Hi,
There is a small typo in src/lib/network.c line 624
return "A non-recovable name server error occurred";
should be
return "A non-recoverable name server error occurred";
Sorry about the pedantry. BTW, I am getting this error whenever I am trying to resolve a name from inside dovecot, but I can using the system tools. I am trying to get the proxying code to use hostnames as well as IP addresses.
-Abhijit.
On 3.11.2007, at 7.54, Abhijit Hoskeri wrote:
There is a small typo in src/lib/network.c line 624
return "A non-recovable name server error occurred";
Fixed: http://hg.dovecot.org/dovecot-1.0/rev/90b7671c8f2e
Sorry about the pedantry. BTW, I am getting this error whenever I am trying to resolve a name from inside dovecot, but I can using the
system tools. I am trying to get the proxying code to use hostnames as
well as IP addresses.
The problem is most likely that login process is running chrooted.
login_chroot=no would help. Another way would be to do this in
dovecot-auth, but if it's done there it should be done asynchronously
(or in auth worker processes) and doing async dns lookups would
require some async dns library..
On Sat, Nov 03, 2007 at 12:15:31PM +0200, Timo Sirainen wrote:
The problem is most likely that login process is running chrooted.
login_chroot=no would help.
It does - thanks a lot, I had been struggling for hours!
Another way would be to do this in dovecot-auth, but if it's done there it should be done asynchronously (or in auth worker processes) and doing async dns lookups would require some async dns library..
Now, I think I understand why you had not done something like this already.
- Copying some files into the chroot may be one way...
- When you say auth-worker processes, do you mean I need to create a separate helper program just to do DNS lookups?
Let me try... :-)
There is one more thing I need to do - create a config variable/file which contains the list of 'host' values which refer to the local system - then we will be set.
-Abhijit
On Sat, 2007-11-03 at 17:25 +0530, Abhijit Hoskeri wrote:
Another way would be to do this in dovecot-auth, but if it's done there it should be done asynchronously (or in auth worker processes) and doing async dns lookups would require some async dns library..
Now, I think I understand why you had not done something like this already.
I hadn't actually even thought this far. My main concern was that the DNS lookups are synchronous without a separate library.
- When you say auth-worker processes, do you mean I need to create a separate helper program just to do DNS lookups?
No, I mean some passdbs in Dovecot are already set with blocking=TRUE flag, in which case Dovecot uses separate "dovecot-auth -w" processes to handle them.
But if you're looking up hosts only from files, or if you assume that your DNS lookups are really fast always, you can just ignore this.
On Sat, Nov 03, 2007 at 11:22:43PM +0200, Timo Sirainen wrote:
On Sat, 2007-11-03 at 17:25 +0530, Abhijit Hoskeri wrote: I hadn't actually even thought this far. My main concern was that the DNS lookups are synchronous without a separate library.
- When you say auth-worker processes, do you mean I need to create a separate helper program just to do DNS lookups?
No, I mean some passdbs in Dovecot are already set with blocking=TRUE flag, in which case Dovecot uses separate "dovecot-auth -w" processes to handle them.
This is what I have come up with: (attached) proxy-host.diff Also there at : http://deeproot.in/~abhijit/proxy-host.diff
It works for me, after a little testing. Hope I have done it at the right place.
-Abhijit
On Tue, 2007-11-06 at 17:25 +0530, Abhijit Hoskeri wrote:
This is what I have come up with: (attached) proxy-host.diff Also there at : http://deeproot.in/~abhijit/proxy-host.diff
It works for me, after a little testing. Hope I have done it at the right place.
i_fatal("resolve_maybe: Can't resolve addresshost, net_gethosterror(ret));
i_fatal() exits the process. You probably want to use i_error() instead.
On Sat, Nov 10, 2007 at 07:56:43PM +0200, Timo Sirainen wrote:
i_fatal() exits the process. You probably want to use i_error() instead.
Thanks a lot. I have fixed this. I have two more questions:
How do I know whether the userdb/passdb is running with blocking=yes or not?
What are your plans on putting something like this in the Dovecot trunk/HEAD, along with your dont-proxy-on-ips-i-listen-on patch you had posted some time back? I don't much like the idea of maintaining my own version of Dovecot!
Thanks for everything,
-Abhijit
On Mon, 2007-11-12 at 11:49 +0530, Abhijit Hoskeri wrote:
On Sat, Nov 10, 2007 at 07:56:43PM +0200, Timo Sirainen wrote:
i_fatal() exits the process. You probably want to use i_error() instead.
Thanks a lot. I have fixed this. I have two more questions:
- How do I know whether the userdb/passdb is running with blocking=yes or not?
There's a global "bool worker" variable. If it's TRUE, you're running in auth worker process (blocking=yes is set), otherwise not. But not all passdbs support blocking=yes at all.
- What are your plans on putting something like this in the Dovecot trunk/HEAD, along with your dont-proxy-on-ips-i-listen-on patch you had posted some time back? I don't much like the idea of maintaining my own version of Dovecot!
The dont-proxy-my-own-ips patch is already committed, but it only fixes the infinite looping and not letting user log in normally (I think?).
These aren't very high on my TODO list right now, so I don't really have plans..
participants (2)
-
Abhijit Hoskeri
-
Timo Sirainen