dovecot-proxy with managesieve, director and backend dovecot imap
hi all,
I've been tasked to add sieve/managesieve to an existing dovecot cluster running 2.1.7 on debian wheezy which is made up of 2 dovecot-proxy hosts as directors and some back end dovecot imap hosts all running the same version.
My problem is that I thought to put the service on the director/proxy hosts since they wouldn't have too much load on it, but when I do I get the following error:
Apr 28 11:00:28 master: Info: Dovecot v2.1.7 starting up (core dumps disabled) Apr 28 11:00:28 config: Warning: service auth { client_limit=50000 } is lower than required under max. load (60000) Apr 28 11:00:34 managesieve-login: Error: proxy: host not given: user=<mailchannel@mydomain.net>, method=PLAIN, rip=192.168.100.207, lip=192.168.100.119, TLS, session=<3/zPY74UOgDAqGTP> Apr 28 11:00:34 managesieve-login: Info: Aborted login (internal failure, 1 succesful auths): user=<mailchannel@mydomain.net>, method=PLAIN, rip=192.168.100.207, lip=192.168.100.119, TLS, session=<3/zPY74UOgDAqGTP>
From searching around, only ever saw 1 result which was to add "executable = managesieve-login director" to the managesieve service, but this made no difference at all and the error is the same.
So I tried to instead use the back end imap servers, but they throw errors expecting the users password to be the common proxy/director password as below: passdb { driver = static args = user=%u password=crypticpasswordagain }
Apr 28 12:03:37 auth: Debug: static(mailchannel@mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): lookup Apr 28 12:03:37 auth: Info: static(mailchannel@mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): Password mismatch Apr 28 12:03:37 auth: Debug: static(mailchannel@mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): PLAIN(85387v92394jks) != 'crypticpasswordagain' Apr 28 12:03:39 auth: Debug: client out: FAIL 1 user=mailchannel@mydomain.net
So with configs below, how is it best to run managesieve that takes the correct login/password without directing to the cluster (or direct if it's easier but must use real user password)?
-- dovecot proxy config --
# dovecot version 2.1.7
instance_name = dovecot-proxy protocols = imap pop3 lmtp sieve mail_location = maildir:~/ #listen = 192.168.101.119 listen = 0.0.0.0 # = dovecot-proxy-1 director_servers = 192.168.101.119 # = dovecot-shared-7 director_mail_servers = 192.168.100.101 base_dir = /var/run/dovecot-proxy login_greeting = Welcome to IMAP. default_internal_user = webmail
lmtp_proxy = yes
disable_plaintext_auth = no
auth_mechanisms = plain login cram-md5
auth_verbose=yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes verbose_ssl=yes auth_verbose_passwords=no
#log_path = syslog log_path = /var/log/dovecot.log
default_process_limit = 10000 default_client_limit = 50000
ssl = no ssl_cert = </etc/ssl/private/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem
director_user_expire = 15 min
doveadm_proxy_port = 9292 doveadm_password = somecrypticpassword
auth_worker_max_count = 90
passdb { driver = ldap args = /etc/dovecot/dovecot-proxy-ldap.conf.ext }
passdb { driver = checkpassword args = /etc/dovecot/checkpassword_migration.py }
userdb { driver = prefetch }
userdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext }
service director { unix_listener login/director { mode = 0666 } fifo_listener login/proxy-notify { mode = 0666 } unix_listener director-userdb { mode = 0600 } inet_listener { port = 9191 } }
service imap-login { process_min_avail = 2 service_count = 0 executable = imap-login director inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } }
service pop3-login { process_min_avail = 2 service_count = 0 executable = pop3-login director inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } }
service imap { process_min_avail = 2 process_limit = 0 service_count = 0 }
service pop3 { process_min_avail = 2 process_limit = 0 service_count = 0 }
service lmtp { inet_listener lmtp { port = 24 } }
service auth { client_limit=65000 inet_listener { port = 5451 } }
service auth-worker { user = webmail }
service doveadm { inet_listener { port = 9292 } }
protocol imap { mail_max_userip_connections = 10 }
protocol pop3 { mail_max_userip_connections = 10 }
protocol lmtp { auth_socket_path = director-userdb passdb { driver = ldap args = /etc/dovecot/dovecot-proxy-ldap.conf.ext } }
protocol doveadm { auth_socket_path = director-userdb }
plugin { # Used by both the Sieve plugin and the ManageSieve protocol sieve = file:~/sieve;active=~/.dovecot.sieve }
-- dovecot backend config --
# dovecot version 2.1.7
protocols = imap pop3 lmtp #sieve # OLDTEMP listen = 192.168.100.95 listen = 192.168.100.101
mail_location = maildir:~/
namespace { prefix = INBOX. separator = . inbox = yes }
base_dir = /var/run/dovecot/ login_greeting = Dovecot ready. default_login_user = dovenull default_internal_user = webmail mail_access_groups = mail
postmaster_address = postmaster@mydomain.net
disable_plaintext_auth = no auth_mechanisms = plain login
auth_verbose=yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes verbose_ssl=yes auth_verbose_passwords=no
#log_path = syslog log_path = /var/log/dovecot.log
default_process_limit = 10000 default_client_limit = 50000
mmap_disable = yes mail_fsync = always mail_nfs_storage = no mail_nfs_index = no
#mail_plugin_dir = /usr/lib/dovecot mail_plugin_dir = /usr/lib/dovecot/modules # OLDTEMP mail_plugins = $mail_plugins quota fts fts_lucene mail_plugins = $mail_plugins quota fts fts_squat sieve
ssl = no # OLDTEMP ssl_cert = </usr/local/dovecot/ssl/dovecot.pem # OLDTEMP ssl_key = </usr/local/dovecot/ssl/dovecot.pem ssl_cert = </etc/ssl/private/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem
doveadm_password = somecrypticpassword
userdb { driver = ldap # OLDTEMP args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext args = /etc/dovecot/dovecot-ldap.conf.ext }
passdb { driver = static args = user=%u password=crypticpasswordagain }
service imap-login { process_min_avail = 2 service_count = 0 inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } }
service pop3-login { process_min_avail = 2 service_count = 0 inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } }
service imap { process_min_avail = 2 process_limit = 0 executable = imap #imap-postlogin vsz_limit = 384M }
service pop3 { process_min_avail = 2 process_limit = 0 executable = pop3 #pop3-postlogin vsz_limit = 384M }
service lmtp { inet_listener lmtp { port = 24 } vsz_limit = 384M }
service doveadm { inet_listener { port = 9292 } }
service director { unix_listener director-admin { mode = 0 } }
service quota-warning { executable = script /etc/dovecot/quota-warning.sh unix_listener quota-warning { user = webmail } }
protocol imap { mail_plugins = $mail_plugins quota imap_quota mail_max_userip_connections = 10 }
protocol pop3 { mail_max_userip_connections = 10 }
plugin { fts = fts_squat fts_squat = partial=4 full=10 # fts_lucene = whitespace_chars=@. quota = maildir:User quota quota_warning = storage=75%% quota-warning 75 %u quota_warning2 = storage=95%% quota-warning 95 %u }
-- managesieve config --
service managesieve-login { executable = managesieve-login director service_count = 0 process_min_avail = 0 vsz_limit = 64M }
service managesieve { process_count = 100 }
# Service configuration
protocol sieve { managesieve_max_line_length = 32768 executable = managesieve-login director mail_max_userip_connections = 5 managesieve_max_compile_errors = 5 }
participants (1)
-
George Vieira