- WJCarpenter bill-dovecot@carpenter.ORG:
Before I spend some time experimenting with what might be impossible, maybe someone can just tell me (either "how" or that it's impossible).
I'd like to get perdition out of my environment (mainly to have one less moving part in my architecture). I'm looking at dovecot's built-in proxying. In my setup, I don't have dedicated front-end machines. A user can connect to any server, but their mail files live on one particular machine. I'd like to transparently proxy them from whatever machine they happen to hit to their home machine.
Except for the "proxy_maybe" feature advertised for dovecot 1.1, I don't see a surefire way to do this. Has anyone done it, or can anyone say for sure that it can't reasonably be done until "proxy_maybe"?
We have a Dovecot proxy serving 25.000 POP/IMAP users. On the backend side there are 5 servers waiting to serve 1/5 of the userbase.
I've written a small LDAP schmema and put the logic, which user resides on which machine, in LDAP. The proxy queries LDAP and LDAP tells where to open a backend connection to.
All this has been done using the stock configuration examples from the wiki http://wiki.dovecot.org/HowTo/ImapProxy. We went for the "master password" configuration where the proxy handles the complete session so clients would always talk to the same host and TLS certificates would therefore always would remain valid. http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy describes the master password setup, but it looks different. I think I used the older version http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy?action=recall&rev=1 to do the configuration back then.
Lessons learned? It works and it worked immediately. Store backend host information as IP address and not as host name.
p@rick
-- state of mind Agentur für Kommunikation, Design und Softwareentwicklung
Patrick Koetter Tel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de
Amtsgericht München Partnerschaftsregister PR 563