dovecot-proxy with managesieve, director and backend dovecot imap

George Vieira george.vieira at netregistry.com.au
Wed May 6 04:06:52 UTC 2015


hi all,

I've been tasked to add sieve/managesieve to an existing dovecot cluster 
running 2.1.7 on debian wheezy which is made up of 2 dovecot-proxy hosts 
as directors and some back end dovecot imap hosts all running the same 
version.

My problem is that I thought to put the service on the director/proxy 
hosts since they wouldn't have too much load on it, but when I do I get 
the following error:

Apr 28 11:00:28 master: Info: Dovecot v2.1.7 starting up (core dumps 
disabled)
Apr 28 11:00:28 config: Warning: service auth { client_limit=50000 } is 
lower than required under max. load (60000)
Apr 28 11:00:34 managesieve-login: Error: proxy: host not given: 
user=<mailchannel at mydomain.net>, method=PLAIN, rip=192.168.100.207, 
lip=192.168.100.119, TLS, session=<3/zPY74UOgDAqGTP>
Apr 28 11:00:34 managesieve-login: Info: Aborted login (internal 
failure, 1 succesful auths): user=<mailchannel at mydomain.net>, 
method=PLAIN, rip=192.168.100.207, lip=192.168.100.119, TLS, 
session=<3/zPY74UOgDAqGTP>

 From searching around, only ever saw 1 result which was to add 
"executable =  managesieve-login director" to the managesieve service, 
but this made no difference at all and the error is the same.

So I tried to instead use the back end imap servers, but they throw 
errors expecting the users password to be the common proxy/director 
password as below:
passdb {
    driver = static
    args = user=%u password=crypticpasswordagain
}

Apr 28 12:03:37 auth: Debug: 
static(mailchannel at mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): lookup
Apr 28 12:03:37 auth: Info: 
static(mailchannel at mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): 
Password mismatch
Apr 28 12:03:37 auth: Debug: 
static(mailchannel at mydomain.net,192.168.100.207,<17RTRb8UpADAqGTP>): 
PLAIN(85387v92394jks) != 'crypticpasswordagain'
Apr 28 12:03:39 auth: Debug: client out: FAIL   1 
user=mailchannel at mydomain.net

So with configs below, how is it best to run managesieve that takes the 
correct login/password without directing to the cluster (or direct if 
it's easier but must use real user password)?

-- dovecot proxy config --

# dovecot version 2.1.7

instance_name        = dovecot-proxy
protocols            = imap pop3 lmtp sieve
mail_location        = maildir:~/
#listen            = 192.168.101.119
listen            = 0.0.0.0
#            = dovecot-proxy-1
director_servers    = 192.168.101.119
#            = dovecot-shared-7
director_mail_servers    = 192.168.100.101
base_dir        = /var/run/dovecot-proxy
login_greeting        = Welcome to IMAP.
default_internal_user    = webmail

lmtp_proxy = yes

disable_plaintext_auth = no

auth_mechanisms = plain login cram-md5

auth_verbose=yes
auth_debug=yes
auth_debug_passwords=yes
mail_debug=yes
verbose_ssl=yes
auth_verbose_passwords=no

#log_path = syslog
log_path = /var/log/dovecot.log

default_process_limit = 10000
default_client_limit = 50000

ssl = no
ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem

director_user_expire = 15 min

doveadm_proxy_port = 9292
doveadm_password = somecrypticpassword

auth_worker_max_count = 90

passdb {
   driver = ldap
   args = /etc/dovecot/dovecot-proxy-ldap.conf.ext
}

passdb {
     driver = checkpassword
     args = /etc/dovecot/checkpassword_migration.py
}

userdb {
     driver = prefetch
}

userdb {
   driver = ldap
   args = /etc/dovecot/dovecot-ldap.conf.ext
}

service director {
   unix_listener login/director {
     mode = 0666
   }
   fifo_listener login/proxy-notify {
     mode = 0666
   }
   unix_listener director-userdb {
     mode = 0600
   }
   inet_listener {
     port = 9191
   }
}

service imap-login {
   process_min_avail = 2
   service_count = 0
   executable = imap-login director
   inet_listener imap {
   port = 143
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
}

service pop3-login {
   process_min_avail = 2
   service_count = 0
   executable = pop3-login director
   inet_listener pop3 {
     port = 110
   }
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
}

service imap {
   process_min_avail = 2
   process_limit = 0
   service_count = 0
}

service pop3 {
   process_min_avail = 2
   process_limit = 0
   service_count = 0
}

service lmtp {
   inet_listener lmtp {
     port = 24
   }
}

service auth {
   client_limit=65000
   inet_listener {
     port = 5451
   }
}

service auth-worker {
   user = webmail
}

service doveadm {
   inet_listener {
     port = 9292
   }
}

protocol imap {
   mail_max_userip_connections = 10
}

protocol pop3 {
   mail_max_userip_connections = 10
}

protocol lmtp {
   auth_socket_path = director-userdb
   passdb {
     driver = ldap
     args = /etc/dovecot/dovecot-proxy-ldap.conf.ext
   }
}

protocol doveadm {
   auth_socket_path = director-userdb
}

plugin {
   # Used by both the Sieve plugin and the ManageSieve protocol
   sieve = file:~/sieve;active=~/.dovecot.sieve
}


-- dovecot backend config --


# dovecot version 2.1.7

protocols = imap pop3 lmtp #sieve
# OLDTEMP listen = 192.168.100.95
listen = 192.168.100.101

mail_location =  maildir:~/

namespace {
   prefix = INBOX.
   separator = .
   inbox = yes
}

base_dir = /var/run/dovecot/
login_greeting = Dovecot ready.
default_login_user = dovenull
default_internal_user = webmail
mail_access_groups = mail

postmaster_address = postmaster at mydomain.net

disable_plaintext_auth = no
auth_mechanisms = plain login

auth_verbose=yes
auth_debug=yes
auth_debug_passwords=yes
mail_debug=yes
verbose_ssl=yes
auth_verbose_passwords=no

#log_path = syslog
log_path = /var/log/dovecot.log

default_process_limit = 10000
default_client_limit = 50000

mmap_disable = yes
mail_fsync = always
mail_nfs_storage = no
mail_nfs_index = no

#mail_plugin_dir = /usr/lib/dovecot
mail_plugin_dir = /usr/lib/dovecot/modules
# OLDTEMP mail_plugins = $mail_plugins quota fts fts_lucene
mail_plugins = $mail_plugins  quota fts fts_squat sieve

ssl = no
# OLDTEMP ssl_cert = </usr/local/dovecot/ssl/dovecot.pem
# OLDTEMP ssl_key = </usr/local/dovecot/ssl/dovecot.pem
ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key  = </etc/ssl/private/dovecot.pem

doveadm_password = somecrypticpassword

userdb {
   driver = ldap
   # OLDTEMP args = /usr/local/dovecot/etc/dovecot/dovecot-ldap.conf.ext
   args = /etc/dovecot/dovecot-ldap.conf.ext
}

passdb {
    driver = static
    args = user=%u password=crypticpasswordagain
}

service imap-login {
   process_min_avail = 2
   service_count = 0
   inet_listener imap {
   port = 143
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
}

service pop3-login {
   process_min_avail = 2
   service_count = 0
   inet_listener pop3 {
     port = 110
   }
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
}

service imap {
   process_min_avail = 2
   process_limit = 0
   executable = imap #imap-postlogin
   vsz_limit = 384M
}

service pop3 {
   process_min_avail = 2
   process_limit = 0
   executable = pop3 #pop3-postlogin
   vsz_limit = 384M
}

service lmtp {
   inet_listener lmtp {
     port = 24
   }
   vsz_limit = 384M
}

service doveadm {
   inet_listener {
     port = 9292
   }
}

service director {
   unix_listener director-admin {
     mode = 0
   }
}

service quota-warning {
   executable = script /etc/dovecot/quota-warning.sh
   unix_listener quota-warning {
   user = webmail
   }
}

protocol imap {
   mail_plugins = $mail_plugins quota imap_quota
   mail_max_userip_connections = 10
}

protocol pop3 {
   mail_max_userip_connections = 10
}

plugin {
   fts = fts_squat
   fts_squat = partial=4 full=10
#  fts_lucene = whitespace_chars=@.
   quota = maildir:User quota
   quota_warning = storage=75%% quota-warning 75 %u
   quota_warning2 = storage=95%% quota-warning 95 %u
}

-- managesieve config --

service managesieve-login {
   executable =  managesieve-login director
   service_count = 0
   process_min_avail = 0
   vsz_limit = 64M
}

service managesieve {
   process_count = 100
}

# Service configuration

protocol sieve {
   managesieve_max_line_length = 32768
   executable =  managesieve-login director
   mail_max_userip_connections = 5
   managesieve_max_compile_errors = 5
}



More information about the dovecot mailing list