dovecot-proxy with managesieve, director and backend dovecot imap

hi all,

I've been tasked to add sieve/managesieve to an existing dovecot cluster running 2.1.7 on debian wheezy which is made up of 2 dovecot-proxy hosts as directors and some back end dovecot imap hosts all running the same version.

My problem is that I thought to put the service on the director/proxy hosts since they wouldn't have too much load on it, but when I do I get the following error:

Apr 28 11:00:28 master: Info: Dovecot v2.1.7 starting up (core dumps disabled) Apr 28 11:00:28 config: Warning: service auth { client_limit=50000 } is lower than required under max. load (60000) Apr 28 11:00:34 managesieve-login: Error: proxy: host not given: user=mailchannel@mydomain.net, method=PLAIN, rip=192.168.100.207, lip=192.168.100.119, TLS, session=<3/zPY74UOgDAqGTP> Apr 28 11:00:34 managesieve-login: Info: Aborted login (internal failure, 1 succesful auths): user=mailchannel@mydomain.net, method=PLAIN, rip=192.168.100.207, lip=192.168.100.119, TLS, session=<3/zPY74UOgDAqGTP>

From searching around, only ever saw 1 result which was to add "executable = managesieve-login director" to the managesieve service, but this made no difference at all and the error is the same.

So I tried to instead use the back end imap servers, but they throw errors expecting the users password to be the common proxy/director password as below: passdb { driver = static args = user=%u password=crypticpasswordagain }

Apr 28 12:03:37 auth: Debug: static(mailchannel@mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): lookup Apr 28 12:03:37 auth: Info: static(mailchannel@mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): Password mismatch Apr 28 12:03:37 auth: Debug: static(mailchannel@mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): PLAIN(85387v92394jks) != 'crypticpasswordagain' Apr 28 12:03:39 auth: Debug: client out: FAIL 1 user=mailchannel@mydomain.net

So with configs below, how is it best to run managesieve that takes the correct login/password without directing to the cluster (or direct if it's easier but must use real user password)?

-- dovecot proxy config --

# dovecot version 2.1.7

instance_name = dovecot-proxy protocols = imap pop3 lmtp sieve mail_location = maildir:~/ #listen = 192.168.101.119 listen = 0.0.0.0 # = dovecot-proxy-1 director_servers = 192.168.101.119 # = dovecot-shared-7 director_mail_servers = 192.168.100.101 base_dir = /var/run/dovecot-proxy login_greeting = Welcome to IMAP. default_internal_user = webmail

lmtp_proxy = yes

disable_plaintext_auth = no

auth_mechanisms = plain login cram-md5

auth_verbose=yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes verbose_ssl=yes auth_verbose_passwords=no

#log_path = syslog log_path = /var/log/dovecot.log

default_process_limit = 10000 default_client_limit = 50000

ssl = no ssl_cert =

director_user_expire = 15 min

doveadm_proxy_port = 9292 doveadm_password = somecrypticpassword

auth_worker_max_count = 90

passdb { driver = ldap args = /etc/dovecot/dovecot-proxy-ldap.conf.ext }

passdb { driver = checkpassword args = /etc/dovecot/checkpassword_migration.py }

userdb { driver = prefetch }

userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext }

service director { unix_listener login/director { mode = 0666 } fifo_listener login/proxy-notify { mode = 0666 } unix_listener director-userdb { mode = 0600 } inet_listener { port = 9191 } }

service imap-login { process_min_avail = 2 service_count = 0 executable = imap-login director inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } }

service pop3-login { process_min_avail = 2 service_count = 0 executable = pop3-login director inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } }

service imap { process_min_avail = 2 process_limit = 0 service_count = 0 }

service pop3 { process_min_avail = 2 process_limit = 0 service_count = 0 }

service lmtp { inet_listener lmtp { port = 24 } }

service auth { client_limit=65000 inet_listener { port = 5451 } }

service auth-worker { user = webmail }

service doveadm { inet_listener { port = 9292 } }

protocol imap { mail_max_userip_connections = 10 }

protocol pop3 { mail_max_userip_connections = 10 }

protocol lmtp { auth_socket_path = director-userdb passdb { driver = ldap args = /etc/dovecot/dovecot-proxy-ldap.conf.ext } }

protocol doveadm { auth_socket_path = director-userdb }

plugin { # Used by both the Sieve plugin and the ManageSieve protocol sieve = file:~/sieve;active=~/.dovecot.sieve }

-- dovecot backend config --

# dovecot version 2.1.7

protocols = imap pop3 lmtp #sieve # OLDTEMP listen = 192.168.100.95 listen = 192.168.100.101

mail_location = maildir:~/

namespace { prefix = INBOX. separator = . inbox = yes }

base_dir = /var/run/dovecot/ login_greeting = Dovecot ready. default_login_user = dovenull default_internal_user = webmail mail_access_groups = mail

postmaster_address = postmaster@mydomain.net

disable_plaintext_auth = no auth_mechanisms = plain login

auth_verbose=yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes verbose_ssl=yes auth_verbose_passwords=no

#log_path = syslog log_path = /var/log/dovecot.log

default_process_limit = 10000 default_client_limit = 50000

mmap_disable = yes mail_fsync = always mail_nfs_storage = no mail_nfs_index = no

#mail_plugin_dir = /usr/lib/dovecot mail_plugin_dir = /usr/lib/dovecot/modules # OLDTEMP mail_plugins = $mail_plugins quota fts fts_lucene mail_plugins = $mail_plugins quota fts fts_squat sieve

ssl = no # OLDTEMP ssl_cert =

doveadm_password = somecrypticpassword

userdb { driver = ldap # OLDTEMP args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext args = /etc/dovecot/dovecot-ldap.conf.ext }

passdb { driver = static args = user=%u password=crypticpasswordagain }

service imap-login { process_min_avail = 2 service_count = 0 inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } }

service pop3-login { process_min_avail = 2 service_count = 0 inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } }

service imap { process_min_avail = 2 process_limit = 0 executable = imap #imap-postlogin vsz_limit = 384M }

service pop3 { process_min_avail = 2 process_limit = 0 executable = pop3 #pop3-postlogin vsz_limit = 384M }

service lmtp { inet_listener lmtp { port = 24 } vsz_limit = 384M }

service doveadm { inet_listener { port = 9292 } }

service director { unix_listener director-admin { mode = 0 } }

service quota-warning { executable = script /etc/dovecot/quota-warning.sh unix_listener quota-warning { user = webmail } }

protocol imap { mail_plugins = $mail_plugins quota imap_quota mail_max_userip_connections = 10 }

protocol pop3 { mail_max_userip_connections = 10 }

plugin { fts = fts_squat fts_squat = partial=4 full=10 # fts_lucene = whitespace_chars=@. quota = maildir:User quota quota_warning = storage=75%% quota-warning 75 %u quota_warning2 = storage=95%% quota-warning 95 %u }

-- managesieve config --

service managesieve-login { executable = managesieve-login director service_count = 0 process_min_avail = 0 vsz_limit = 64M }

service managesieve { process_count = 100 }

# Service configuration

protocol sieve { managesieve_max_line_length = 32768 executable = managesieve-login director mail_max_userip_connections = 5 managesieve_max_compile_errors = 5 }