwackl.de
Mon Jul 20 15:06:44 UTC 2015


Hello dovecot community,

first of all: dovecot ist great! ;) ...nevertheless I´ve got some 
problems to get my director scenario running as needed/expected :(

My scenario:
I´d like to configure two dovecot backends, without the need for 
multiple dovecot instances. Both backend servers are active/active and 
act on top of a glusterfs storage, which implies the need for dovecot 
director. As described in release notes (v2.2.17) this should be 
possible by setting the extra field "director_proxy_maybe=yes".:

"+ director: Implemented director_proxy_maybe passdb extra field to
   be able to run director and backend in the same Dovecot instance.
   (LMTP doesn't support mixed proxy/non-proxy destinations currently.)"

My setup:
* 1 LMTP client (SLES11p3 with postfix)
* 1 IMAP/POP3 client (Debian8 with thunderbird 31.6.0): 10.0.0.26. The 
client connects through a dovecot mailproxy or direct.
* 1 dovecot mailproxy: 10.0.1.151
* 2 mailbox backends running dovecot v2.2.18 on SLES11p3 with 
mail_location pointing to a glusterfs-mountpoint (GlusterFS: v3.6.3)
  * mailbox01.example.de: 10.0.2.21
  * mailbox02.example.de: 10.0.2.22
  * mailbox-gluster.example.de points as an A-RR to 10.0.2.21 and 
10.0.2.22.

My problem: With LMTP everything works fine (thanks for this!). The 
director sets the "host" field correctly and all delivery attempts work 
fine to the estimated backend servers. But when I try to connect via 
IMAP-/POP3-client (through proxy or direct) it fails with following log 
messages. It seems, that the director doesn´t set the host field within 
IMAP/POP sessions before proxying!?

auth: Debug: auth client connected (pid=46359)
imap-login: ID sent: x-session-id=V3iJmU4biAAK/BAa, 
x-originating-ip=10.0.0.26, x-originating-port=54408, 
x-connected-ip=10.0.1.151, x-connected-port=143, x-proxy-ttl=4: user=<>, 
rip=10.0.1.151, lip=10.0.2.21, session=<RVnAm04bzwAK/FCX>
auth: Debug: client in: AUTH        1       PLAIN   service=imap    
session=RVnAm04bzwAK/FCX        lip=10.0.2.21        rip=10.0.1.151      
  lport=143       rport=54735     resp=<hidden>
auth: Debug: ldap(tester at example.de,10.0.1.151,<RVnAm04bzwAK/FCX>): bind 
search: base=o=example,c=de 
filter=(&(|(uid=tester at example.de)(mail=tester at example.de))(!(<cut-cut-cut>))
[...]
auth: Debug: client passdb out: OK  1       user=tester at example.de     
director_proxy_maybe=yes        lip=10.0.2.21        lport=143       
proxy   pass=<hidden>
imap-login: Debug: Ignoring unknown passdb extra field: 
director_proxy_maybe
imap-login: Debug: Ignoring unknown passdb extra field: lip
imap-login: Debug: Ignoring unknown passdb extra field: lport
imap-login: Error: proxy: host not given: user=<tester at example.de>, 
method=PLAIN, rip=10.0.2.151, lip=10.0.2.21, session=<RVnAm04bzwAK/FCX>
imap-login: Disconnected (internal failure, 1 successful auths): 
user=<tester at example.de>, method=PLAIN, rip=10.0.2.151, lip=10.0.2.21, 
session=<RVnAm04bzwAK/FCX>

Finally the output of "doveadm proxy list" is empty!

"doveadm director map" output after a  successfull LMTP delivery attempt 
(before: doveadm director flush all):
user                                hash       mail server ip expire 
time
tester at example.de              856838019  10.0.2.21   2015-07-20 
15:49:18


"doveadm director map" output after a failed IMAP session attempt 
(before: doveadm director flush all):
user                                hash       mail server ip expire 
time
tester at example.de              856838019  10.0.2.21   2015-07-20 
15:50:02

So, director seems to work in this constellation, but only for LMTP and 
not for IMAP/POP Proxy :(

Has anybody configured this before?

Thanks in advance and a lot of greetings from Germany,
Dominik

############
My config (mailbox01.example.de. mailbox02.example.de is identical, 
except the hostname):
# doveconf -n
# 2.2.18: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8 (0c4ae064f307+)
# OS: Linux 3.0.101-0.46-default x86_64 SUSE Linux Enterprise Server 11 
(x86_64)
auth_cache_negative_ttl = 0
auth_cache_ttl = 5 mins
auth_debug = yes
auth_master_user_separator = "#"
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = sha1
director_consistent_hashing = yes
director_mail_servers = mailbox-gluster.example.de
director_servers = 10.0.2.21:9090 10.0.2.22:9090
disable_plaintext_auth = no
imap_metadata = yes
listen = mailbox01.example.de
lmtp_proxy = yes
lmtp_save_to_detail_mailbox = yes
lock_method = dotlock
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c 
session=<%{session}> %k
login_trusted_networks = 10.0.2.0/24
mail_access_groups = dovecot
mail_attribute_dict = file:Maildir/dovecot-metadata
mail_debug = yes
mail_fsync = always
mail_location = maildir:~/Maildir/
mail_plugins = quota acl
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate
mmap_disable = yes
namespace {
   inbox = yes
   location =
   mailbox Archiv {
     special_use = \Archive
   }
   mailbox Entwürfe {
     special_use = \Drafts
   }
   mailbox "Gelöschte Objekte" {
     special_use = \Trash
   }
   mailbox "Gesendete Objekte" {
     special_use = \Sent
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   mailbox unerwünscht {
     special_use = \Junk
   }
   prefix = INBOX/
   separator = /
}
namespace {
   disabled = yes
   list = children
   location = maildir:%%h/:INDEXPVT=~/dovecot.index.shared/%%u/
   prefix = SHARED/%%u/
   separator = /
   type = shared
}
passdb {
   args = /***********/passwd.masterusers
   driver = passwd-file
   master = yes
}
passdb {
   args = /etc/dovecot/ldap.conf
   driver = ldap
}
plugin {
   acl = vfile
   acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
}
postmaster_address = postmaster@%d
protocols = " imap lmtp pop3"
service auth-worker {
   user = $default_internal_user
}
service auth {
   unix_listener /var/spool/postfix/private/saslauth_via_dovecot {
     group = postfix
     mode = 0660
     user = postfix
   }
   unix_listener auth-userdb {
     mode = 0666
     user = dovecot
   }
}
service director {
   fifo_listener login/proxy-notify {
     mode = 0600
     user = $default_login_user
   }
   inet_listener {
     port = 9090
   }
   unix_listener director-userdb {
     mode = 0666
   }
   unix_listener login/director {
     mode = 0666
   }
}
service doveadm {
   inet_listener {
     port = 24245
   }
}
service imap-login {
   executable = imap-login director
   inet_listener imaps {
     port = 0
   }
}
service ipc {
   unix_listener ipc {
     user = dovecot
   }
}
service lmtp {
   inet_listener lmtp {
     port = 24
   }
}
service managesieve-login {
   inet_listener sieve {
     address = mailbox01.example.de
   }
}
service pop3-login {
   executable = pop3-login director
}
ssl = no
ssl_cipher_list = 
kEECDH+aRSA+AES256:kEDH+aRSA+AES256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA
ssl_dh_parameters_length = 4096
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3 !TLSv1.1
userdb {
   args = /etc/dovecot/ldap.conf
   driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
   auth_socket_path = director-userdb
   mail_plugins = quota notify mail_log
}
protocol imap {
   imap_id_log = *
   mail_plugins = quota fts fts_squat imap_quota mail_log notify acl 
imap_acl
}
protocol pop3 {
   mail_plugins = quota acl
   pop3_uidl_format = %fan
}

################
My /etc/dovecot/ldap.conf:
uris         = ldap://ldap.example.de

pass_filter = (&(|(uid=%u)(mail=%u))(!(<cut-cut-cut>)))
pass_attrs  = =proxy_maybe=yes, \
               =director_proxy_maybe=yes

user_filter = 
(&(|(uid=%u)(mail=%u)(mailAlternateAddress=%u))(!(<cut-cut-cut>)))
user_attrs  = =master_user=%u, \
               =uid=%{ldap:qmailUID:12345}, \
               =gid=%{ldap:qmailGID:12345}, \
               
=home=/mnt/testvol2/%{ldap:mailMessageStore}/%1{ldap:mail}/%{ldap:mail}/, 
\
               =quota_rule=*:bytes=%{ldap:mailQuotaSize:128M}

iterate_attrs = mail=user
iterate_filter = (objectClass=qmailuser)



More information about the dovecot mailing list