Problems with IMAP/POP and dovecot director on backend (director_proxy_maybe)
dominik
dominik at zwackl.de
Mon Jul 20 15:06:44 UTC 2015
Hello dovecot community,
first of all: dovecot ist great! ;) ...nevertheless I´ve got some
problems to get my director scenario running as needed/expected :(
My scenario:
I´d like to configure two dovecot backends, without the need for
multiple dovecot instances. Both backend servers are active/active and
act on top of a glusterfs storage, which implies the need for dovecot
director. As described in release notes (v2.2.17) this should be
possible by setting the extra field "director_proxy_maybe=yes".:
"+ director: Implemented director_proxy_maybe passdb extra field to
be able to run director and backend in the same Dovecot instance.
(LMTP doesn't support mixed proxy/non-proxy destinations currently.)"
My setup:
* 1 LMTP client (SLES11p3 with postfix)
* 1 IMAP/POP3 client (Debian8 with thunderbird 31.6.0): 10.0.0.26. The
client connects through a dovecot mailproxy or direct.
* 1 dovecot mailproxy: 10.0.1.151
* 2 mailbox backends running dovecot v2.2.18 on SLES11p3 with
mail_location pointing to a glusterfs-mountpoint (GlusterFS: v3.6.3)
* mailbox01.example.de: 10.0.2.21
* mailbox02.example.de: 10.0.2.22
* mailbox-gluster.example.de points as an A-RR to 10.0.2.21 and
10.0.2.22.
My problem: With LMTP everything works fine (thanks for this!). The
director sets the "host" field correctly and all delivery attempts work
fine to the estimated backend servers. But when I try to connect via
IMAP-/POP3-client (through proxy or direct) it fails with following log
messages. It seems, that the director doesn´t set the host field within
IMAP/POP sessions before proxying!?
auth: Debug: auth client connected (pid=46359)
imap-login: ID sent: x-session-id=V3iJmU4biAAK/BAa,
x-originating-ip=10.0.0.26, x-originating-port=54408,
x-connected-ip=10.0.1.151, x-connected-port=143, x-proxy-ttl=4: user=<>,
rip=10.0.1.151, lip=10.0.2.21, session=<RVnAm04bzwAK/FCX>
auth: Debug: client in: AUTH 1 PLAIN service=imap
session=RVnAm04bzwAK/FCX lip=10.0.2.21 rip=10.0.1.151
lport=143 rport=54735 resp=<hidden>
auth: Debug: ldap(tester at example.de,10.0.1.151,<RVnAm04bzwAK/FCX>): bind
search: base=o=example,c=de
filter=(&(|(uid=tester at example.de)(mail=tester at example.de))(!(<cut-cut-cut>))
[...]
auth: Debug: client passdb out: OK 1 user=tester at example.de
director_proxy_maybe=yes lip=10.0.2.21 lport=143
proxy pass=<hidden>
imap-login: Debug: Ignoring unknown passdb extra field:
director_proxy_maybe
imap-login: Debug: Ignoring unknown passdb extra field: lip
imap-login: Debug: Ignoring unknown passdb extra field: lport
imap-login: Error: proxy: host not given: user=<tester at example.de>,
method=PLAIN, rip=10.0.2.151, lip=10.0.2.21, session=<RVnAm04bzwAK/FCX>
imap-login: Disconnected (internal failure, 1 successful auths):
user=<tester at example.de>, method=PLAIN, rip=10.0.2.151, lip=10.0.2.21,
session=<RVnAm04bzwAK/FCX>
Finally the output of "doveadm proxy list" is empty!
"doveadm director map" output after a successfull LMTP delivery attempt
(before: doveadm director flush all):
user hash mail server ip expire
time
tester at example.de 856838019 10.0.2.21 2015-07-20
15:49:18
"doveadm director map" output after a failed IMAP session attempt
(before: doveadm director flush all):
user hash mail server ip expire
time
tester at example.de 856838019 10.0.2.21 2015-07-20
15:50:02
So, director seems to work in this constellation, but only for LMTP and
not for IMAP/POP Proxy :(
Has anybody configured this before?
Thanks in advance and a lot of greetings from Germany,
Dominik
############
My config (mailbox01.example.de. mailbox02.example.de is identical,
except the hostname):
# doveconf -n
# 2.2.18: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8 (0c4ae064f307+)
# OS: Linux 3.0.101-0.46-default x86_64 SUSE Linux Enterprise Server 11
(x86_64)
auth_cache_negative_ttl = 0
auth_cache_ttl = 5 mins
auth_debug = yes
auth_master_user_separator = "#"
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = sha1
director_consistent_hashing = yes
director_mail_servers = mailbox-gluster.example.de
director_servers = 10.0.2.21:9090 10.0.2.22:9090
disable_plaintext_auth = no
imap_metadata = yes
listen = mailbox01.example.de
lmtp_proxy = yes
lmtp_save_to_detail_mailbox = yes
lock_method = dotlock
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
session=<%{session}> %k
login_trusted_networks = 10.0.2.0/24
mail_access_groups = dovecot
mail_attribute_dict = file:Maildir/dovecot-metadata
mail_debug = yes
mail_fsync = always
mail_location = maildir:~/Maildir/
mail_plugins = quota acl
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate
mmap_disable = yes
namespace {
inbox = yes
location =
mailbox Archiv {
special_use = \Archive
}
mailbox Entwürfe {
special_use = \Drafts
}
mailbox "Gelöschte Objekte" {
special_use = \Trash
}
mailbox "Gesendete Objekte" {
special_use = \Sent
}
mailbox Sent {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
mailbox unerwünscht {
special_use = \Junk
}
prefix = INBOX/
separator = /
}
namespace {
disabled = yes
list = children
location = maildir:%%h/:INDEXPVT=~/dovecot.index.shared/%%u/
prefix = SHARED/%%u/
separator = /
type = shared
}
passdb {
args = /***********/passwd.masterusers
driver = passwd-file
master = yes
}
passdb {
args = /etc/dovecot/ldap.conf
driver = ldap
}
plugin {
acl = vfile
acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
}
postmaster_address = postmaster@%d
protocols = " imap lmtp pop3"
service auth-worker {
user = $default_internal_user
}
service auth {
unix_listener /var/spool/postfix/private/saslauth_via_dovecot {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
mode = 0666
user = dovecot
}
}
service director {
fifo_listener login/proxy-notify {
mode = 0600
user = $default_login_user
}
inet_listener {
port = 9090
}
unix_listener director-userdb {
mode = 0666
}
unix_listener login/director {
mode = 0666
}
}
service doveadm {
inet_listener {
port = 24245
}
}
service imap-login {
executable = imap-login director
inet_listener imaps {
port = 0
}
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service lmtp {
inet_listener lmtp {
port = 24
}
}
service managesieve-login {
inet_listener sieve {
address = mailbox01.example.de
}
}
service pop3-login {
executable = pop3-login director
}
ssl = no
ssl_cipher_list =
kEECDH+aRSA+AES256:kEDH+aRSA+AES256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA
ssl_dh_parameters_length = 4096
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3 !TLSv1.1
userdb {
args = /etc/dovecot/ldap.conf
driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
auth_socket_path = director-userdb
mail_plugins = quota notify mail_log
}
protocol imap {
imap_id_log = *
mail_plugins = quota fts fts_squat imap_quota mail_log notify acl
imap_acl
}
protocol pop3 {
mail_plugins = quota acl
pop3_uidl_format = %fan
}
################
My /etc/dovecot/ldap.conf:
uris = ldap://ldap.example.de
pass_filter = (&(|(uid=%u)(mail=%u))(!(<cut-cut-cut>)))
pass_attrs = =proxy_maybe=yes, \
=director_proxy_maybe=yes
user_filter =
(&(|(uid=%u)(mail=%u)(mailAlternateAddress=%u))(!(<cut-cut-cut>)))
user_attrs = =master_user=%u, \
=uid=%{ldap:qmailUID:12345}, \
=gid=%{ldap:qmailGID:12345}, \
=home=/mnt/testvol2/%{ldap:mailMessageStore}/%1{ldap:mail}/%{ldap:mail}/,
\
=quota_rule=*:bytes=%{ldap:mailQuotaSize:128M}
iterate_attrs = mail=user
iterate_filter = (objectClass=qmailuser)
More information about the dovecot
mailing list