service doveadm - how to debug proxying with director
Hello everyone,
I'm on a small dovecot director -> dovecot mailbox setup and I try to get doveadm command proxying to work. Though I don't get the expected output. My directors do not forward the doveadm commands to the expected backend host. Doveadm is working as expected on the backend hosts, the director hosts just dont log anything about the proxying that should happen or anything else about the doveadm commands at all.
Can someone guide me in a direction on what to try next or maybe got a working config regarding doveadm proxying? Thanks in advance!
Some technical data regarding my problem:
Dovecot Version: 2.3.10 (0da0eff44)
Output of a 'doveadm director status' command: mail server ip tag vhosts state state changed users 10.0.0.81 tag1 100 up - 0 10.0.0.82 tag1 100 up - 1
Output of a 'doveadm director ring status' command: director ip port type last failed status ping ms input output buffered buffered peak last read last write 10.0.0.193 9090 self never ring synced 5 - - - - - - 10.0.0.194 9090 right never synced 0 2051 6400 0 757 2020-05-28 09:56:37 2020-05-28 09:56:37 10.0.0.195 9090 left never synced 0 4929 1804 0 37 2020-05-28 09:56:37 2020-05-28 09:56:37
This is my dovecot-director hosts configuration (doveadm related part): service doveadm { inet_listener { # any port you want to use for this: port = 24245 } }
local 0.0.0.0 { # password to use for client authentication doveadm_password = secret # allow client to only use specified list of commands (default is all): #doveadm_allowed_commands = }
# same port as doveadm's inet_listener doveadm_port = 24245
protocol doveadm { # NOTE: director-userdb socket is actually used only for passdb lookups, not userdb lookups auth_socket_path = director-userdb }
And here the dovecot-backend hosts configuration (doveadm related part): ### director conf service doveadm { inet_listener { # any port you want to use for this: port = 24245 } }
local 0.0.0.0 { # password to use for client authentication doveadm_password = secret # allow client to only use specified list of commands (default is all): #doveadm_allowed_commands = }
A 'doveadm user -u test@test.com' command on the backend host: userdb: test@test.com user : test@test.com home : /var/spool/imap/test@test.com quota : maildir:User quota quota_rule: *:storage=1048576:messages=153000
A 'doveadm user -u test@test.com' command on the director host: userdb: test@test.com user : test@test.com
On 28. May 2020, at 11.12, patosec <patosec@freedaten.at> wrote:
A 'doveadm user -u test@test.com' command on the backend host: userdb: test@test.com user : test@test.com home : /var/spool/imap/test@test.com quota : maildir:User quota quota_rule: *:storage=1048576:messages=153000
A 'doveadm user -u test@test.com' command on the director host: userdb: test@test.com user : test@test.com
doveadm user is executed locally as director has its own userdb. try doveadm mailbox list -u <uid>
Sami
Am 5/28/2020 um 10:22 AM schrieb Sami Ketola:
On 28. May 2020, at 11.12, patosec <patosec@freedaten.at> wrote:
A 'doveadm user -u test@test.com' command on the backend host: userdb: test@test.com user : test@test.com home : /var/spool/imap/test@test.com quota : maildir:User quota quota_rule: *:storage=1048576:messages=153000
A 'doveadm user -u test@test.com' command on the director host: userdb: test@test.com user : test@test.com
doveadm user is executed locally as director has its own userdb. try doveadm mailbox list -u <uid>
Sami
Thanks alot! That brought me into the right direction, with "doveadm mailbox list -u <uid>" I got an usefull error message! somehow doveadm_password ist not working that way: local 0.0.0.0 { doveadm_password = secret }
I had to set it without the local x.x.x.x part, now it works :) I though will investigate this further, if this ip limitation with local is not working I need to setup iptables to restrict the access, but I don't really want to go this direction.
Thanks!
Am 5/28/2020 um 11:05 AM schrieb patosec:
Thanks alot! That brought me into the right direction, with "doveadm mailbox list -u <uid>" I got an usefull error message! somehow doveadm_password ist not working that way: local 0.0.0.0 { doveadm_password = secret }
I had to set it without the local x.x.x.x part, now it works :) I though will investigate this further, if this ip limitation with local is not working I need to setup iptables to restrict the access, but I don't really want to go this direction.
Thanks!
Okay I got it now "local" needs to be replaced by "remote" for this ip restriction setting to work. remote 0.0.0.0 { doveadm_password = secret }
participants (2)
-
patosec
-
Sami Ketola