[Dovecot] Dovecot replication not redirecting if server is down
Hi everyone,
I'm running a test environment with a proxy in front of working replication between two backends but redirecting in case of a backend failure is not working.
Nov 09 21:03:59 imap-login: Error: proxy(mail@example.net): connect(10.5.29.211, 143) failed: Connection refused (after 0 secs, local=10.5.29.201:38333)
I appreciate any advice.
Regards Patrick
Proxy:
# 2.2.7: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 auth_debug = yes auth_mechanisms = plain login auth_verbose = yes default_process_limit = 150 director_mail_servers = 10.5.29.211 10.5.29.212 director_servers = 10.5.29.201 director_user_expire = 5 mins disable_plaintext_auth = no lmtp_proxy = yes log_path = /var/log/dovecot.log mail_plugins = notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = proxy=y nopassword=y driver = static } protocols = imap pop3 lmtp sieve service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener auth-userdb { user = dovecot } } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { address = 10.5.29.201 port = 9090 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service lmtp { inet_listener lmtp { address = 10.5.29.201 port = 24 } } service managesieve-login { executable = managesieve-login director inet_listener sieve { port = 4190 } } service pop3-login { executable = pop3-login director } service replicator { unix_listener replicator-doveadm { mode = 0600 } } ssl = no protocol lmtp { auth_socket_path = director-userdb }
Backend 1: # 2.2.7: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 auth_debug = yes auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no dotlock_use_excl = no doveadm_password = secret doveadm_port = 12345 dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u hostname = mb01.example.net listen = 10.5.29.211 log_path = /var/log/dovecot.log mail_debug = yes mail_fsync = always mail_gid = vmail mail_home = /var/mail/%d/%n mail_location = maildir:~/Maildir mail_plugins = quota notify replication mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spamverdacht { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX. separator = . type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_replica = tcp:10.5.29.212 quota = dict:User quota::file:%h/Maildir/dovecot-quota quota_rule2 = INBOX.Trash:ignore quota_warning = storage=90%% quota-warning 90 %u quota_warning2 = storage=75%% quota-warning 75 %u sieve = ~/.dovecot.sieve sieve_after = /usr/local/etc/dovecot/sieve/sieve_after.sieve sieve_default = /usr/local/etc/dovecot/sieve/default.sieve sieve_dir = ~/sieve } postmaster_address = postmaster@example.net protocols = imap pop3 lmtp sieve service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener auth-userdb { mode = 0666 user = vmail } } service doveadm { inet_listener { port = 12345 } } service lmtp { inet_listener lmtp { address = 10.5.29.211 port = 24 } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/etc/dovecot/quota_warning.sh unix_listener quota-warning { user = vmail } user = root } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl = no submission_host = mf01.example.net userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = quota notify replication sieve } protocol imap { mail_max_userip_connections = 30 mail_plugins = quota notify replication imap_quota }
Backend 2: # 2.2.7: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 auth_debug = yes auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no dotlock_use_excl = no doveadm_password = secret doveadm_port = 12345 dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u hostname = mb02.example.net listen = 10.5.29.212 log_path = /var/log/dovecot.log mail_debug = yes mail_fsync = always mail_gid = vmail mail_home = /var/mail/%d/%n mail_location = maildir:~/Maildir mail_plugins = quota notify replication mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spamverdacht { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = INBOX. separator = . type = private } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_replica = tcp:10.5.29.211 quota = dict:User quota::file:%h/Maildir/dovecot-quota quota_rule2 = INBOX.Trash:ignore quota_warning = storage=90%% quota-warning 90 %u quota_warning2 = storage=75%% quota-warning 75 %u sieve = ~/.dovecot.sieve sieve_after = /usr/local/etc/dovecot/sieve/sieve_after.sieve sieve_default = /usr/local/etc/dovecot/sieve/default.sieve sieve_dir = ~/sieve } postmaster_address = postmaster@example.net protocols = imap pop3 lmtp sieve service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener auth-userdb { mode = 0666 user = vmail } } service doveadm { inet_listener { port = 12345 } } service lmtp { inet_listener lmtp { address = 10.5.29.212 port = 24 } } service managesieve-login { inet_listener sieve { port = 4190 } } service quota-warning { executable = script /usr/local/etc/dovecot/quota_warning.sh unix_listener quota-warning { user = vmail } user = root } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 user = vmail } } ssl = no submission_host = mf01.example.net userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = quota notify replication sieve } protocol imap { mail_max_userip_connections = 30 mail_plugins = quota notify replication imap_quota }
Hi Patrick
the director does not check backends for availability. If one backend goes up or down, you need to instruct the director to add/remove this backend from its pool.
You might be looking for a script named "poolmon" which does exactly this.
Regards Daniel
Daniel Parthey schrieb:
Hi Patrick
the director does not check backends for availability. If one backend goes up or down, you need to instruct the director to add/remove this backend from its pool.
http://blog.dovecot.org/2012/02/dovecot-clustering-with-dsync-based.html says:
One possibility is to use Dovecot proxies, which know which servers are down. Instead of directing users to those servers, it would direct them to replica servers.
I know that proxy and director are two different things but I don't know how to configure my servers to get this redirection working.
Patrick
Hi Patrick,
do you want to use the proxy *without* the director? Then you would need to remove all director_... entries from your proxy config.
The proxy backend is controlled by passdb extra fields. Here is how to setup a proxy without the director:
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy
You need to keep the password database up-to-date and ensure to not return an unhealthy backend IP in the "host" extra field, since the knowledge of the proxy (as mentioned in the blog) is simply read from the passdb database. Database content needs to be maintained by external tools.
Regards Daniel
Daniel Parthey schrieb:
You need to keep the password database up-to-date and ensure to not return an unhealthy backend IP in the "host" extra field, since the knowledge of the proxy (as mentioned in the blog) is simply read from the passdb database. Database content needs to be maintained by external tools.
The blog says "One possibility is to use Dovecot proxies, which know which servers are down."
So why do I have to
On 10.11.2013, at 19.24, Patrick Westenberg pw@wk-serv.de wrote:
Daniel Parthey schrieb:
You need to keep the password database up-to-date and ensure to not return an unhealthy backend IP in the "host" extra field, since the knowledge of the proxy (as mentioned in the blog) is simply read from the passdb database. Database content needs to be maintained by external tools.
The blog says "One possibility is to use Dovecot proxies, which know which servers are down."
So why do I have to
The blog was telling the idea how things would work, not exactly whose responsibility it is to do every part of them. The Dovecot proxies will know which backend servers are down (but not without extra scripting).
Timo Sirainen schrieb:
The blog was telling the idea how things would work, not exactly whose responsibility it is to do every part of them. The Dovecot proxies will know which backend servers are down (but not without extra scripting).
So another ineffectual feature from Dovecot.
You should have limited yourself creating a good imap server instead of adding features and features which can only be used useful if you tinker around.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 10.11.2013 19:43, schrieb Patrick Westenberg:
Timo Sirainen schrieb:
The blog was telling the idea how things would work, not exactly whose responsibility it is to do every part of them. The Dovecot proxies will know which backend servers are down (but not without extra scripting).
So another ineffectual feature from Dovecot.
You should have limited yourself creating a good imap server instead of adding features and features which can only be used useful if you tinker around.
Hey Patrick, its open software why dont hack yourself , everyone would like to see things getting better
Best Regards MfG Robert Schetterer
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSf9VPAAoJEP8jBObu0LlEJq0IAKYAom5Y+qpcsqgJwMDHBHCj NNC03zZGjKD42ropwl2gcWVS/pbG8qlUKXaTMralCtjAd+qB/U4yOw9rRf9A6YsZ ERbv4YTUywbNNt5IeVhkmYoGfeijFOOWdlXhEYjQjnF8jsO5cMKINB+r+AB6gYMV 4vc6OcSH2343AGZBLtBm/nuJrOhDsgBsNUHm7pNxn6S+eyGDAjy4ey7i37NtRySE cGigM3eSwd5UYo7xPZffAVnwWy14TZE2KhGFIB+LZoS71mmzJhTFIvVz2OO2XRYs KZ6jNtTWJLX4fVOCEq199MsaE+9NIHiqP4rBqZahZsG8c+/wxShpdBs/RpSxykw= =fmlT -----END PGP SIGNATURE-----
On 10.11.2013, at 19.43, Patrick Westenberg pw@wk-serv.de wrote:
Timo Sirainen schrieb:
The blog was telling the idea how things would work, not exactly whose responsibility it is to do every part of them. The Dovecot proxies will know which backend servers are down (but not without extra scripting).
So another ineffectual feature from Dovecot.
You should have limited yourself creating a good imap server instead of adding features and features which can only be used useful if you tinker around.
Different installations want to use features in different ways. I can’t make everyone happy, so I try to keep everything as configurable as possible. Director + poolmon should work for what you want to do. I don’t see a problem with poolmon being a separate script. The company who initially paid for the director feature specifically didn’t want me to implement anything like poolmon, because they had their own and wanted to use it.
On 2013-11-10 1:43 PM, Patrick Westenberg pw@wk-serv.de wrote:
Timo Sirainen schrieb:
The blog was telling the idea how things would work, not exactly whose responsibility it is to do every part of them. The Dovecot proxies will know which backend servers are down (but not without extra scripting).
So another ineffectual feature from Dovecot.
Or, maybe just another irrelevant comment from an ineffectual mail admin wanna-be?
Seriously Patrick... you should consider adjusting your attitude. I for one am very grateful to Timo for dovecot, even for the features that I am not expert enough to make full or effective use of myself (yet)...
--
Best regards,
*/Charles/*
participants (6)
-
Benny Pedersen
-
Charles Marcus
-
Daniel Parthey
-
Patrick Westenberg
-
Robert Schetterer
-
Timo Sirainen