problem in setting up proxy

Ted ted at easydns.com
Wed Jan 23 16:33:08 EET 2019


Hello,

Absolutely, thanks, here it is:

# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-8-amd64 x86_64 Debian 9.6
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
login_greeting = Welcome to easyMail.
mail_debug = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_plugins = " mail_log notify"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = nopassword=y
  default_fields = proxy=y host=10.5.10.121
  driver = static
  name = static
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap pop3
service auth {
  unix_listener auth-master {
    mode = 0600
    user = vmail
  }
}
ssl = no
verbose_proctitle = yes
verbose_ssl = yes
protocol imap {
  mail_plugins = " mail_log notify"
}

Thank you
Ted
easyDNS Technologies
On 2019-01-23 2:39 a.m., Aki Tuomi wrote:
> Hi!
>
> First of all, can you provide output of 'doveconf -n'? It's much cleaner
> to read and shows what's really there?
>
> Aki
>
> On 22.1.2019 17.57, Ted wrote:
>> Hello,
>>
>> We're having difficulty with our updated cluster of dovecot servers
>> accessing the email storage on the NFS mounts.  It seems index files get
>> corrupted when 2 backend mailservers access the same account, and from
>> documentation setting up a director proxy in front of the backup
>> servers.  I'm trying to just set up a straight proxy first, which the
>> documents say is the first step, and although I can see the connections
>> coming into the server when I try to login via the proxy, the connection
>> times out and there are no logs from dovecot anywhere saying what
>> happened to the connection.
>>
>> The configs I have set up for this in dovecot are:
>>
>> dovecot.conf
>>
>> # Protocols we want to be serving.
>> protocols = imap pop3
>>
>> #when re-enabling quota enforcement add quota in below:
>> mail_plugins = $mail_plugins mail_log notify
>>
>> protocol imap {
>>   # Space separated list of plugins to load (default is global
>> mail_plugins).
>> #when re-enabling quota enforcement add imap_quota in below:
>>   mail_plugins = $mail_plugins
>> }
>>
>>
>> # A comma separated list of IPs or hosts where to listen in for
>> connections.
>> # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
>> # If you want to specify non-default ports or anything more complex,
>> # edit conf.d/master.conf.
>> #listen = *, ::
>>
>> # Base directory where to store runtime data.
>> #base_dir = /var/run/dovecot/
>>
>> # Name of this instance. In multi-instance setup doveadm and other commands
>> # can use -i <instance_name> to select which instance is used (an
>> alternative
>> # to -c <config_path>). The instance name is also added to Dovecot processes
>> # in ps output.
>> #instance_name = dovecot
>>
>> # Greeting message for clients.
>> login_greeting = Welcome to easyMail.
>>
>> shutdown_clients = yes
>>
>> # Most of the actual configuration gets included below. The filenames are
>> # first sorted by their ASCII value and parsed in that order. The
>> 00-prefixes
>> # in filenames are intended to make it easier to understand the ordering.
>> !include conf.d/*.conf
>>
>> # A config file can also tried to be included without giving an error if
>> # it's not found:
>> !include_try local.conf
>>
>> service auth {
>>   unix_listener auth-master {
>>     mode = 0600
>>     user = vmail
>>   }
>> }
>>
>> conf.d/10-auth.conf
>>
>> ##
>> ## Authentication processes
>> ##
>> # Username formatting before it's looked up from databases. You can use
>> # the standard variables here, eg. %Lu would lowercase the username, %n
>> would
>> # drop away the domain if it was given, or "%n-AT-%d" would change the
>> '@' into
>> # "-AT-". This translation is done after auth_username_translation changes.
>> auth_username_format = %Lu
>>
>> # Space separated list of wanted authentication mechanisms:
>> #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
>> #   gss-spnego
>> # NOTE: See also disable_plaintext_auth setting.
>> auth_mechanisms = plain login
>> #
>> # Password database is used to verify user's password (and nothing more).
>> # You can have multiple passdbs and userdbs. This is useful if you want to
>> # allow both system users (/etc/passwd) and virtual users to login without
>> # duplicating the system users into virtual database.
>> #
>> # <doc/wiki/PasswordDatabase.txt>
>> #
>> # User database specifies where mails are located and what user/group IDs
>> # own them. For single-UID configuration use "static" userdb.
>> #
>> # <doc/wiki/UserDatabase.txt>
>>
>> #!include auth-deny.conf.ext
>> #!include auth-master.conf.ext
>>
>> #!include auth-system.conf.ext
>> #!include auth-sql.conf.ext
>> #!include auth-ldap.conf.ext
>> #!include auth-passwdfile.conf.ext
>> #!include auth-checkpassword.conf.ext
>> #!include auth-vpopmail.conf.ext
>> !include auth-static.conf.ext
>>
>> conf.d/auth-static.conf.ext
>>
>> # Static passdb. Included from auth.conf.
>>
>> # This can be used for situations where Dovecot doesn't need to verify the
>> # username or the password, or if there is a single password for all users:
>> #
>> #  - proxy frontend, where the backend verifies the password
>> #  - proxy backend, where the frontend already verified the password
>> #  - authentication with SSL certificates
>> #  - simple testing
>>
>>   passdb static {
>>    driver = static
>>    args = nopassword=y
>>    default_fields = proxy=y host=10.5.10.121
>>   }
>>
>>
>> #passdb {
>> #  driver = static
>> #  args = password=test
>> #}
>>
>> #userdb {
>> #  driver = static
>> #  args = uid=vmail gid=vmail home=/home/%u
>> #}
>>
>> conf.d/10-logging.conf
>>
>> ##
>> ## Log destination.
>> ##
>>
>> # Log file to use for error messages. "syslog" logs to syslog,
>> # /dev/stderr logs to stderr.
>> #log_path = syslog
>>
>> # Log file to use for informational messages. Defaults to log_path.
>> #info_log_path =
>> # Log file to use for debug messages. Defaults to info_log_path.
>> #debug_log_path =
>>
>> # Syslog facility to use if you're logging to syslog. Usually if you don't
>> # want to use "mail", you'll use local0..local7. Also other standard
>> # facilities are supported.
>> #syslog_facility = mail
>>
>> ##
>> ## Logging verbosity and debugging.
>> ##
>>
>> # Log unsuccessful authentication attempts and the reasons why they failed.
>> auth_verbose = yes
>>
>> # In case of password mismatches, log the attempted password. Valid
>> values are
>> # no, plain and sha1. sha1 can be useful for detecting brute force password
>> # attempts vs. user simply trying the same password over and over again.
>> # You can also truncate the value to n chars by appending ":n" (e.g.
>> sha1:6).
>> #auth_verbose_passwords = no
>>
>> # Even more verbose logging for debugging purposes. Shows for example SQL
>> # queries.
>> auth_debug = yes
>>
>> # In case of password mismatches, log the passwords and used scheme so the
>> # problem can be debugged. Enabling this also enables auth_debug.
>> #auth_debug_passwords = no
>>
>> # Enable mail process debugging. This can help you figure out why Dovecot
>> # isn't finding your mails.
>> mail_debug = yes
>>
>> # Show protocol level SSL errors.
>> verbose_ssl = yes
>>
>> # mail_log plugin provides more event logging for mail processes.
>> plugin {
>>   # Events to log. Also available: flag_change append
>>   #mail_log_events = delete undelete expunge copy mailbox_delete
>> mailbox_rename
>>   # Available fields: uid, box, msgid, from, subject, size, vsize, flags
>>   # size and vsize are available only for expunge and copy events.
>>   #mail_log_fields = uid box msgid size
>> }
>>
>>
>> I'm basically expecting this to forward the login requests on to
>> 10.5.10.121 when I try to access the email account through the proxy. 
>> When I attempt this I am able to see the connections in a tcp dump, but
>> dovecot does not log anything about the attempt.  I clearly must be
>> missing something, can you let me know what I need to do or check? 
>>
>> Thank you
>> Ted
>> easyDNS Technologies
>>


More information about the dovecot mailing list