I get the feeling not many people are using Dovecot proxy with MySQL auth. Is there anyone who has done this before? We might end up going with something like NGINX for the proxy instead if we cannot figure out if and how this should work for our type of scenario but it would be nice if we could go with fewer components.
-----Original Message----- From: dovecot-bounces+jkrejci=usinternet.com@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet.com@dovecot.org] On Behalf Of Justin Krejci Sent: Wednesday, November 26, 2008 11:57 AM To: 'Dovecot Mailing List' Subject: [Dovecot] Dovecot Proxy with MySQL auth
We are looking at deploying several pop/imap servers to house the mail for 15,000 or more mailbox accounts. We are contemplating on the design and are looking at using MySQL auth (we already have a MySQL environment in place for our user auth to live) and proxy_maybe so each server can proxy for all the others and we just have a network load balancer distribute the incoming connections to all of the Dovecot servers. Each server would have its own local maildir storage for the users local to that server and all of the authentication and target backend pop/imap server data would be stored in the same MySQL database. The problem we are running into is the documentation is not very clear on this type of scenario.
http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
At the bottom of this page it gives a query example of "SELECT NULL AS password, ." but that does not seem to allow for us to use the proxy_maybe if the destination server is localhost (and therefore do not proxy) it does not seem that the above query will actually send the real password for authentication. Is this a misunderstanding on our part or is the use of mysql auth + proxy_maybe not feasible? Assuming the latter we surmised using a separate instance of Dovecot on each machine to act solely as a proxy front end (use proxy instead of proxy_maybe) then on the second instance there is no proxy config and it listens on a separate TCP port like 80143 or whatever.
Any input or suggestions would be appreciated.
Justin Krejci