director_mail_servers setting uses IP Adresses as values https://doc.dovecot.org/settings/core/#core_setting-director_mail_servers As described in the documentation, hostnames are converted to addresses when the configuration is read https://doc.dovecot.org/settings/types/#ip-addresses
This is acceptable in host or virtual machine environment, but becomes a problem in a containerized environment. When any backend container is restarted, its address will change and users related to this backend can no longer connect, but backend (available with new IP address) can process request for example, director_mail_servers = dovecot-1 dovecot-2 dovecot-3 becomes in runtime (with one successfully connectetd user foo@example.com)
doveadm director status mail server ip tag vhosts state state changed users 10.0.71.3 100 up - 0 10.0.71.4 100 up - 1 10.0.71.5 100 up - 0
where dovecot-1 10.0.71.3, dovecot-2 10.0.71.4, dovecot-3 10.0.71.5
When dovevecot-2 backend container restarts, and becomes new IP address, user can't connect to related backend: imap-login: Info: proxy(foo@example.com,10.0.71.4:143): Started proxying to <10.0.71.4> (<dovecot-2>) (0.009 secs) imap-login: Error: proxy(foo@example.com,10.0.71.4:143): connect(10.0.71.4, 143) failed: No route to host (after 28 secs, 3 reconnects, local=10.0.71.13:41066)
My suggestion to developers: resolve backend hostnames to IP address on every request to director_mail_servers
It's not about dovemon service with active health checks from dovecot pro, just dynamic hostname resolve
Op 16 jan. 2023 om 13:59 heeft k v <sintensa@outlook.com> het volgende geschreven:
director_mail_servers setting uses IP Adresses as values https://doc.dovecot.org/settings/core/#core_setting-director_mail_servers As described in the documentation, hostnames are converted to addresses when the configuration is read https://doc.dovecot.org/settings/types/#ip-addresses
This is acceptable in host or virtual machine environment, but becomes a problem in a containerized environment. When any backend container is restarted, its address will change and users related to this backend can no longer connect, but backend (available with new IP address) can process request for example, director_mail_servers = dovecot-1 dovecot-2 dovecot-3 becomes in runtime (with one successfully connectetd user foo@example.com)
doveadm director status mail server ip tag vhosts state state changed users 10.0.71.3 100 up - 0 10.0.71.4 100 up - 1 10.0.71.5 100 up - 0
where dovecot-1 10.0.71.3, dovecot-2 10.0.71.4, dovecot-3 10.0.71.5
When dovevecot-2 backend container restarts, and becomes new IP address, user can't connect to related backend: imap-login: Info: proxy(foo@example.com,10.0.71.4:143): Started proxying to <10.0.71.4> (<dovecot-2>) (0.009 secs) imap-login: Error: proxy(foo@example.com,10.0.71.4:143): connect(10.0.71.4, 143) failed: No route to host (after 28 secs, 3 reconnects, local=10.0.71.13:41066)
My suggestion to developers:
Director has been phased out.
resolve backend hostnames to IP address on every request to director_mail_servers
It's not about dovemon service with active health checks from dovecot pro, just dynamic hostname resolve
participants (2)
-
k v
-
William Edwards