Hello Sami, yes, see below.
We run Dovecot at a different versions, mainly 2.2.10 (CentOS), 2.2.22 (Ubuntu) and now 2.2.36 (CentOS). The issue is weird, because it only happened after the update from 2.2.10->36. Just to understand it would be great.
I'm actually checking out the configs now ... Our SQL userdb does not specify port. So I'm guessing this may be to blame?
(This was by design, though -- we don't want to specify one port for different client protocols. Though, I do recall seeing some hack online using CASE in SQL query ...)
These servers run LMTP as a unix socket as well as a TCP port 24 serving all IP sources. The internal servers are running LMTP on TCP port 24 (as well as unix socket, but that's irrelevant), but no LMTP comm happens between directors and backend mail servers after the 2.2.10->36 update on the directors with our config. I do apologize that I can't get more specific than those versions ...
The backend mail servers function the same in our environment on both versions 2.2.10 and 2.2.36.
We are good now, as we changed the config to go to the TCP port instead of unix socket. But we had a good jolt of fun this morning. :-)
Would love to understand what we have done wrong, or how we misunderstood the configuration directives -- in either version.
Thank you Sami.
Here is the SQL:
driver = mysql
connect = host=10.1.1.110 dbname=someoneelsesmail user=notouruser password=chicken
default_pass_scheme = PLAIN
password_query = SELECT CONCAT(a.username,'@',d.domain) AS user,a.password,'captainmaster' AS master,'kentuckyfriedchicken' AS pass,'Y' AS proxy FROM accounts a INNER JOIN domains d ON a.domain_id=d.id WHERE a.username='%n' AND d.domain='%d' AND a.active=1 AND d.active=1
Here is the doveconf:
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
doveconf: Warning: service auth { client_limit=5200 } is lower than required under max. load (6144)
# OS: Linux 3.10.0-693.17.1.el7.centos.plus.x86_64 x86_64 CentOS Linux release 7.6.1810 (Core)
# Hostname: imapdir1.randomdomain.net
auth_master_user_separator = *
auth_mechanisms = plain login cram-md5
default_client_limit = 5200
default_process_limit = 1024
director_mail_servers = 10.9.5.131 10.9.5.132
director_servers = 10.9.5.151 10.9.5.152
disable_plaintext_auth = no
doveadm_port = 24245
first_valid_uid = 1000
lmtp_proxy = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
quota = maildir:User quota
quota_grace = 10%%
quota_status_nouser = DUNNO
quota_status_overquota = 522 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener auth-client {
mode = 0660
user = exim
}
}
service director {
fifo_listener login/proxy-notify {
mode = 0600
user = $default_login_user
}
inet_listener {
port = 9090
}
unix_listener director-userdb {
mode = 0600
}
unix_listener login/director {
mode = 0666
}
}
service doveadm {
inet_listener {
port = 24245
}
}
service imap-login {
executable = imap-login director
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service lmtp {
inet_listener lmtp {
port = 24
}
process_min_avail = 5
}
service managesieve-login {
executable = managesieve-login director
}
service pop3-login {
executable = pop3-login director
}
service quota-warning {
executable = script /etc/dovecot/quota-warning.sh
user = dovecot
}
ssl_cert = </etc/ssl/randomdomain.net/randomdomain.net-bundle.crt
ssl_key = # hidden, use -P to show it
protocol lmtp {
auth_socket_path = director-userdb
mail_plugins = " quota sieve"
passdb {
args = proxy=y port=24
driver = static
name =
}
postmaster_address = postmaster@randomdomain.net
}
protocol doveadm {
auth_socket_path = director-userdb
}
protocol imap {
mail_max_userip_connections = 50
mail_plugins = " imap_quota"
}
protocol pop3 {
mail_max_userip_connections = 50
}
local 10.9.0.0/18 {
doveadm_password = # hidden, use -P to show it
}
On Sunday, December 30, 2018 03:08 PM PST, Sami Ketola <sami.ketola@dovecot.fi> wrote:
On 31 Dec 2018, at 0.43, Laz C. Peterson <laz@paravis.net> wrote:Hello there,Everything was working fine on Dovecot 2.2.10 (on CentOS 7), but after updating to version 2.2.36, our director servers are not able to proxy LMTP.We are sending mail from exim to the local Dovecot LMTP socket, which then used to send it to our internal mail servers on port 24.Besides the update, nothing has changed in the config files. The configuration has been working great for months … Then we had a great idea of doing holiday maintenance.(Currently, we are working around this issue by having exim send mail to the IP and port, instead of the socket.)Doing a tcpdump capture shows no TCP traffic either. The logs seem to say that it is trying to go to port 0, so my guess is that it’s not getting the port directive from either static or sql — since the docs state that if these settings aren't specified, it will always use the same connection type for the proxy that it received the connection on.Any thoughts? I can share config if necessary.~ Laz Peterson
Paravis, LLC