[Dovecot] proxy configuration
Before I spend some time experimenting with what might be impossible, maybe someone can just tell me (either "how" or that it's impossible).
I'd like to get perdition out of my environment (mainly to have one less moving part in my architecture). I'm looking at dovecot's built-in proxying. In my setup, I don't have dedicated front-end machines. A user can connect to any server, but their mail files live on one particular machine. I'd like to transparently proxy them from whatever machine they happen to hit to their home machine.
Except for the "proxy_maybe" feature advertised for dovecot 1.1, I don't see a surefire way to do this. Has anyone done it, or can anyone say for sure that it can't reasonably be done until "proxy_maybe"?
Tx!
bill-dovecot@carpenter.ORG (WJCarpenter) PGP 0x91865119 38 95 1B 69 C9 C6 3D 25 73 46 32 04 69 D6 ED F3
- WJCarpenter bill-dovecot@carpenter.ORG:
Before I spend some time experimenting with what might be impossible, maybe someone can just tell me (either "how" or that it's impossible).
I'd like to get perdition out of my environment (mainly to have one less moving part in my architecture). I'm looking at dovecot's built-in proxying. In my setup, I don't have dedicated front-end machines. A user can connect to any server, but their mail files live on one particular machine. I'd like to transparently proxy them from whatever machine they happen to hit to their home machine.
Except for the "proxy_maybe" feature advertised for dovecot 1.1, I don't see a surefire way to do this. Has anyone done it, or can anyone say for sure that it can't reasonably be done until "proxy_maybe"?
We have a Dovecot proxy serving 25.000 POP/IMAP users. On the backend side there are 5 servers waiting to serve 1/5 of the userbase.
I've written a small LDAP schmema and put the logic, which user resides on which machine, in LDAP. The proxy queries LDAP and LDAP tells where to open a backend connection to.
All this has been done using the stock configuration examples from the wiki http://wiki.dovecot.org/HowTo/ImapProxy. We went for the "master password" configuration where the proxy handles the complete session so clients would always talk to the same host and TLS certificates would therefore always would remain valid. http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy describes the master password setup, but it looks different. I think I used the older version http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy?action=recall&rev=1 to do the configuration back then.
Lessons learned? It works and it worked immediately. Store backend host information as IP address and not as host name.
p@rick
-- state of mind Agentur für Kommunikation, Design und Softwareentwicklung
Patrick Koetter Tel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de
Amtsgericht München Partnerschaftsregister PR 563
Lessons learned? It works and it worked immediately. Store backend host information as IP address and not as host name.
I have a setup similar to what the OP described. The other missing ingredient is that in current stable version you need to change your mysql query to avoid returning any proxy results if the user somehow managed to end up on the correct backend server directly, ie you manually say that no proxying is required. The point of the new feature that Timo added is then you can simply set IP addresses for each server and if the user happens to come in on the correct server already then proxying is automatically disabled (ie you can have a bunch of backend machines all pretending to be frontend machines and it all just works)
Ed W
participants (4)
-
bill-dovecot@carpenter.ORG
-
Ed W
-
Patrick Ben Koetter
-
WJCarpenter