Hi,
I would like to announce nauthilus-director for the first time on this list.
nauthilus-director is an open-source mail protocol director and transparent proxy for Nauthilus-backed mail deployments. It sits in front of stateful mail backends, authenticates frontend sessions through Nauthilus, resolves routing and placement inside the director, selects healthy backend services, keeps active user affinity in Redis, and then proxies the established connection to the selected backend.
The current focus is on deployments where backend placement, maintenance, drains, user movement and session affinity need to be explicit, observable and controllable. The director is not a mailbox server and not a general-purpose load balancer; it owns the narrow director responsibilities between clients, Nauthilus and backend mail services.
Current capabilities include:
- IMAP/IMAPS, POP3/POP3S, LMTP/LMTPS and ManageSieve proxying
- Nauthilus-backed authentication over HTTP or gRPC
- director-owned routing and backend selection
- Redis-backed session affinity and runtime coordination
- backend health, maintenance, runtime drains and placement overrides
- an OpenAPI-based REST control API and
nauthilus-directorctl - metrics, structured logging and OpenTelemetry tracing
The demo stack includes Dovecot backend shards and exercises real IMAP, LMTP, POP3 and ManageSieve paths, so feedback from Dovecot operators would be especially useful.
Related to this, Nauthilus itself has recently been released as version 3.0.0. Nauthilus is the central authentication and policy engine in this setup: it provides centralized authentication and identity handling for mail and web workloads, LDAP-backed or Lua-driven policy decisions, OIDC/SAML IdP functionality, MFA support, and Redis-backed state handling. In the director architecture, Nauthilus remains the authentication and policy authority, while nauthilus-director owns concrete backend placement and proxy lifecycle decisions.
Project links:
- nauthilus-director: https://github.com/croessner/nauthilus-director
- Nauthilus: https://github.com/croessner/nauthilus
- Documentation / website: https://nauthilus.org
The director is still young, so I would be interested in feedback from people running Dovecot-backed infrastructures, especially around operational workflows, backend maintenance, migration scenarios and protocol behavior. The director is still in beta.
Best regards,
Christian Rößner
Rößner-Network-Solutions Zertifizierter ITSiBe / CISO Marburger Str. 70a, 36304 Alsfeld Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
Hi,
I would like to announce nauthilus-director for the first time on this
list.
nauthilus-director is an open-source mail protocol director and
transparent proxy for Nauthilus-backed mail deployments. It sits in front
of stateful mail backends, authenticates frontend sessions through
Nauthilus, resolves routing and placement inside the director, selects
healthy backend services, keeps active user affinity in Redis, and then
proxies the established connection to the selected backend.
The current focus is on deployments where backend placement, maintenance,
drains, user movement and session affinity need to be explicit, observable
and controllable. The director is not a mailbox server and not a
general-purpose load balancer; it owns the narrow director
responsibilities between clients, Nauthilus and backend mail services.
Current capabilities include:
- IMAP/IMAPS, POP3/POP3S, LMTP/LMTPS and ManageSieve proxying
- Nauthilus-backed authentication over HTTP or gRPC
- director-owned routing and backend selection
- Redis-backed session affinity and runtime coordination
- backend health, maintenance, runtime drains and placement overrides
- an OpenAPI-based REST control API and
nauthilus-directorctl - metrics, structured logging and OpenTelemetry tracing
The demo stack includes Dovecot backend shards and exercises real IMAP,
LMTP, POP3 and ManageSieve paths, so feedback from Dovecot operators would
be especially useful.
Related to this, Nauthilus itself has recently been released as version
3.0.0. Nauthilus is the central authentication and policy engine in this
setup: it provides centralized authentication and identity handling for
mail and web workloads, LDAP-backed or Lua-driven policy decisions,
OIDC/SAML IdP functionality, MFA support, and Redis-backed state handling.
In the director architecture, Nauthilus remains the authentication and
policy authority, while
nauthilus-directorowns concrete backend placement and proxy lifecycle decisions. Project links: - nauthilus-director: https://github.com/croessner/nauthilus-director
- Nauthilus: https://github.com/croessner/nauthilus
Documentation / website: https://nauthilus.org The director is still young, so I would be interested in feedback from people running Dovecot-backed infrastructures, especially around operational workflows, backend maintenance, migration scenarios and protocol behavior. The director is still in beta. Best regards, Christian Roessner
Roessner-Network-Solutions Zertifizierter ITSiBe / CISO Marburger Str. 70a, 36304 Alsfeld Mobil: +49 171 9905345 USt-IdNr.: DE225643613, https://roessner.website PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5