Local auth works with dovecot-proxy, remote does not
Hi list!
I've configured dovecot-proxy to redirect users to another server if their data is indeed on that other server.
Webmail (which runs on the same machine) works perfectly fine, but clients such as Thunderbird and Outlook do not work as intended, I suspect it to be a problem with the IP that dovecot-proxy sees, but I can't figure out what is wrong: I've already done a lot of Googling and also tried to change the login_trusted_networks value, but to no avail.
I've enabled debug log and here is the relevant part of a call that fails and another one that succeeds (FYI 10.164.0.3 is the machine that is doing the proxying and where webmail is located, 10.164.0.20 is the 'node', these logs come from that node, doveconf -n is also provided in the gist): https://gist.github.com/unreal4u/64de0f05b6e3b98034cdb0ae52ce1196
So as far as I can interpret the logs, in the failure case it is basically saying it should go to the node, despite it already being on that node: Aug 24 11:29:07 mail-node-2 dovecot: auth: Debug: client passdb out: OK#0112#011user=me@XXXXXX.XX #011host=10.164.0.20#011port=143#011proxy#011pass=<hidden>
In the success case, I don't see any mention of a proxy: Aug 24 11:35:21 mail-node-2 dovecot: auth: Debug: client passdb out: OK#0116#011user=me@XXXXXXXXX.XX
What am I missing here? Has this something to do with authentication-allow-nets or authentication-allow-real-nets ? If so: where to define it? Is there something else I'm missing?
Thanks in advance for your help, Camilo Sperberg
I think I have found the issue: I'm missing the auth_proxy_self setting:
https://doc.dovecot.org/configuration_manual/authentication/proxies/
When I set this to the IP of the server, it seems to perform the authentication without issues for webmail as external clients such as Thunderbird.
Greetings, Camilo Sperberg
On Tue, Aug 24, 2021 at 2:37 PM Camilo Sperberg unreal4u@gmail.com wrote:
Hi list!
I've configured dovecot-proxy to redirect users to another server if their data is indeed on that other server.
Webmail (which runs on the same machine) works perfectly fine, but clients such as Thunderbird and Outlook do not work as intended, I suspect it to be a problem with the IP that dovecot-proxy sees, but I can't figure out what is wrong: I've already done a lot of Googling and also tried to change the login_trusted_networks value, but to no avail.
I've enabled debug log and here is the relevant part of a call that fails and another one that succeeds (FYI 10.164.0.3 is the machine that is doing the proxying and where webmail is located, 10.164.0.20 is the 'node', these logs come from that node, doveconf -n is also provided in the gist): https://gist.github.com/unreal4u/64de0f05b6e3b98034cdb0ae52ce1196
So as far as I can interpret the logs, in the failure case it is basically saying it should go to the node, despite it already being on that node: Aug 24 11:29:07 mail-node-2 dovecot: auth: Debug: client passdb out: OK#0112#011user=me@XXXXXX.XX #011host=10.164.0.20#011port=143#011proxy#011pass=<hidden>
In the success case, I don't see any mention of a proxy: Aug 24 11:35:21 mail-node-2 dovecot: auth: Debug: client passdb out: OK#0116#011user=me@XXXXXXXXX.XX
What am I missing here? Has this something to do with authentication-allow-nets or authentication-allow-real-nets ? If so: where to define it? Is there something else I'm missing?
Thanks in advance for your help, Camilo Sperberg
participants (1)
-
Camilo Sperberg