[Dovecot] using 'socat' to relay Dovecot SASL's auth socket over TCP?
hi,
i've been running Exim & Dovecot together on the same box.
Exim's been sharing Dovecot/SASL auth info over a local unix socket. works great.
i'm now splitting Exim & Dovecot onto two different boxes.
iiuc, Dovecot ONLY provides a UNIX (local) socket; *not* a TCP socket for over-the-network access. SUre, I could mount the Dovecot socket's volume over NFS ... but just don't want to go there.
i've just discovered,
socat - Multipurpose relay
http://www.dest-unreach.org/socat/
"Socat is a command line based utility that establishes two
bidirectional byte streams and transfers data between them. Because the streams can be constructed from a large set of different types of data sinks and sources (see address types), and because lots of address options may be applied to the streams, socat can be used for many different purposes. It might be one of the tools that one `has already needed'."
which, iiuc (?), can bidirectionally bridge the Dovecot unix-socket to a TCP socket that Exim can talk/listen to.
reading further, "address types" (http://www.dest-unreach.org/socat/doc/socat.html#ADDRESS_TYPES) seem to include BOTH unix & tcp sockets ...
can anyone here comment further on this?
known to work? possible? no way? etc etc
thanks!
snowcrash wrote:
which, iiuc (?), can bidirectionally bridge the Dovecot unix-socket to a TCP socket that Exim can talk/listen to.
I've used socat extensively on a completely unrelated project in order to bridge UNIX domain sockets across machines.
I assume you currently have this:
exim -> /some/unix/socket -> dovecot-auth
If you want to use socat, then make sure it is installed on both machines. You can bridge using ssh (recommended) or just plain TCP/IP.
For ssh, run the following command on eximhost:
socat -t 10 UNIX-LISTEN:/some/unix/socket,fork
EXEC:"ssh user@dovecot-auth-host STDIO UNIX:/some/unix/socket"
The ssh will need to be able to complete without any form of prompting (ie you need private/authorized keys setup).
If you don't care about security then you can use TCP connections between the machines.
On eximhost run this replacing 9999 with your chosen port number:
socat -t 10 UNIX-LISTEN:/some/unix/socket,fork
TCP4:dovecot-auth-host:9999
On dovecot-auth-host run:
socat TCP4-LISTEN:9999,fork
UNIX:/some/unix/socket
The -t 10 option waits for 10 seconds after one direction is closed before closing the other direction. The socat default is .5 seconds which I found problematic on higher latency links.
Roger
participants (2)
-
Roger Binns
-
snowcrash