Hi!
First of all, can you provide output of 'doveconf -n'? It's much cleaner to read and shows what's really there?
Aki
On 22.1.2019 17.57, Ted wrote:
Hello,
We're having difficulty with our updated cluster of dovecot servers accessing the email storage on the NFS mounts. It seems index files get corrupted when 2 backend mailservers access the same account, and from documentation setting up a director proxy in front of the backup servers. I'm trying to just set up a straight proxy first, which the documents say is the first step, and although I can see the connections coming into the server when I try to login via the proxy, the connection times out and there are no logs from dovecot anywhere saying what happened to the connection.
The configs I have set up for this in dovecot are:
dovecot.conf
# Protocols we want to be serving. protocols = imap pop3
#when re-enabling quota enforcement add quota in below: mail_plugins = $mail_plugins mail_log notify
protocol imap { # Space separated list of plugins to load (default is global mail_plugins). #when re-enabling quota enforcement add imap_quota in below: mail_plugins = $mail_plugins }
# A comma separated list of IPs or hosts where to listen in for connections. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. # If you want to specify non-default ports or anything more complex, # edit conf.d/master.conf. #listen = *, ::
# Base directory where to store runtime data. #base_dir = /var/run/dovecot/
# Name of this instance. In multi-instance setup doveadm and other commands # can use -i <instance_name> to select which instance is used (an alternative # to -c <config_path>). The instance name is also added to Dovecot processes # in ps output. #instance_name = dovecot
# Greeting message for clients. login_greeting = Welcome to easyMail.
shutdown_clients = yes
# Most of the actual configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes # in filenames are intended to make it easier to understand the ordering. !include conf.d/*.conf
# A config file can also tried to be included without giving an error if # it's not found: !include_try local.conf
service auth { unix_listener auth-master { mode = 0600 user = vmail } }
conf.d/10-auth.conf
## ## Authentication processes ## # Username formatting before it's looked up from databases. You can use # the standard variables here, eg. %Lu would lowercase the username, %n would # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into # "-AT-". This translation is done after auth_username_translation changes. auth_username_format = %Lu
# Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey # gss-spnego # NOTE: See also disable_plaintext_auth setting. auth_mechanisms = plain login # # Password database is used to verify user's password (and nothing more). # You can have multiple passdbs and userdbs. This is useful if you want to # allow both system users (/etc/passwd) and virtual users to login without # duplicating the system users into virtual database. # # <doc/wiki/PasswordDatabase.txt> # # User database specifies where mails are located and what user/group IDs # own them. For single-UID configuration use "static" userdb. # # <doc/wiki/UserDatabase.txt>
#!include auth-deny.conf.ext #!include auth-master.conf.ext
#!include auth-system.conf.ext #!include auth-sql.conf.ext #!include auth-ldap.conf.ext #!include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-vpopmail.conf.ext !include auth-static.conf.ext
conf.d/auth-static.conf.ext
# Static passdb. Included from auth.conf.
# This can be used for situations where Dovecot doesn't need to verify the # username or the password, or if there is a single password for all users: # # - proxy frontend, where the backend verifies the password # - proxy backend, where the frontend already verified the password # - authentication with SSL certificates # - simple testing
passdb static { driver = static args = nopassword=y default_fields = proxy=y host=10.5.10.121 }
#passdb { # driver = static # args = password=test #}
#userdb { # driver = static # args = uid=vmail gid=vmail home=/home/%u #}
conf.d/10-logging.conf
## ## Log destination. ##
# Log file to use for error messages. "syslog" logs to syslog, # /dev/stderr logs to stderr. #log_path = syslog
# Log file to use for informational messages. Defaults to log_path. #info_log_path = # Log file to use for debug messages. Defaults to info_log_path. #debug_log_path =
# Syslog facility to use if you're logging to syslog. Usually if you don't # want to use "mail", you'll use local0..local7. Also other standard # facilities are supported. #syslog_facility = mail
## ## Logging verbosity and debugging. ##
# Log unsuccessful authentication attempts and the reasons why they failed. auth_verbose = yes
# In case of password mismatches, log the attempted password. Valid values are # no, plain and sha1. sha1 can be useful for detecting brute force password # attempts vs. user simply trying the same password over and over again. # You can also truncate the value to n chars by appending ":n" (e.g. sha1:6). #auth_verbose_passwords = no
# Even more verbose logging for debugging purposes. Shows for example SQL # queries. auth_debug = yes
# In case of password mismatches, log the passwords and used scheme so the # problem can be debugged. Enabling this also enables auth_debug. #auth_debug_passwords = no
# Enable mail process debugging. This can help you figure out why Dovecot # isn't finding your mails. mail_debug = yes
# Show protocol level SSL errors. verbose_ssl = yes
# mail_log plugin provides more event logging for mail processes. plugin { # Events to log. Also available: flag_change append #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename # Available fields: uid, box, msgid, from, subject, size, vsize, flags # size and vsize are available only for expunge and copy events. #mail_log_fields = uid box msgid size }
I'm basically expecting this to forward the login requests on to 10.5.10.121 when I try to access the email account through the proxy. When I attempt this I am able to see the connections in a tcp dump, but dovecot does not log anything about the attempt. I clearly must be missing something, can you let me know what I need to do or check?
Thank you Ted easyDNS Technologies