[Dovecot] director: non standart ports at backends
hello, I'm trying to figure out how to proxy pop3 and pop3s that listens on non-standart ports at backends. For example, pop3 is at 1110 and pop3s at 1995 (on backend side). is it possible? how should I separate this ports in director's config? it's easy for one port: for example lmtp - you just use passdb in protocol lmtp {}
On 11.6.2012, at 12.27, Костырев Александр Алексеевич wrote:
hello, I'm trying to figure out how to proxy pop3 and pop3s that listens on non-standart ports at backends. For example, pop3 is at 1110 and pop3s at 1995 (on backend side). is it possible? how should I separate this ports in director's config? it's easy for one port: for example lmtp - you just use passdb in protocol lmtp {}
The passdb needs to return the "port" field. You can't use static passdb for this, since it has no conditionals and you can't do per-port configuration. Maybe use sqlite (simply to use it as a scripting engine - empty database) or checkpassword as your passdb.
thanks Timo, for you time but I still don't get it) should I return "port" with just "port_num1,port_num2" value or how? I've tried to google an example but with no success.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Monday, June 11, 2012 11:01 PM To: Костырев Александр Алексеевич Cc: dovecot@dovecot.org Subject: Re: [Dovecot] director: non standart ports at backends
On 11.6.2012, at 12.27, Костырев Александр Алексеевич wrote:
hello, I'm trying to figure out how to proxy pop3 and pop3s that listens on non-standart ports at backends. For example, pop3 is at 1110 and pop3s at 1995 (on backend side). is it possible? how should I separate this ports in director's config? it's easy for one port: for example lmtp - you just use passdb in protocol lmtp {}
The passdb needs to return the "port" field. You can't use static passdb for this, since it has no conditionals and you can't do per-port configuration. Maybe use sqlite (simply to use it as a scripting engine - empty database) or checkpassword as your passdb.
Looking at your old mails, you seem to be using passdb static for director, but userdb sql? So you could switch to:
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
password_query = select 'y' as proxy, 'y' as nopassword, if('%a'=143, 1430, 9930) as port
where you'd change the if() to something that handles %s=imap vs %s=pop3 vs %s=lmtp and %a=143 vs %a=993 vs %a=110 vs %a=995. Maybe a "case" statement would be less ugly. Or simply make it a real table in sql. Anyway, that's the basic idea.
On 11.6.2012, at 15.39, Костырев Александр Алексеевич wrote:
thanks Timo, for you time but I still don't get it) should I return "port" with just "port_num1,port_num2" value or how? I've tried to google an example but with no success.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Monday, June 11, 2012 11:01 PM To: Костырев Александр Алексеевич Cc: dovecot@dovecot.org Subject: Re: [Dovecot] director: non standart ports at backends
On 11.6.2012, at 12.27, Костырев Александр Алексеевич wrote:
hello, I'm trying to figure out how to proxy pop3 and pop3s that listens on non-standart ports at backends. For example, pop3 is at 1110 and pop3s at 1995 (on backend side). is it possible? how should I separate this ports in director's config? it's easy for one port: for example lmtp - you just use passdb in protocol lmtp {}
The passdb needs to return the "port" field. You can't use static passdb for this, since it has no conditionals and you can't do per-port configuration. Maybe use sqlite (simply to use it as a scripting engine - empty database) or checkpassword as your passdb.
Thanks, that worked!
I ended up with:
password_query = select 'y' as proxy,
NULL AS password,
'y' as nopassword,
case '%a'
when 110 then 2110
when 995 then 2995
when 143 then 2143
when 993 then 2993
when 24 then 224
when 4190 then 24190 end
as port,
case '%a'
when 995 then 'any-cert'
when 993 then 'any-cert' end
as ssl
;
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Monday, June 11, 2012 11:48 PM To: Костырев Александр Алексеевич Cc: dovecot@dovecot.org Subject: Re: [Dovecot] director: non standart ports at backends
Looking at your old mails, you seem to be using passdb static for director, but userdb sql? So you could switch to:
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
password_query = select 'y' as proxy, 'y' as nopassword, if('%a'=143, 1430, 9930) as port
where you'd change the if() to something that handles %s=imap vs %s=pop3 vs %s=lmtp and %a=143 vs %a=993 vs %a=110 vs %a=995. Maybe a "case" statement would be less ugly. Or simply make it a real table in sql. Anyway, that's the basic idea.
On 11.6.2012, at 15.39, Костырев Александр Алексеевич wrote:
thanks Timo, for you time but I still don't get it) should I return "port" with just "port_num1,port_num2" value or how? I've tried to google an example but with no success.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Monday, June 11, 2012 11:01 PM To: Костырев Александр Алексеевич Cc: dovecot@dovecot.org Subject: Re: [Dovecot] director: non standart ports at backends
On 11.6.2012, at 12.27, Костырев Александр Алексеевич wrote:
hello, I'm trying to figure out how to proxy pop3 and pop3s that listens on non-standart ports at backends. For example, pop3 is at 1110 and pop3s at 1995 (on backend side). is it possible? how should I separate this ports in director's config? it's easy for one port: for example lmtp - you just use passdb in protocol lmtp {}
The passdb needs to return the "port" field. You can't use static passdb for this, since it has no conditionals and you can't do per-port configuration. Maybe use sqlite (simply to use it as a scripting engine - empty database) or checkpassword as your passdb.
Apologies for drudging up an old thread, but I was wondering if you experienced any issues with the way dovecot caches sql results using your discussed setup? I have used your thread as a guide to run dovecot backend on non standard ports. From what I understand Dovecot will auto index the cache using the %a variable (which is good), however the returned cache also contains the old username, which causes the dovecot proxy to rewrite the username prior to passing on the user/pass details to the backend.
I have discussed the issue here: http://www.dovecot.org/list/dovecot/2012-July/067072.html
On 12/06/12 17:29, Костырев Александр Алексеевич wrote:
Thanks, that worked!
I ended up with: password_query = select 'y' as proxy,
NULL AS password,
'y' as nopassword,
case '%a'
when 110 then 2110
when 995 then 2995
when 143 then 2143
when 993 then 2993
when 24 then 224
when 4190 then 24190 end
as port,
case '%a'
when 995 then 'any-cert'
when 993 then 'any-cert' end
asssl
;-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Monday, June 11, 2012 11:48 PM To: Костырев Александр Алексеевич Cc: dovecot@dovecot.org Subject: Re: [Dovecot] director: non standart ports at backends
Looking at your old mails, you seem to be using passdb static for director, but userdb sql? So you could switch to:
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
password_query = select 'y' as proxy, 'y' as nopassword, if('%a'=143, 1430, 9930) as port
where you'd change the if() to something that handles %s=imap vs %s=pop3 vs %s=lmtp and %a=143 vs %a=993 vs %a=110 vs %a=995. Maybe a "case" statement would be less ugly. Or simply make it a real table in sql. Anyway, that's the basic idea.
On 11.6.2012, at 15.39, Костырев Александр Алексеевич wrote:
thanks Timo, for you time but I still don't get it) should I return "port" with just "port_num1,port_num2" value or how? I've tried to google an example but with no success.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Monday, June 11, 2012 11:01 PM To: Костырев Александр Алексеевич Cc: dovecot@dovecot.org Subject: Re: [Dovecot] director: non standart ports at backends
On 11.6.2012, at 12.27, Костырев Александр Алексеевич wrote:
hello, I'm trying to figure out how to proxy pop3 and pop3s that listens on non-standart ports at backends. For example, pop3 is at 1110 and pop3s at 1995 (on backend side). is it possible? how should I separate this ports in director's config? it's easy for one port: for example lmtp - you just use passdb in protocol lmtp {}
The passdb needs to return the "port" field. You can't use static passdb for this, since it has no conditionals and you can't do per-port configuration. Maybe use sqlite (simply to use it as a scripting engine - empty database) or checkpassword as your passdb.
participants (3)
-
Dominic Malolepszy
-
Timo Sirainen
-
Костырев Александр Алексеевич