Timo,
Is there any chance 'doveadm who' could use this to display the original connection source?
If login_trusted_networks contains proxies, I think it should already do that?..
Interesting. I'd tried putting the private network in login_trusted_networks but it got stuck in a loop until the director process ran out of file handles, so I took it back out. This is probably a little weird in that it's proxying to itself, and also trusting the looped connection. I guess it's running the original endpoints through the authdb for validation, which then proxies, causes another authdb lookup, etc?
/etc/dovecot/dovecot.conf: director_servers = 10.142.0.162 director_mail_servers = 10.142.0.162 login_trusted_networks = 10.142.0.0/24 passdb { driver = sql args = /etc/dovecot/proxy-sqlite.conf } passdb { driver = pam } userdb { driver = passwd }
/etc/dovecot/proxy-sqlite.conf: driver = sqlite connect = /dev/null password_query = SELECT null AS password, 'Y' AS nopassword, 'Y' AS proxy WHERE '%{lip}' NOT LIKE '10.142.0.%%' AND '%{lip}' != '%{rip}'
The verbose auth look during the loop looked like:
(lots more of the following omitted) Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: new auth connection: pid=19120 Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=128.223.142.138 rip=128.223.157.45 lport=993 rport=60872 resp=<hidden> Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: client out: OK 1 user=brandond proxy pass=<hidden> Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: sql(brandond,128.223.157.45): query: SELECT null AS password, 'Y' AS nopassword, 'Y' AS proxy WHERE '128.223.142.138' NOT LIKE '10.142.0.%' AND '128.223.142.138' != '128.223.157.45' Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: new auth connection: pid=19121 Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=128.223.142.138 rip=128.223.157.45 lport=993 rport=60872 resp=<hidden> Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: client out: OK 1 user=brandond proxy pass=<hidden> Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: sql(brandond,128.223.157.45): query: SELECT null AS password, 'Y' AS nopassword, 'Y' AS proxy WHERE '128.223.142.138' NOT LIKE '10.142.0.%' AND '128.223.142.138' != '128.223.157.45' Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=128.223.142.138 rip=128.223.157.45 lport=993 rport=60872 resp=<hidden> Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: client out: OK 1 user=brandond proxy pass=<hidden> Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: sql(brandond,128.223.157.45): query: SELECT null AS password, 'Y' AS nopassword, 'Y' AS proxy WHERE '128.223.142.138' NOT LIKE '10.142.0.%' AND '128.223.142.138' != '128.223.157.45' Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: new auth connection: pid=19123 Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: new auth connection: pid=19124 Jun 2 13:48:58 cc-popmap7 dovecot: director: Error: socket(/var/run/dovecot//auth-login) failed: Too many open files Jun 2 13:48:58 cc-popmap7 dovecot: director: Error: connect(/var/run/dovecot//auth-login) failed: Too many open files Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: client in: AUTH 1 PLAIN service=imap secured lip=128.223.142.138 rip=128.223.157.45 lport=993 rport=60872 resp=<hidden> Jun 2 13:48:58 cc-popmap7 dovecot: director: Error: socket(/var/run/dovecot//auth-login) failed: Too many open files Jun 2 13:48:58 cc-popmap7 dovecot: director: Error: connect(/var/run/dovecot//auth-login) failed: Too many open files Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: client out: OK 1 user=brandond proxy pass=<hidden> Jun 2 13:48:58 cc-popmap7 dovecot: auth: Debug: sql(brandond,128.223.157.45): query: SELECT null AS password, 'Y' AS nopassword, 'Y' AS proxy WHERE '128.223.142.138' NOT LIKE '10.142.0.%' AND '128.223.142.138' != '128.223.157.45' Jun 2 13:48:58 cc-popmap7 dovecot: director: Error: socket(/var/run/dovecot//auth-login) failed: Too many open files Jun 2 13:48:58 cc-popmap7 dovecot: director: Error: connect(/var/run/dovecot//auth-login) failed: Too many open files Jun 2 13:48:58 cc-popmap7 dovecot: imap-login: Warning: Error sending handshake to auth server: Broken pipe
-Brad