Dovecot supports real IP forwarding with HAproxy.
Yes. I was aware of this, but that doesn’t answer my question of how to configure a Dovecot proxy to listen on many IPs/ports and do authentication based on the incoming IP/port. If I could do this without having to run 50 Dovecot proxies (one for each incoming IP/port), I would probably use the HAProxy/Dovecot Proxy solution.
Or is Dovecot proxy light-weight enough to run a 100 instances or more on a single cloud VM (limited cores/memory) with an HAProxy front-end?
On Jun 3, 2016, at 9:14 AM, Aki Tuomi <aki.tuomi@dovecot.fi> wrote:
On 03.06.2016 16:00, KT Walrus wrote:
btw, what is the reasong for NGINX proxy anyway? Since dovecot proxy can do this for you too. I want to do authentication using the IP that the IMAP client used to connect to the IMAP server. That is, I have 50 IPs, one for each state my users live in, so the users can only connect to the IMAP server using the domain name where their account is hosted (e.g., va.example.com <http://va.example.com/> for accounts in Virginia or ca.example.com <http://ca.example.com/> for accounts in California). I figured it was fairly simple to have NGINX listen on the different IPs for the different IMAP servers and do the authentication based on the server IP that was used by the IMAP client and then route the request to the proper Dovecot backend.
I actually plan on using HAProxy to listen on each of the IPs and then proxy to an NGINX mail proxy listening on different ports (one for each proxied IP). NGINX would then have mail server sections for each port that invokes a PHP script passing in the domain name associated with the port (e.g., va.example.com <http://va.example.com/>). The PHP script would then use this domain name along with the user/password supplied by the mail client to do the auth check and backend dovecot server selection.
The only problem I see with using HAProxy and NGINX mail proxy is I think I will lose the client IP so the Dovecot logs won’t show this IP.
Dovecot supports real IP forwarding with HAproxy.
http://wiki2.dovecot.org/HAProxy
Aki