[Dovecot] IMAP/POP3 server with proxy feature
We are currently evaluating the migration from a proprietary, legacy mail server onto Dovecot for 20,000+ virtual domains. This is a big job and we intend to do it by initially proxying connections through to the legacy server, and moving customers over in batches by turning off the proxy feature for them.
In the manual it states "This model is still a bit unfinished in current code" [1]. What is needed to get this production-quality? I'm happy to help out with any work required.
[1] http://wiki.dovecot.org/ImapProxy
Jasper Bryant-Greene Director Album Limited
jasper@albumltd.co.nz +64 21 708 334 / 0800 425 286 http://www.albumltd.co.nz/
Jasper Bryant-Greene wrote:
We are currently evaluating the migration from a proprietary, legacy mail server onto Dovecot for 20,000+ virtual domains. This is a big job and we intend to do it by initially proxying connections through to the legacy server, and moving customers over in batches by turning off the proxy feature for them.
In the manual it states "This model is still a bit unfinished in current code" [1]. What is needed to get this production-quality? I'm happy to help out with any work required.
I don't think you need that particular feature. As far as I know just use a passdb with extra-fields and have "proxy=y" defined for the users you want to proxy. I think this is pretty stable.
We're planning to use a passwd-file for an extra passdb containing things like: <username>::<uid>:<gid>::::destuser=<username> host=<proxied server ip> port=143 nodelay=n nologin=y proxy=y
Then:
...
passdb passwd-file { args = /etc/dovecot/proxied-users } passdb pam { }
...
Dovecot uses the proxying feature itself for SSL connections, so it should be pretty robust.
Best Wishes, Chris
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
On Sat, 3 Feb 2007, Chris Wakelin wrote:
Hi,
I don't think you need that particular feature. As far as I know just use a passdb with extra-fields and have "proxy=y" defined for the users you want to proxy. I think this is pretty stable.
We use the proxy-feature currently to migrate from one server to another.
Works (mostly) like a charm. The only thing (for which I start a new
thread) is a crash in the pop3-proxy, when courier (as the real
imap-server) just drops the connection. (The thing I didn't thought of was
the MAXPERIP-limit (defaults to 4) in courier-imap. But with proxying
EVERY connection comes from one IP, and then courier just drops the
connection - which leads to the crash I will report.)
Everything else is rock-stable and _fast_. So my next migration is to drop courier-imap for dovecot.
We have the following auth-section in the dovecot.conf
auth default { mechanisms = plain userdb static { args = static uid=5000 gid=5000 home=/dev/null } passdb sql { args = /usr/local/dovecot/etc/sql.conf } user = root count = 2 }
the userdb-section (I think it was suggested in the wiki) is purely fictional, the uid/gid doesn't even exist.
In the sql.conf we have "static" SQL-Lookup (derivated from a former requirement) for the password-query:
SELECT NULL AS password, '111.222.111.222' as host, NULL AS destuser, 'Y' AS nologin, 'Y' AS nodelay, 'Y' AS proxy
For this query you even don't have to have a filled table, just a db-login is required. I am not brave enough to test further if there is a database needed (we have a dummy-db configured) as it is in heavy use.
regards, Christian
SYSTEM CONCEPT GmbH
On Sat, 2007-02-03 at 10:28 +0000, Chris Wakelin wrote:
Maybe this page should be deleted, or at least it should point to http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy which contains newer description how to do it.
We're planning to use a passwd-file for an extra passdb containing things like: <username>::<uid>:<gid>::::destuser=<username> host=<proxied server ip> port=143 nodelay=n nologin=y proxy=y
nologin and nodelay shouldn't be needed anymore. Also port=143 is the default with IMAP (and with POP3 that'll cause POP3 connections to be proxied there too).
Dovecot uses the proxying feature itself for SSL connections, so it should be pretty robust.
Actually the imap/pop3 proxying code doesn't share code with SSL proxying code.
Le Sat, 03 Feb 2007 22:55:56 +1300 Jasper Bryant-Greene <jasper@albumltd.co.nz> écrit:
We are currently evaluating the migration from a proprietary, legacy mail server onto Dovecot for 20,000+ virtual domains. This is a big job and we intend to do it by initially proxying connections through to the legacy server, and moving customers over in batches by turning off the proxy feature for them.
In the manual it states "This model is still a bit unfinished in current code" [1]. What is needed to get this production-quality? I'm happy to help out with any work required.
Hi, We use Dovecot proxy feature in a quite large production environment (around 1.5 millions mailboxes). We have a maximum of 220 connections / second (2 minutes average) on our environment and dovecot is running for several months now without any major problems.
We have some experience with perdition too. But I recommend using dovecot over perdition. Dovecot is much more easier to setup.
-- Laurent Papier - 03 88 75 80 50 Admin. système - SdV Plurimedia - <http://www.sdv.fr/>
participants (5)
-
Chris Wakelin
-
Christian Froemmel
-
Jasper Bryant-Greene
-
Laurent Papier
-
Timo Sirainen