[Dovecot] Dovecot Proxy with MySQL auth
We are looking at deploying several pop/imap servers to house the mail for 15,000 or more mailbox accounts. We are contemplating on the design and are looking at using MySQL auth (we already have a MySQL environment in place for our user auth to live) and proxy_maybe so each server can proxy for all the others and we just have a network load balancer distribute the incoming connections to all of the Dovecot servers. Each server would have its own local maildir storage for the users local to that server and all of the authentication and target backend pop/imap server data would be stored in the same MySQL database. The problem we are running into is the documentation is not very clear on this type of scenario.
http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
At the bottom of this page it gives a query example of "SELECT NULL AS password, ." but that does not seem to allow for us to use the proxy_maybe if the destination server is localhost (and therefore do not proxy) it does not seem that the above query will actually send the real password for authentication. Is this a misunderstanding on our part or is the use of mysql auth + proxy_maybe not feasible? Assuming the latter we surmised using a separate instance of Dovecot on each machine to act solely as a proxy front end (use proxy instead of proxy_maybe) then on the second instance there is no proxy config and it listens on a separate TCP port like 80143 or whatever.
Any input or suggestions would be appreciated.
Justin Krejci
I get the feeling not many people are using Dovecot proxy with MySQL auth. Is there anyone who has done this before? We might end up going with something like NGINX for the proxy instead if we cannot figure out if and how this should work for our type of scenario but it would be nice if we could go with fewer components.
-----Original Message----- From: dovecot-bounces+jkrejci=usinternet.com@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet.com@dovecot.org] On Behalf Of Justin Krejci Sent: Wednesday, November 26, 2008 11:57 AM To: 'Dovecot Mailing List' Subject: [Dovecot] Dovecot Proxy with MySQL auth
We are looking at deploying several pop/imap servers to house the mail for 15,000 or more mailbox accounts. We are contemplating on the design and are looking at using MySQL auth (we already have a MySQL environment in place for our user auth to live) and proxy_maybe so each server can proxy for all the others and we just have a network load balancer distribute the incoming connections to all of the Dovecot servers. Each server would have its own local maildir storage for the users local to that server and all of the authentication and target backend pop/imap server data would be stored in the same MySQL database. The problem we are running into is the documentation is not very clear on this type of scenario.
http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
At the bottom of this page it gives a query example of "SELECT NULL AS password, ." but that does not seem to allow for us to use the proxy_maybe if the destination server is localhost (and therefore do not proxy) it does not seem that the above query will actually send the real password for authentication. Is this a misunderstanding on our part or is the use of mysql auth + proxy_maybe not feasible? Assuming the latter we surmised using a separate instance of Dovecot on each machine to act solely as a proxy front end (use proxy instead of proxy_maybe) then on the second instance there is no proxy config and it listens on a separate TCP port like 80143 or whatever.
Any input or suggestions would be appreciated.
Justin Krejci
On Wed, 2008-11-26 at 11:56 -0600, Justin Krejci wrote:
http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
At the bottom of this page it gives a query example of "SELECT NULL AS password, ." but that does not seem to allow for us to use the proxy_maybe
Right. The example is for a proxy-only server that doesn't know the users' passwords. I added just now another example there that shows how to use proxy_maybe. It's untested though, so please let me know if it doesn't work.
The info is appreciated, thanks for the update! We will try it out and respond with feedback.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Saturday, November 29, 2008 7:49 PM To: Justin Krejci Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] Dovecot Proxy with MySQL auth
On Wed, 2008-11-26 at 11:56 -0600, Justin Krejci wrote:
http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
At the bottom of this page it gives a query example of "SELECT NULL AS password, ." but that does not seem to allow for us to use the proxy_maybe
Right. The example is for a proxy-only server that doesn't know the users' passwords. I added just now another example there that shows how to use proxy_maybe. It's untested though, so please let me know if it doesn't work.
The proxy_maybe is working well for us with MySQL auth. We have a much more complicated SQL query as we are doing a lot more but the example was able to get us the correct Dovecot specific portion working.
Thanks for the info we are starting to migrate users over to Dovecot now that we put these proxy_maybe servers in front of our legacy pop/imap server.
-----Original Message----- From: dovecot-bounces+jkrejci=usinternet.com@dovecot.org [mailto:dovecot-bounces+jkrejci=usinternet.com@dovecot.org] On Behalf Of Justin Krejci Sent: Sunday, November 30, 2008 1:50 AM To: 'Timo Sirainen' Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] Dovecot Proxy with MySQL auth
The info is appreciated, thanks for the update! We will try it out and respond with feedback.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Saturday, November 29, 2008 7:49 PM To: Justin Krejci Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] Dovecot Proxy with MySQL auth
On Wed, 2008-11-26 at 11:56 -0600, Justin Krejci wrote:
http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy
At the bottom of this page it gives a query example of "SELECT NULL AS password, ." but that does not seem to allow for us to use the proxy_maybe
Right. The example is for a proxy-only server that doesn't know the users' passwords. I added just now another example there that shows how to use proxy_maybe. It's untested though, so please let me know if it doesn't work.
participants (2)
-
Justin Krejci
-
Timo Sirainen